Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
xd.x86_64.elf

Overview

General Information

Sample name:xd.x86_64.elf
Analysis ID:1655049
MD5:da30210d545e603e163bac22726ed65d
SHA1:9a2ce28ed93ee41f6f74808400c1e984a681c22b
SHA256:4f728779fcd8935e6538a0496a5d9a925d704ef674c1492a448190757e1a640e
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:88
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
HTTP GET or POST without a user agent
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655049
Start date and time:2025-04-02 22:22:15 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 51s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.x86_64.elf
Detection:MAL
Classification:mal88.spre.troj.evad.linELF@0/3@3/0
  • Connection to analysis system has been lost, crash info: Unknown
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 6265, Parent: 1)
  • journalctl (PID: 6265, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 6283, Parent: 1)
  • systemd New Fork (PID: 6285, Parent: 1)
  • systemd New Fork (PID: 6286, Parent: 1)
  • systemd New Fork (PID: 6287, Parent: 1)
  • systemd New Fork (PID: 6288, Parent: 1)
  • systemd New Fork (PID: 6314, Parent: 1)
  • systemd New Fork (PID: 6317, Parent: 1)
  • gdm3 New Fork (PID: 6322, Parent: 1320)
  • Default (PID: 6322, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6328, Parent: 1)
  • systemd New Fork (PID: 6331, Parent: 1)
  • systemd New Fork (PID: 6332, Parent: 1)
  • systemd New Fork (PID: 6333, Parent: 1)
  • gdm3 New Fork (PID: 6334, Parent: 1320)
  • Default (PID: 6334, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6335, Parent: 1320)
  • Default (PID: 6335, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6336, Parent: 1860)
  • pulseaudio (PID: 6336, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 6339, Parent: 1)
  • systemd New Fork (PID: 6342, Parent: 1)
  • systemd New Fork (PID: 6345, Parent: 1)
  • systemd New Fork (PID: 6346, Parent: 1)
  • systemd New Fork (PID: 6347, Parent: 1)
  • fusermount (PID: 6348, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • dash New Fork (PID: 6353, Parent: 4331)
  • rm (PID: 6353, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcB
  • dash New Fork (PID: 6354, Parent: 4331)
  • rm (PID: 6354, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcB
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6255.1.0000000000400000.0000000000411000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    6255.1.0000000000400000.0000000000411000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6255.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xed28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xed3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xed50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xed64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xed78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xed8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xeda0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xedb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xedc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xeddc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xedf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xee90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xeea4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xeeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6255.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0xc268:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      6255.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0xca57:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      Click to see the 83 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • AV Detection
      • Bitcoin Miner
      • Networking
      • System Summary
      • Data Obfuscation
      • Persistence and Installation Behavior
      • Hooking and other Techniques for Hiding and Protection
      • Malware Analysis System Evasion
      • Stealing of Sensitive Information
      • Remote Access Functionality

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: xd.x86_64.elfReversingLabs: Detection: 44%
      Source: xd.x86_64.elfVirustotal: Detection: 40%Perma Link
      Source: /usr/bin/pulseaudio (PID: 6336)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: global trafficTCP traffic: 192.168.2.23:60540 -> 213.209.129.92:7887
      Source: global trafficHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:23Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:0Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:80Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:81Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:8443Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)Socket: 0.0.0.0:9009Jump to behavior
      Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
      Source: unknownTCP traffic detected without corresponding DNS query: 47.74.245.4
      Source: unknownTCP traffic detected without corresponding DNS query: 169.65.254.4
      Source: unknownTCP traffic detected without corresponding DNS query: 98.156.56.4
      Source: unknownTCP traffic detected without corresponding DNS query: 159.83.115.254
      Source: unknownTCP traffic detected without corresponding DNS query: 222.153.227.124
      Source: unknownTCP traffic detected without corresponding DNS query: 113.126.186.102
      Source: unknownTCP traffic detected without corresponding DNS query: 211.217.205.48
      Source: unknownTCP traffic detected without corresponding DNS query: 197.211.47.179
      Source: unknownTCP traffic detected without corresponding DNS query: 66.79.107.46
      Source: unknownTCP traffic detected without corresponding DNS query: 20.109.185.224
      Source: unknownTCP traffic detected without corresponding DNS query: 152.174.136.39
      Source: unknownTCP traffic detected without corresponding DNS query: 31.72.54.88
      Source: unknownTCP traffic detected without corresponding DNS query: 223.211.252.187
      Source: unknownTCP traffic detected without corresponding DNS query: 36.184.241.75
      Source: unknownTCP traffic detected without corresponding DNS query: 177.24.242.225
      Source: unknownTCP traffic detected without corresponding DNS query: 19.122.3.137
      Source: unknownTCP traffic detected without corresponding DNS query: 147.61.104.40
      Source: unknownTCP traffic detected without corresponding DNS query: 221.150.20.20
      Source: unknownTCP traffic detected without corresponding DNS query: 185.221.153.116
      Source: unknownTCP traffic detected without corresponding DNS query: 183.226.82.233
      Source: unknownTCP traffic detected without corresponding DNS query: 59.113.204.131
      Source: unknownTCP traffic detected without corresponding DNS query: 1.247.200.215
      Source: unknownTCP traffic detected without corresponding DNS query: 98.166.19.192
      Source: unknownTCP traffic detected without corresponding DNS query: 4.206.55.32
      Source: unknownTCP traffic detected without corresponding DNS query: 243.111.219.72
      Source: unknownTCP traffic detected without corresponding DNS query: 197.168.5.245
      Source: unknownTCP traffic detected without corresponding DNS query: 98.80.139.237
      Source: unknownTCP traffic detected without corresponding DNS query: 219.9.109.71
      Source: unknownTCP traffic detected without corresponding DNS query: 12.101.87.13
      Source: unknownTCP traffic detected without corresponding DNS query: 14.228.33.68
      Source: unknownTCP traffic detected without corresponding DNS query: 183.206.90.166
      Source: unknownTCP traffic detected without corresponding DNS query: 114.96.115.98
      Source: unknownTCP traffic detected without corresponding DNS query: 101.75.48.100
      Source: unknownTCP traffic detected without corresponding DNS query: 187.60.85.75
      Source: unknownTCP traffic detected without corresponding DNS query: 243.150.52.182
      Source: unknownTCP traffic detected without corresponding DNS query: 174.28.2.239
      Source: unknownTCP traffic detected without corresponding DNS query: 117.66.139.247
      Source: unknownTCP traffic detected without corresponding DNS query: 17.182.12.243
      Source: unknownTCP traffic detected without corresponding DNS query: 189.214.238.199
      Source: unknownTCP traffic detected without corresponding DNS query: 179.117.62.115
      Source: unknownTCP traffic detected without corresponding DNS query: 71.182.67.197
      Source: unknownTCP traffic detected without corresponding DNS query: 117.82.198.166
      Source: unknownTCP traffic detected without corresponding DNS query: 125.69.202.61
      Source: unknownTCP traffic detected without corresponding DNS query: 186.4.103.114
      Source: unknownTCP traffic detected without corresponding DNS query: 205.151.7.109
      Source: unknownTCP traffic detected without corresponding DNS query: 4.91.14.104
      Source: unknownTCP traffic detected without corresponding DNS query: 220.168.243.163
      Source: unknownTCP traffic detected without corresponding DNS query: 197.168.197.123
      Source: unknownTCP traffic detected without corresponding DNS query: 13.145.171.235
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: unknownHTTP traffic detected: POST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1Host: daisy.ubuntu.comAccept: */*Content-Type: application/octet-streamX-Whoopsie-Version: 0.2.69ubuntu0.3Content-Length: 164887Expect: 100-continue
      Source: xd.x86_64.elfString found in binary or memory: http://upx.sf.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53082
      Source: unknownNetwork traffic detected: HTTP traffic on port 39256 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 53082 -> 443

      System Summary

      barindex
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 788, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 789, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 2009, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6085, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6234, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6330, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6336, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6256)SIGKILL sent: pid: -6256, result: unknownJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x100000
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 936, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 491, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 658, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 720, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 721, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 759, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 761, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 772, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 774, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 777, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 785, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 788, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 789, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 793, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 797, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1320, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1334, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1335, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1344, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1872, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 1886, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 2009, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 2048, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6085, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6234, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6330, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)SIGKILL sent: pid: 6336, result: successfulJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6256)SIGKILL sent: pid: -6256, result: unknownJump to behavior
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal88.spre.troj.evad.linELF@0/3@3/0

      Data Obfuscation

      barindex
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

      Persistence and Installation Behavior

      barindex
      Source: /bin/fusermount (PID: 6348)File: /proc/6348/mountsJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6197/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4331/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1582/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2033/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/3088/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/670/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2746/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4727/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/793/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1579/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1612/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/674/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/796/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/796/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/675/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1532/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1576/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2302/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/676/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/797/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/677/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/799/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/799/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/910/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4444/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4521/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4445/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/912/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/912/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4446/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/759/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/517/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2749/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2307/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/918/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/918/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1594/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2285/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2281/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1349/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/761/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/884/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/884/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1389/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2038/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/720/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1465/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1586/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/721/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1463/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/800/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/800/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/801/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/801/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/847/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/847/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6254/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4430/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/3021/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/491/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2294/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/772/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2128/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1599/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/774/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1477/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/654/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/896/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1476/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/655/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1475/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2289/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/777/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/656/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2761/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2882/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/657/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/658/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6204/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/936/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/419/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6209/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6329/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2208/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2180/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4443/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1494/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/6381/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1601/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/420/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2018/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1489/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/785/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/2014/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/667/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/788/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/789/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/904/fdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/904/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/1207/exeJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File opened: /proc/4517/exeJump to behavior
      Source: /usr/bin/dash (PID: 6353)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcBJump to behavior
      Source: /usr/bin/dash (PID: 6354)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcBJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: /tmp/xd.x86_64.elf (PID: 6254)File: /usr/sbin/gdm3Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File: /usr/lib/systemd/systemdJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File: /usr/bin/dashJump to behavior
      Source: /tmp/xd.x86_64.elf (PID: 6254)File: /usr/bin/pulseaudioJump to behavior
      Source: xd.x86_64.elfSubmission file: segment LOAD with 7.9483 entropy (max. 8.0)
      Source: /usr/bin/pulseaudio (PID: 6336)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pulseaudio (PID: 6336)Queries kernel information via 'uname': Jump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 6255.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6256.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6253.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6257.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6258.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6259.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: xd.x86_64.elf PID: 6259, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		1
      Security Software Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
      File Deletion      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655049 Sample: xd.x86_64.elf Startdate: 02/04/2025 Architecture: LINUX Score: 88 30 197.211.47.179, 23 globacom-asNG Nigeria 2->30 32 209.219.206.166, 23 WINDSTREAMUS United States 2->32 34 99 other IPs or domains 2->34 40 Malicious sample detected (through community Yara rule) 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected Mirai 2->44 46 Sample is packed with UPX 2->46 8 xd.x86_64.elf 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 systemd journalctl 2->13         started        15 28 other processes 2->15 signatures3 process4 signatures5 17 xd.x86_64.elf 8->17         started        20 xd.x86_64.elf 8->20         started        22 xd.x86_64.elf 8->22         started        48 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->48 process6 signatures7 36 Sample tries to kill multiple processes (SIGKILL) 17->36 38 Sample deletes itself 17->38 24 xd.x86_64.elf 20->24         started        26 xd.x86_64.elf 20->26         started        28 xd.x86_64.elf 20->28         started        process8

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      xd.x86_64.elf44%ReversingLabsLinux.Backdoor.Mirai
      xd.x86_64.elf41%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.24
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://daisy.ubuntu.com/9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9efalse
          		high
          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netxd.x86_64.elffalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            152.174.136.39
            		unknownChile
            		7418TELEFONICACHILESACLfalse
            98.166.19.192
            		unknownUnited States
            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
            12.101.87.13
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            24.194.232.236
            		unknownUnited States
            		11351TWC-11351-NORTHEASTUSfalse
            207.96.68.177
            		unknownUnited States
            		6079RCN-ASUSfalse
            187.60.85.75
            		unknownBrazil
            		28220CABOSERVICOSDETELECOMUNICACOESLTDABRfalse
            124.255.249.23
            		unknownJapan4686BEKKOAMEBEKKOAMEINTERNETINCJPfalse
            114.96.115.98
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            191.50.84.166
            		unknownBrazil
            		26615TIMSABRfalse
            71.51.242.235
            		unknownUnited States
            		18494CENTURYLINK-LEGACY-EMBARQ-WRBGUSfalse
            91.91.205.110
            		unknownFrance
            		35238CONNEXIA-ASFRfalse
            254.251.234.175
            		unknownReserved
            		unknownunknownfalse
            92.174.92.247
            		unknownFrance
            		3215FranceTelecom-OrangeFRfalse
            243.150.52.182
            		unknownReserved
            		unknownunknownfalse
            43.136.94.98
            		unknownJapan4249LILLY-ASUSfalse
            91.189.91.42
            		unknownUnited Kingdom
            		41231CANONICAL-ASGBfalse
            122.3.58.44
            		unknownPhilippines
            		9299IPG-AS-APPhilippineLongDistanceTelephoneCompanyPHfalse
            136.252.64.192
            		unknownUnited States
            		10255SINISTERUSfalse
            98.156.56.4
            		unknownUnited States
            		11427TWC-11427-TEXASUSfalse
            17.182.12.243
            		unknownUnited States
            		714APPLE-ENGINEERINGUSfalse
            141.32.134.40
            		unknownGermany
            		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
            120.52.249.6
            		unknownChina
            		133119UNICOM-CNChinaUnicomIPnetworkCNfalse
            104.208.116.237
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            59.113.204.131
            		unknownTaiwan; Republic of China (ROC)
            		3462HINETDataCommunicationBusinessGroupTWfalse
            183.206.90.166
            		unknownChina
            		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
            4.206.55.32
            		unknownUnited States
            		3356LEVEL3USfalse
            211.217.205.48
            		unknownKorea Republic of
            		45362TRUSTONASSET-AS-KRTRUSTONASSETKRfalse
            221.150.20.20
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            8.42.167.17
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            70.223.132.6
            		unknownUnited States
            		22394CELLCOUSfalse
            158.212.171.14
            		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
            117.82.198.166
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            101.35.245.2
            		unknownChina
            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
            115.148.177.190
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            151.37.120.12
            		unknownItaly
            		1267ASN-WINDTREIUNETEUfalse
            90.120.34.196
            		unknownFrance
            		3215FranceTelecom-OrangeFRfalse
            222.153.227.124
            		unknownNew Zealand
            		4771SPARKNZSparkNewZealandTradingLtdNZfalse
            100.236.74.215
            		unknownUnited States
            		21928T-MOBILE-AS21928USfalse
            113.126.186.102
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            44.236.41.247
            		unknownUnited States
            		16509AMAZON-02USfalse
            14.228.33.68
            		unknownViet Nam
            		45899VNPT-AS-VNVNPTCorpVNfalse
            217.204.74.148
            		unknownUnited Kingdom
            		4589EASYNETEasynetGlobalServicesEUfalse
            114.39.175.17
            		unknownTaiwan; Republic of China (ROC)
            		3462HINETDataCommunicationBusinessGroupTWfalse
            20.149.113.117
            		unknownUnited States
            		4237CSC-IGN-FTWUSfalse
            119.204.98.215
            		unknownKorea Republic of
            		4766KIXS-AS-KRKoreaTelecomKRfalse
            34.249.145.219
            		unknownUnited States
            		16509AMAZON-02USfalse
            13.145.171.235
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            241.71.4.66
            		unknownReserved
            		unknownunknownfalse
            209.219.206.166
            		unknownUnited States
            		7029WINDSTREAMUSfalse
            12.179.225.205
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            117.66.139.247
            		unknownChina
            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
            19.122.3.137
            		unknownUnited States
            		3MIT-GATEWAYSUSfalse
            104.183.102.201
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            194.104.25.140
            		unknownNetherlands
            		1136KPNKPNNationalEUfalse
            190.186.190.158
            		unknownBolivia
            		25620COTASLTDABOfalse
            130.38.204.213
            		unknownUnited States
            		21899ABBOTTUSfalse
            210.57.28.241
            		unknownHong Kong
            		4637ASN-TELSTRA-GLOBALTelstraGlobalHKfalse
            197.211.47.179
            		unknownNigeria
            		37148globacom-asNGfalse
            97.93.106.190
            		unknownUnited States
            		20115CHARTER-20115USfalse
            101.75.48.100
            		unknownChina
            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
            244.22.182.171
            		unknownReserved
            		unknownunknownfalse
            147.61.104.40
            		unknownUnited States
            		4193WA-STATE-GOVUSfalse
            75.224.83.251
            		unknownUnited States
            		22394CELLCOUSfalse
            66.79.107.46
            		unknownIran (ISLAMIC Republic Of)
            		58224TCIIRfalse
            9.93.64.113
            		unknownUnited States
            		3356LEVEL3USfalse
            118.158.2.83
            		unknownJapan2516KDDIKDDICORPORATIONJPfalse
            87.236.74.43
            		unknownFrance
            		3215FranceTelecom-OrangeFRfalse
            213.209.129.92
            		unknownGermany
            		42821RAPIDNET-DEHaunstetterStr19DEfalse
            13.216.164.217
            		unknownUnited States
            		16509AMAZON-02USfalse
            95.82.190.255
            		unknownCzech Republic
            		31246NETBOX-ASNETBOXAutonomoussystemCZfalse
            218.43.173.248
            		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
            180.216.62.175
            		unknownAustralia
            		4804MPX-ASMicroplexPTYLTDAUfalse
            205.220.214.25
            		unknownUnited States
            		55039FATBEAM-ASUSfalse
            246.219.71.186
            		unknownReserved
            		unknownunknownfalse
            205.151.7.109
            		unknownCanada
            		376RISQ-ASCAfalse
            189.214.238.199
            		unknownMexico
            		28509CablemasTelecomunicacionesSAdeCVMXfalse
            110.54.86.5
            		unknownJapan7679QTNETQTnetIncJPfalse
            4.187.24.73
            		unknownUnited States
            		3356LEVEL3USfalse
            135.95.204.32
            		unknownUnited States
            		29705MOTIVE-COMMUNICATIONS-INCORPORATEDUSfalse
            223.211.252.187
            		unknownChina
            		7497CSTNET-AS-APComputerNetworkInformationCenterCNfalse
            84.164.183.16
            		unknownGermany
            		3320DTAGInternetserviceprovideroperationsDEfalse
            83.9.10.165
            		unknownPoland
            		5617TPNETPLfalse
            169.65.254.4
            		unknownUnited States
            		37611AfrihostZAfalse
            144.13.116.162
            		unknownUnited States
            		3128BRUWS-AS3128USfalse
            62.73.180.135
            		unknownUnited Kingdom
            		2914NTT-COMMUNICATIONS-2914USfalse
            164.57.212.177
            		unknownUnited States
            		3145WESTPUB-ASUSfalse
            210.2.251.145
            		unknownJapan24276ICNETJupiterTelecommunicationsCoLtdJPfalse
            148.69.56.69
            		unknownPortugal
            		12353VODAFONE-PTVodafonePortugalPTfalse
            160.231.88.25
            		unknownFrance
            		41935DASSAULTSYSTEMES-ASPleasevisithttpwww3dscomFRfalse
            197.168.5.245
            		unknownSouth Africa
            		37168CELL-CZAfalse
            102.188.122.173
            		unknownEgypt
            		24835RAYA-ASEGfalse
            133.34.80.227
            		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
            162.213.35.25
            		unknownUnited States
            		41231CANONICAL-ASGBfalse
            17.155.74.159
            		unknownUnited States
            		714APPLE-ENGINEERINGUSfalse
            100.11.206.135
            		unknownUnited States
            		701UUNETUSfalse
            94.53.80.124
            		unknownRomania
            		48161NG-ASSosBucuresti-Ploiestinr42-44ROfalse
            36.184.241.75
            		unknownChina
            		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
            197.168.197.123
            		unknownSouth Africa
            		37168CELL-CZAfalse
            60.154.187.87
            		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
            240.45.188.129
            		unknownReserved
            		unknownunknownfalse

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            91.189.91.42xd.arm.elfGet hashmaliciousMiraiBrowse
              xd.m68k.elfGet hashmaliciousMiraiBrowse
                xd.mips.elfGet hashmaliciousMiraiBrowse
                  sshd.elfGet hashmaliciousUnknownBrowse
                    xd.mpsl.elfGet hashmaliciousMiraiBrowse
                      na.elfGet hashmaliciousPrometeiBrowse
                        xd.i686.elfGet hashmaliciousMiraiBrowse
                          xd.arm.elfGet hashmaliciousMiraiBrowse
                            xd.sh4.elfGet hashmaliciousMiraiBrowse
                              xd.arm5.elfGet hashmaliciousMiraiBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                daisy.ubuntu.comxd.arm.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                xd.m68k.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                xd.mips.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.24
                                xd.arm6.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.24
                                xd.arm6.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                xd.x86.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25
                                boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                • 162.213.35.25

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                TWC-11351-NORTHEASTUSxd.arm.elfGet hashmaliciousMiraiBrowse
                                • 98.82.158.255
                                xd.x86.elfGet hashmaliciousMiraiBrowse
                                • 98.81.87.240
                                xd.sh4.elfGet hashmaliciousMiraiBrowse
                                • 98.91.152.18
                                -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                                • 98.82.154.76
                                xd.mips.elfGet hashmaliciousMiraiBrowse
                                • 98.90.130.223
                                xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                • 184.74.55.220
                                https://wetransfer.com/downloads/2971136d8b665852eb1f874db092eba220250401114650/596f3cb65b7858fdbbd45a98e463335420250401114650/9efedd?t_exp=1743767210&t_lsid=52fe332d-a748-433b-8af3-fc8487bab09a&t_network=email&t_rid=ZW1haWx8YWRyb2l0fDg1MzA4Yzg5LWMzYjktNDZiZS04MWU5LTViYTJmN2Y1ZjMyZg%3D%3D&t_s=download_link&t_ts=1743508010&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                • 98.82.154.76
                                x86_64.elfGet hashmaliciousUnknownBrowse
                                • 67.248.51.240
                                https://wetransfer.com/downloads/f0d1df3ef20023b7016e8ba0ead8821d20250331073743/af49c1?t_exp=1743665884Get hashmaliciousUnknownBrowse
                                • 98.82.157.137
                                https://snmk9.mjt.lu/lnk/AbwAACYavtgAAAAAAAAAA9w61AIAAYKJhcUAAAAAAC6lwQBn6to4aszawEFKTWWSkCgledCSEgAq1OY/1/JgYawQoManMiPR4Ur62Q1g/aHR0cHM6Ly9vYXV0aC5neXlwb28uY29tLwGet hashmaliciousUnknownBrowse
                                • 98.82.158.241
                                ATT-INTERNET4USxd.arm.elfGet hashmaliciousMiraiBrowse
                                • 69.0.25.214
                                xd.ppc.elfGet hashmaliciousMiraiBrowse
                                • 99.182.134.173
                                xd.spc.elfGet hashmaliciousMiraiBrowse
                                • 99.169.34.134
                                xd.mips.elfGet hashmaliciousMiraiBrowse
                                • 13.141.213.197
                                xd.x86.elfGet hashmaliciousMiraiBrowse
                                • 107.128.57.24
                                xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
                                • 45.16.142.91
                                xd.x86.elfGet hashmaliciousMiraiBrowse
                                • 206.121.192.0
                                xd.sh4.elfGet hashmaliciousMiraiBrowse
                                • 172.143.133.21
                                xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                • 13.168.105.138
                                http://vsuite-emea.omnicell.comGet hashmaliciousUnknownBrowse
                                • 13.43.120.10
                                TELEFONICACHILESACLxd.x86.elfGet hashmaliciousMiraiBrowse
                                • 186.104.136.97
                                bimbo-x86.elfGet hashmaliciousUnknownBrowse
                                • 191.113.74.248
                                vjwe68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 190.20.195.188
                                bejv86.elfGet hashmaliciousMiraiBrowse
                                • 200.28.64.231
                                weje64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 191.125.183.130
                                sora.ppc.elfGet hashmaliciousUnknownBrowse
                                • 190.20.147.247
                                sora.x86.elfGet hashmaliciousMiraiBrowse
                                • 190.21.225.115
                                sora.arm7.elfGet hashmaliciousMiraiBrowse
                                • 200.112.64.95
                                drea4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 200.90.189.114
                                g4za.arm7.elfGet hashmaliciousMiraiBrowse
                                • 186.106.106.183
                                ASN-CXA-ALL-CCI-22773-RDCUSxd.spc.elfGet hashmaliciousMiraiBrowse
                                • 98.175.169.159
                                xd.sh4.elfGet hashmaliciousMiraiBrowse
                                • 70.182.246.7
                                xd.x86_64.elfGet hashmaliciousMiraiBrowse
                                • 72.203.37.240
                                utorrent_installer.exeGet hashmaliciousUnknownBrowse
                                • 70.170.6.32
                                xd.mips.elfGet hashmaliciousMiraiBrowse
                                • 24.252.38.0
                                xd.arm7.elfGet hashmaliciousMiraiBrowse
                                • 70.176.53.221
                                xd.i686.elfGet hashmaliciousMiraiBrowse
                                • 70.169.18.31
                                xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                • 70.188.235.18
                                xd.i486.elfGet hashmaliciousMiraiBrowse
                                • 174.64.40.90
                                https://snu2i.mjt.lu/lnk/AVUAAGf9XKgAAAAAAAAAA9xrFsMAAYKJjLUAAAAAAC68kgBn7Bfqac3lXyTWRGaDtKriXw3emQAq56U/1/cdW9bHmcUWqJ_AB7I3vlvw/aHR0cHM6Ly9jb25zdC5mb3Jtc3RhY2suY29tL2Zvcm1zL2l0ZgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                • 23.58.157.16

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):10
                                Entropy (8bit):2.9219280948873623
                                Encrypted:false
                                SSDEEP:3:5bkPn:pkP
                                MD5:FF001A15CE15CF062A3704CEA2991B5F
                                SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                                SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                                SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:auto_null.
                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):18
                                Entropy (8bit):3.4613201402110088
                                Encrypted:false
                                SSDEEP:3:5bkrIZsXvn:pkckv
                                MD5:28FE6435F34B3367707BB1C5D5F6B430
                                SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                                SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                                SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:auto_null.monitor.
                                Process:/usr/bin/pulseaudio
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):5
                                Entropy (8bit):1.5219280948873621
                                Encrypted:false
                                SSDEEP:3:dj:J
                                MD5:5FC77DCCF0EFC30E3C69B7DCEEECF389
                                SHA1:3B0255FD55F52F80F4086713174995D855AE29CE
                                SHA-256:6B6388156BBDBB41C5D7670CEB44DA7DDF7319F2D652B736435261FE96E317DC
                                SHA-512:F6B6FE318E8989E087425978D0E3F5A8E23A1DEA4A75517B0051D4C3173F9B096576174F7B5185CD421644111198B12FF511458EDABD6E9E6B7C61336F1FBC40
                                Malicious:false
                                Reputation:low
                                Preview:6336.

                                Static File Info

                                General

                                File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                Entropy (8bit):7.944765349327055
                                TrID:
                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                File name:xd.x86_64.elf
                                File size:30'488 bytes
                                MD5:da30210d545e603e163bac22726ed65d
                                SHA1:9a2ce28ed93ee41f6f74808400c1e984a681c22b
                                SHA256:4f728779fcd8935e6538a0496a5d9a925d704ef674c1492a448190757e1a640e
                                SHA512:888554e52e2ebbde990a5ab2870cece96668ce4b907fe2511f6b603e59954cd79084802faaab8cec44bc903bfededfd0de33aabc3c9ca74222062f39dbc66431
                                SSDEEP:768:Z2noTTyY+RHt+D14ir8TSkN+sQBBJx0f5:ooXqRHAPr8TSkdy65
                                TLSH:89D2D0D7852B9379E4255CF981281EC4F1847863E1028BAE1EED31FF6C776145B50DB0
                                File Content Preview:.ELF..............>......d......@...................@.8...@.....................................$v......$v................................Q.......Q.............................Q.td.....................................................F.DUPX!D..............

                                Static ELF Info

                                ELF header

                                Class:ELF64
                                Data:2's complement, little endian
                                Version:1 (current)
                                Machine:Advanced Micro Devices X86-64
                                Version Number:0x1
                                Type:EXEC (Executable file)
                                OS/ABI:UNIX - System V
                                ABI Version:0
                                Entry Point Address:0x1064e8
                                Flags:0x0
                                ELF Header Size:64
                                Program Header Offset:64
                                Program Header Size:56
                                Number of Program Headers:3
                                Section Header Offset:0
                                Section Header Size:64
                                Number of Section Headers:0
                                Header String Table Index:0

                                Program Segments

                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                LOAD0x00x1000000x1000000x76240x76247.94830x5R E0x100000
                                LOAD0x8a80x5118a80x5118a80x00x00.00000x6RW 0x1000
                                GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                Network Behavior

                                Download Network PCAP: filteredfull

                                Network Port Distribution

                                • Total Packets: 192
                                • 7887 undefined
                                • 443 (HTTPS)
                                • 80 (HTTP)
                                • 53 (DNS)
                                • 23 (Telnet)
                                TimestampSource PortDest PortSource IPDest IP
                                Apr 2, 2025 22:23:29.910542011 CEST605407887192.168.2.23213.209.129.92
                                Apr 2, 2025 22:23:29.918884039 CEST2217523192.168.2.2347.74.245.4
                                Apr 2, 2025 22:23:29.918884993 CEST2217523192.168.2.2383.9.10.165
                                Apr 2, 2025 22:23:29.918891907 CEST2217523192.168.2.23169.65.254.4
                                Apr 2, 2025 22:23:29.918911934 CEST2217523192.168.2.2398.156.56.4
                                Apr 2, 2025 22:23:29.918911934 CEST2217523192.168.2.23159.83.115.254
                                Apr 2, 2025 22:23:29.918914080 CEST2217523192.168.2.23222.153.227.124
                                Apr 2, 2025 22:23:29.918914080 CEST2217523192.168.2.23113.126.186.102
                                Apr 2, 2025 22:23:29.918914080 CEST2217523192.168.2.23211.217.205.48
                                Apr 2, 2025 22:23:29.918914080 CEST2217523192.168.2.23197.211.47.179
                                Apr 2, 2025 22:23:29.918919086 CEST2217523192.168.2.2366.79.107.46
                                Apr 2, 2025 22:23:29.918924093 CEST2217523192.168.2.2320.109.185.224
                                Apr 2, 2025 22:23:29.918924093 CEST2217523192.168.2.23189.210.204.225
                                Apr 2, 2025 22:23:29.918927908 CEST2217523192.168.2.23152.174.136.39
                                Apr 2, 2025 22:23:29.918927908 CEST2217523192.168.2.2331.72.54.88
                                Apr 2, 2025 22:23:29.918930054 CEST2217523192.168.2.23223.211.252.187
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.2336.184.241.75
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.23177.24.242.225
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.2319.122.3.137
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.23147.61.104.40
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.23221.150.20.20
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.23185.221.153.116
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.23183.226.82.233
                                Apr 2, 2025 22:23:29.919326067 CEST2217523192.168.2.2359.113.204.131
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.231.247.200.215
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.2398.166.19.192
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.234.206.55.32
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23243.111.219.72
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23197.168.5.245
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.2398.80.139.237
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23219.9.109.71
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.2312.101.87.13
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.2314.228.33.68
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.23183.206.90.166
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23114.96.115.98
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23101.75.48.100
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23187.60.85.75
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23243.150.52.182
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23174.28.2.239
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23117.66.139.247
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.2317.182.12.243
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23189.214.238.199
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23179.117.62.115
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.2371.182.67.197
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23117.82.198.166
                                Apr 2, 2025 22:23:29.919332981 CEST2217523192.168.2.23126.229.210.98
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23210.2.251.145
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23125.69.202.61
                                Apr 2, 2025 22:23:29.919333935 CEST2217523192.168.2.23186.4.103.114
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23205.151.7.109
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.234.91.14.104
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23220.168.243.163
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23197.168.197.123
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.2313.145.171.235
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.2360.154.187.87
                                Apr 2, 2025 22:23:29.919353962 CEST2217523192.168.2.23167.239.184.30
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.2390.5.232.64
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.23171.111.91.198
                                Apr 2, 2025 22:23:29.919354916 CEST2217523192.168.2.23100.11.206.135
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.239.93.64.113
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.239.188.19.119
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.2397.93.106.190
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23115.148.177.190
                                Apr 2, 2025 22:23:29.919354916 CEST2217523192.168.2.23135.95.204.32
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.23203.115.20.110
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.2319.214.35.202
                                Apr 2, 2025 22:23:29.919332027 CEST2217523192.168.2.23144.13.116.162
                                Apr 2, 2025 22:23:29.919334888 CEST2217523192.168.2.23190.186.190.158
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23109.113.67.226
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23192.2.108.73
                                Apr 2, 2025 22:23:29.919354916 CEST2217523192.168.2.23241.71.4.66
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23164.57.212.177
                                Apr 2, 2025 22:23:29.919338942 CEST2217523192.168.2.23104.208.116.237
                                Apr 2, 2025 22:23:29.919354916 CEST2217523192.168.2.23242.107.201.176
                                Apr 2, 2025 22:23:29.919354916 CEST2217523192.168.2.23211.121.44.1
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.23148.69.56.69
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.23244.22.182.171
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.2392.174.92.247
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.2390.120.34.196
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.2371.51.242.235
                                Apr 2, 2025 22:23:29.919394016 CEST2217523192.168.2.23191.50.84.166
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.23101.35.245.2
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.2395.82.190.255
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.2344.236.41.247
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.2320.149.113.117
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.23221.4.245.127
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.23100.236.74.215
                                Apr 2, 2025 22:23:29.919415951 CEST2217523192.168.2.23101.107.234.247
                                Apr 2, 2025 22:23:29.919421911 CEST2217523192.168.2.2373.201.109.204
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.2361.78.60.11
                                Apr 2, 2025 22:23:29.919421911 CEST2217523192.168.2.23124.255.249.23
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23133.34.80.227
                                Apr 2, 2025 22:23:29.919421911 CEST2217523192.168.2.23209.219.206.166
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23141.32.134.40
                                Apr 2, 2025 22:23:29.919421911 CEST2217523192.168.2.23210.57.28.241
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23118.158.2.83
                                Apr 2, 2025 22:23:29.919421911 CEST2217523192.168.2.2392.226.235.94
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23102.188.122.173
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23160.231.88.25
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.23130.38.204.213
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.2324.194.232.236
                                Apr 2, 2025 22:23:29.919423103 CEST2217523192.168.2.234.187.24.73
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.2341.251.85.43
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.23122.3.58.44
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.2313.216.164.217
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.2393.137.245.165
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.23116.187.97.118
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.2343.136.94.98
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.23202.25.26.241
                                Apr 2, 2025 22:23:29.919429064 CEST2217523192.168.2.23217.204.74.148
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23109.70.163.252
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.2391.91.205.110
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23246.219.71.186
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23120.52.249.6
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23151.37.120.12
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.2353.235.226.186
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23207.96.68.177
                                Apr 2, 2025 22:23:29.919440985 CEST2217523192.168.2.23204.248.160.182
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.2343.57.246.118
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.2362.73.180.135
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.23110.54.86.5
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.23218.43.173.248
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.238.42.167.17
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.23223.34.108.80
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.2382.192.202.146
                                Apr 2, 2025 22:23:29.919465065 CEST2217523192.168.2.2363.177.177.60
                                Apr 2, 2025 22:23:29.919481993 CEST2217523192.168.2.2312.179.225.205
                                Apr 2, 2025 22:23:29.919481993 CEST2217523192.168.2.2319.42.7.190
                                Apr 2, 2025 22:23:29.919481993 CEST2217523192.168.2.23166.183.155.175
                                Apr 2, 2025 22:23:29.919488907 CEST2217523192.168.2.23254.251.234.175
                                Apr 2, 2025 22:23:29.919488907 CEST2217523192.168.2.23208.165.179.192
                                Apr 2, 2025 22:23:29.919488907 CEST2217523192.168.2.2317.155.74.159
                                Apr 2, 2025 22:23:29.919529915 CEST2217523192.168.2.23104.183.102.201
                                Apr 2, 2025 22:23:29.919529915 CEST2217523192.168.2.2342.151.231.223
                                Apr 2, 2025 22:23:29.919529915 CEST2217523192.168.2.23180.216.62.175
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.2375.224.83.251
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.2384.164.183.16
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.23203.213.196.226
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.2394.53.80.124
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.2370.223.132.6
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.2387.236.74.43
                                Apr 2, 2025 22:23:29.919539928 CEST2217523192.168.2.23186.116.114.9
                                Apr 2, 2025 22:23:29.919548988 CEST2217523192.168.2.23240.45.188.129
                                Apr 2, 2025 22:23:29.919548988 CEST2217523192.168.2.23158.212.171.14
                                Apr 2, 2025 22:23:29.919580936 CEST2217523192.168.2.2317.69.223.250
                                Apr 2, 2025 22:23:29.919580936 CEST2217523192.168.2.232.206.191.95
                                Apr 2, 2025 22:23:29.919580936 CEST2217523192.168.2.23194.104.25.140
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23114.39.175.17
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23119.204.98.215
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23136.252.64.192
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23115.91.56.212
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23205.220.214.25
                                Apr 2, 2025 22:23:29.919594049 CEST2217523192.168.2.23146.56.184.191
                                Apr 2, 2025 22:23:30.136642933 CEST788760540213.209.129.92192.168.2.23
                                Apr 2, 2025 22:23:30.316831112 CEST43928443192.168.2.2391.189.91.42
                                Apr 2, 2025 22:23:30.830245018 CEST39256443192.168.2.2334.249.145.219
                                Apr 2, 2025 22:23:39.019773006 CEST39256443192.168.2.2334.249.145.219
                                Apr 2, 2025 22:23:47.210596085 CEST4251680192.168.2.23109.202.202.202
                                Apr 2, 2025 22:23:51.306034088 CEST43928443192.168.2.2391.189.91.42
                                Apr 2, 2025 22:23:52.341193914 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:52.341243029 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:52.341293097 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.677985907 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.678020000 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893096924 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893275023 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.893532991 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.893560886 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893778086 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.893802881 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893865108 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893908978 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.893924952 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:53.893975019 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.894345999 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:53.936311007 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.082922935 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083236933 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083236933 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083236933 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083297014 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083324909 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083384037 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083384037 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083384037 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083404064 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083430052 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083451986 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083471060 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083472013 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083491087 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083512068 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083553076 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083553076 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083570957 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083590984 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083615065 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083633900 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083647966 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083662987 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083681107 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083693981 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083710909 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083710909 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083726883 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083748102 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083762884 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083775043 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083775997 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083791018 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083827972 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083827972 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083827972 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.083847046 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.083873987 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.655632973 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.655735970 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:54.655735016 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.655818939 CEST53082443192.168.2.23162.213.35.25
                                Apr 2, 2025 22:23:54.655842066 CEST44353082162.213.35.25192.168.2.23
                                Apr 2, 2025 22:23:55.145539045 CEST39256443192.168.2.2334.249.145.219
                                Apr 2, 2025 22:24:32.260608912 CEST43928443192.168.2.2391.189.91.42
                                TimestampSource PortDest PortSource IPDest IP
                                Apr 2, 2025 22:23:52.076868057 CEST6075153192.168.2.231.1.1.1
                                Apr 2, 2025 22:23:52.076927900 CEST5581653192.168.2.231.1.1.1
                                Apr 2, 2025 22:23:52.178714991 CEST53558161.1.1.1192.168.2.23
                                Apr 2, 2025 22:23:52.179019928 CEST53607511.1.1.1192.168.2.23
                                Apr 2, 2025 22:23:52.225713968 CEST4163053192.168.2.231.1.1.1
                                Apr 2, 2025 22:23:52.335910082 CEST53416301.1.1.1192.168.2.23
                                TimestampSource IPDest IPChecksumCodeType
                                Apr 2, 2025 22:23:58.666994095 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable
                                Apr 2, 2025 22:25:18.681658030 CEST192.168.2.23192.168.2.18283(Port unreachable)Destination Unreachable

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Apr 2, 2025 22:23:52.076868057 CEST192.168.2.231.1.1.10xcb8fStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                Apr 2, 2025 22:23:52.076927900 CEST192.168.2.231.1.1.10x9bb2Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                                Apr 2, 2025 22:23:52.225713968 CEST192.168.2.231.1.1.10x5528Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Apr 2, 2025 22:23:52.179019928 CEST1.1.1.1192.168.2.230xcb8fNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                Apr 2, 2025 22:23:52.179019928 CEST1.1.1.1192.168.2.230xcb8fNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • daisy.ubuntu.com

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination Port
                                0192.168.2.2353082162.213.35.25443
                                TimestampBytes transferredDirectionData
                                2025-04-02 20:23:53 UTC307OUTPOST /9aadafe2051348cd32033e1cad68f0a5fe46fba3240ac1e6e42158f31b8a1371790c09baf3996b4979fe8e533446c7dedf30f654c68b25357334c66911dc6a9e HTTP/1.1
                                Host: daisy.ubuntu.com
                                Accept: */*
                                Content-Type: application/octet-stream
                                X-Whoopsie-Version: 0.2.69ubuntu0.3
                                Content-Length: 164887
                                Expect: 100-continue
                                2025-04-02 20:23:54 UTC25INHTTP/1.1 100 Continue
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 17 84 02 00 02 50 72 6f 63 45 6e 76 69 72 6f 6e 00 4e 00 00 00 50 41 54 48 3d 28 63 75 73 74 6f 6d 2c 20 6e 6f 20 75 73 65 72 29 0a 58 44 47 5f 52 55 4e 54 49 4d 45 5f 44 49 52 3d 3c 73 65 74 3e 0a 4c 41 4e 47 3d 65 6e 5f 55 53 2e 55 54 46 2d 38 0a 53 48 45 4c 4c 3d 2f 62 69 6e 2f 62 61 73 68 00 02 5f 4c 6f 67 69 6e 64 53 65 73 73 69 6f 6e 00 02 00 00 00 35 00 02 44 61 74 65 00 19 00 00 00 54 75 65 20 41 75 67 20 31 37 20 32 30 3a 31 38 3a 30 34 20 32 30 32 31 00 02 53 6f 75 72 63 65 50 61 63 6b 61 67 65 00 0d 00 00 00 6c 69 67 68 74 2d 6c 6f 63 6b 65 72 00 02 50 61 63 6b 61 67 65 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 41 72 63 68 69 74 65 63 74 75 72 65 00 06 00 00 00 61 6d 64 36 34 00 02 44 69 73 74 72 6f 52 65 6c 65 61
                                Data Ascii: ProcEnvironNPATH=(custom, no user)XDG_RUNTIME_DIR=<set>LANG=en_US.UTF-8SHELL=/bin/bash_LogindSession5DateTue Aug 17 20:18:04 2021SourcePackagelight-lockerPackageArchitectureamd64Architectureamd64DistroRelea
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 72 75 6e 74 69 6d 65 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6d 2d 73 79 73 74 65 6d 64 20 32 34 35 2e 34 2d 34 75 62 75 6e 74 75 33 2e 31 31 0a 6c 69 62 70 61 6d 30 67 20 31 2e 33 2e 31 2d 35 75 62 75 6e 74 75 34 2e 31 0a 6c 69 62 70 61 6e 67 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 63 61 69 72 6f 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 66 74 32 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 6e 67 6f 78 66 74 2d 31 2e 30 2d 30 20 31 2e 34 34 2e 37 2d 32 75 62 75 6e 74 75 34 0a 6c 69 62 70 61 70 65 72 2d 75 74 69 6c 73 20 31 2e 31 2e 32 38 0a 6c
                                Data Ascii: tu4.1libpam-runtime 1.3.1-5ubuntu4.1libpam-systemd 245.4-4ubuntu3.11libpam0g 1.3.1-5ubuntu4.1libpango-1.0-0 1.44.7-2ubuntu4libpangocairo-1.0-0 1.44.7-2ubuntu4libpangoft2-1.0-0 1.44.7-2ubuntu4libpangoxft-1.0-0 1.44.7-2ubuntu4libpaper-utils 1.1.28l
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 67 73 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 30 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 31 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 32 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 33 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 34 20 20 20 20 20 20 20 20 20 20 20 20 20 30 78 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 0a 6b 35 20
                                Data Ascii: 0x0 0gs 0x0 0k0 0x0 0k1 0x0 0k2 0x0 0k3 0x0 0k4 0x0 0k5
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 34 30 30 30 2d 37 66 37 39 31 63 30 37 35 30 30 30 20 2d 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 78 63 62 2d 72 65 6e 64 65 72 2e 73 6f 2e 30 2e 30 2e 30 0a 37 66 37 39 31 63 30 37 35 30 30 30 2d 37 66 37 39 31 63 30 37 36 30 30 30 20 72 2d 2d 70 20 30 30 30 30 63 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 30 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75
                                Data Ascii: /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c074000-7f791c075000 ---p 0000c000 fd:00 806260 /usr/lib/x86_64-linux-gnu/libxcb-render.so.0.0.07f791c075000-7f791c076000 r--p 0000c000 fd:00 806260 /u
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 33 30 30 30 2d 37 66 37 39 31 63 37 37 34 30 30 30 20 72 77 2d 70 20 30 30 30 32 36 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 34 35 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34 2d 6c 69 6e 75 78 2d 67 6e 75 2f 6c 69 62 67 64 6b 5f 70 69 78 62 75 66 2d 32 2e 30 2e 73 6f 2e 30 2e 34 30 30 30 2e 30 0a 37 66 37 39 31 63 37 37 34 30 30 30 2d 37 66 37 39 31 63 37 37 38 30 30 30 20 72 2d 2d 70 20 30 30 30 30 30 30 30 30 20 66 64 3a 30 30 20 38 30 36 32 36 38 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 75 73 72 2f 6c 69 62 2f 78 38 36 5f 36 34
                                Data Ascii: nux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c773000-7f791c774000 rw-p 00026000 fd:00 806245 /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0.4000.07f791c774000-7f791c778000 r--p 00000000 fd:00 806268 /usr/lib/x86_64
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 37 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 70 6c 61 74 66 6f 72 6d 20 65 69 73 61 2e 30 3a 20 43 61 6e 6e 6f 74 20 61 6c 6c 6f 63 61 74 65 20 72 65 73 6f 75 72 63 65 20 66 6f 72 20 45 49 53 41 20 73 6c 6f 74 20 38 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 36 20 67 61 6c 61 73 73 69 61 20 6b 65 72 6e 65 6c 3a 20 73 64 20 33 32 3a 30 3a 30 3a 30 3a 20 5b 73 64 61 5d 20 41 73 73 75 6d 69 6e 67 20 64 72 69 76 65 20 63 61 63 68 65 3a 20 77 72 69 74 65 20 74 68 72 6f 75 67 68 0a 41 75 67 20 31 37 20 32 30 3a 32 34 3a 34 37 20 67
                                Data Ascii: platform eisa.0: Cannot allocate resource for EISA slot 7Aug 17 20:24:46 galassia kernel: platform eisa.0: Cannot allocate resource for EISA slot 8Aug 17 20:24:46 galassia kernel: sd 32:0:0:0: [sda] Assuming drive cache: write throughAug 17 20:24:47 g
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 4d 6f 64 75 6c 65 3a 20 22 66 62 64 65 76 68 77 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4c 6f 61 64 69 6e 67 20 2f 75 73 72 2f 6c 69 62 2f 78 6f 72 67 2f 6d 6f 64 75 6c 65 73 2f 6c 69 62 66 62 64 65 76 68 77 2e 73 6f 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 34 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 4d 6f 64 75 6c 65 20 66 62 64 65 76 68 77 3a 20 76 65 6e 64 6f 72 3d 22 58 2e 4f 72 67 20 46 6f 75 6e 64 61 74 69 6f 6e 22 0a 41 75 67 20 31 37
                                Data Ascii: 551]: (II) LoadModule: "fbdevhw"Aug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Loading /usr/lib/xorg/modules/libfbdevhw.soAug 17 20:25:04 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) Module fbdevhw: vendor="X.Org Foundation"Aug 17
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 39 32 30 78 31 32 30 30 22 20 28 69 6e 73 75 66 66 69 63 69 65 6e 74 20 6d 65 6d 6f 72 79 20 66 6f 72 20 6d 6f 64 65 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72 65 28 30 29 3a 20 4e 6f 74 20 75 73 69 6e 67 20 64 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 39 36 30 78 36 30 30 22 20 28 62 61 64 20 6d 6f 64 65 20 63 6c 6f 63 6b 2f 69 6e 74 65 72 6c 61 63 65 2f 64 6f 75 62 6c 65 73
                                Data Ascii: /lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doubles
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 20 31 33 33 36 20 31 35 32 30 20 20 38 36 34 20 38 36 35 20 38 36 38 20 38 39 35 20 2d 68 73 79 6e 63 20 2b 76 73 79 6e 63 20 28 35 33 2e 37 20 6b 48 7a 20 64 29 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 76 6d 77 61 72 65 28 30 29 3a 20 20 44 65 66 61 75 6c 74 20 6d 6f 64 65 20 22 31 30 32 34 78 37 36 38 22 3a 20 39 34 2e 35 20 4d 48 7a 2c 20 36 38 2e 37 20 6b 48 7a 2c 20 38 35 2e 30 20 48 7a 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 49 49 29 20 76 6d 77 61 72
                                Data Ascii: 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 HzAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (II) vmwar
                                2025-04-02 20:23:54 UTC16384OUTData Raw: 65 64 20 53 65 74 20 32 20 6b 65 79 62 6f 61 72 64 3a 20 61 6c 77 61 79 73 20 72 65 70 6f 72 74 73 20 63 6f 72 65 20 65 76 65 6e 74 73 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 44 65 76 69 63 65 22 20 22 2f 64 65 76 2f 69 6e 70 75 74 2f 65 76 65 6e 74 31 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35 3a 30 35 20 67 61 6c 61 73 73 69 61 20 2f 75 73 72 2f 6c 69 62 2f 67 64 6d 33 2f 67 64 6d 2d 78 2d 73 65 73 73 69 6f 6e 5b 31 35 35 31 5d 3a 20 28 2a 2a 29 20 4f 70 74 69 6f 6e 20 22 5f 73 6f 75 72 63 65 22 20 22 73 65 72 76 65 72 2f 75 64 65 76 22 0a 41 75 67 20 31 37 20 32 30 3a 32 35
                                Data Ascii: ed Set 2 keyboard: always reports core eventsAug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "Device" "/dev/input/event1"Aug 17 20:25:05 galassia /usr/lib/gdm3/gdm-x-session[1551]: (**) Option "_source" "server/udev"Aug 17 20:25
                                2025-04-02 20:23:54 UTC279INHTTP/1.1 400 Bad Request
                                Date: Wed, 02 Apr 2025 20:23:54 GMT
                                Server: gunicorn/19.7.1
                                X-Daisy-Revision-Number: 979
                                X-Oops-Repository-Version: 0.0.0
                                Strict-Transport-Security: max-age=2592000
                                Connection: close
                                Transfer-Encoding: chunked
                                17
                                Crash already reported.
                                0


                                System Behavior

                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:/tmp/xd.x86_64.elf
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                File Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                File Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                File Activities


                                General

                                Start time (UTC):20:23:29
                                Start date (UTC):02/04/2025
                                Path:/tmp/xd.x86_64.elf
                                Arguments:-
                                File size:30488 bytes
                                MD5 hash:da30210d545e603e163bac22726ed65d

                                Network Activities


                                General

                                Start time (UTC):20:23:39
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                Process Activities


                                General

                                Start time (UTC):20:23:39
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/journalctl
                                Arguments:/usr/bin/journalctl --smart-relinquish-var
                                File size:80120 bytes
                                MD5 hash:bf3a987344f3bacafc44efd882abda8b

                                File Activities

                                Process Activities


                                General

                                Start time (UTC):20:23:40
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:40
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:40
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:40
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:40
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:50
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/sbin/gdm3
                                Arguments:-
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                Process Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/etc/gdm3/PrimeOff/Default
                                Arguments:/etc/gdm3/PrimeOff/Default
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                File Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/sbin/gdm3
                                Arguments:-
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                Process Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/etc/gdm3/PrimeOff/Default
                                Arguments:/etc/gdm3/PrimeOff/Default
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                File Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/sbin/gdm3
                                Arguments:-
                                File size:453296 bytes
                                MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                                Process Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/etc/gdm3/PrimeOff/Default
                                Arguments:/etc/gdm3/PrimeOff/Default
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                File Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                Process Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/pulseaudio
                                Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                                File size:100832 bytes
                                MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                                File Activities

                                Process Activities

                                System Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:52
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:52
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:23:54
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:21
                                Start date (UTC):02/04/2025
                                Path:/usr/libexec/gvfsd-fuse
                                Arguments:-
                                File size:47632 bytes
                                MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                                Process Activities


                                General

                                Start time (UTC):20:24:21
                                Start date (UTC):02/04/2025
                                Path:/bin/fusermount
                                Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                                File size:39144 bytes
                                MD5 hash:576a1b135c82bdcbc97a91acea900566

                                File Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:23
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/dash
                                Arguments:-
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                Process Activities


                                General

                                Start time (UTC):20:24:23
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/rm
                                Arguments:rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcB
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                File Activities


                                General

                                Start time (UTC):20:24:23
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/dash
                                Arguments:-
                                File size:129816 bytes
                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                Process Activities


                                General

                                Start time (UTC):20:24:23
                                Start date (UTC):02/04/2025
                                Path:/usr/bin/rm
                                Arguments:rm -f /tmp/tmp.ETONCyvNdi /tmp/tmp.ubUHepXbGx /tmp/tmp.VYqvwG4YcB
                                File size:72056 bytes
                                MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                File Activities


                                General

                                Start time (UTC):20:24:53
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:53
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:54
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:54
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:24:54
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities


                                General

                                Start time (UTC):20:25:51
                                Start date (UTC):02/04/2025
                                Path:/usr/lib/systemd/systemd (deleted)
                                Arguments:-
                                File size:1620224 bytes
                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                File Activities

                                Process Activities

                                Network Activities