Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
xd.sh4.elf

Overview

General Information

Sample name:xd.sh4.elf
Analysis ID:1655056
MD5:76eda645c0a5c1b312f9fb71e5910d68
SHA1:456dc910206fc666f0a7f6d08fa05e6bbfa4d87b
SHA256:4fe119b8fde2be711ee4ac38352480abcaba0767e9c1ad574dab908b27a14894
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:100
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Reads CPU information from /sys indicative of miner or evasive malware
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1655056
Start date and time:2025-04-02 22:23:45 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xd.sh4.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/3@0/0
  • Connection to analysis system has been lost, crash info: Unknown

Process Tree

  • system is lnxubuntu20
  • xd.sh4.elf (PID: 5489, Parent: 5414, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/xd.sh4.elf
  • systemd New Fork (PID: 5519, Parent: 1)
  • journalctl (PID: 5519, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • systemd New Fork (PID: 5536, Parent: 1)
  • systemd New Fork (PID: 5538, Parent: 1)
  • systemd New Fork (PID: 5539, Parent: 1)
  • systemd New Fork (PID: 5540, Parent: 1)
  • systemd New Fork (PID: 5543, Parent: 1)
  • gdm3 New Fork (PID: 5598, Parent: 1289)
  • Default (PID: 5598, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5599, Parent: 1)
  • systemd New Fork (PID: 5600, Parent: 1)
  • systemd New Fork (PID: 5601, Parent: 1)
  • systemd New Fork (PID: 5602, Parent: 1)
  • systemd New Fork (PID: 5603, Parent: 1)
  • systemd New Fork (PID: 5604, Parent: 1)
  • gdm3 New Fork (PID: 5605, Parent: 1289)
  • Default (PID: 5605, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5606, Parent: 1289)
  • Default (PID: 5606, Parent: 1289, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5607, Parent: 2955)
  • pulseaudio (PID: 5607, Parent: 2955, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • systemd New Fork (PID: 5608, Parent: 1)
  • systemd New Fork (PID: 5609, Parent: 1)
  • systemd New Fork (PID: 5611, Parent: 1)
  • systemd New Fork (PID: 5613, Parent: 1)
  • fusermount (PID: 5634, Parent: 3147, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
xd.sh4.elfJoeSecurity_Mirai_9Yara detected MiraiJoe Security
    xd.sh4.elfJoeSecurity_Mirai_5Yara detected MiraiJoe Security
      xd.sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        xd.sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xe82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe91c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe96c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        xd.sh4.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0xe7c8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        Click to see the 2 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
          5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
            5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
              5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
              • 0xe82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe91c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe96c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe9a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              • 0xe9bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
              5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
              • 0xe7c8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
              Click to see the 61 entries

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              • AV Detection
              • Bitcoin Miner
              • Networking
              • System Summary
              • Persistence and Installation Behavior
              • Hooking and other Techniques for Hiding and Protection
              • Malware Analysis System Evasion
              • Stealing of Sensitive Information
              • Remote Access Functionality

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: xd.sh4.elfAvira: detected
              Source: xd.sh4.elfVirustotal: Detection: 64%Perma Link
              Source: xd.sh4.elfReversingLabs: Detection: 69%
              Source: /usr/bin/pulseaudio (PID: 5607)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: global trafficTCP traffic: 192.168.2.14:57356 -> 213.209.129.92:7887
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:23Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:0Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:80Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:81Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:8443Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)Socket: 0.0.0.0:9009Jump to behavior
              Source: unknownTCP traffic detected without corresponding DNS query: 213.209.129.92
              Source: unknownTCP traffic detected without corresponding DNS query: 160.98.59.116
              Source: unknownTCP traffic detected without corresponding DNS query: 180.137.14.11
              Source: unknownTCP traffic detected without corresponding DNS query: 48.102.26.129
              Source: unknownTCP traffic detected without corresponding DNS query: 178.206.154.9
              Source: unknownTCP traffic detected without corresponding DNS query: 65.203.150.129
              Source: unknownTCP traffic detected without corresponding DNS query: 2.175.76.129
              Source: unknownTCP traffic detected without corresponding DNS query: 82.241.20.29
              Source: unknownTCP traffic detected without corresponding DNS query: 8.50.148.169
              Source: unknownTCP traffic detected without corresponding DNS query: 67.39.107.219
              Source: unknownTCP traffic detected without corresponding DNS query: 207.174.181.52
              Source: unknownTCP traffic detected without corresponding DNS query: 96.43.59.208
              Source: unknownTCP traffic detected without corresponding DNS query: 93.118.12.83
              Source: unknownTCP traffic detected without corresponding DNS query: 27.51.211.151
              Source: unknownTCP traffic detected without corresponding DNS query: 177.5.181.251
              Source: unknownTCP traffic detected without corresponding DNS query: 247.155.68.150
              Source: unknownTCP traffic detected without corresponding DNS query: 200.184.25.103
              Source: unknownTCP traffic detected without corresponding DNS query: 48.154.144.169
              Source: unknownTCP traffic detected without corresponding DNS query: 151.117.124.60
              Source: unknownTCP traffic detected without corresponding DNS query: 94.85.95.173
              Source: unknownTCP traffic detected without corresponding DNS query: 36.226.22.255
              Source: unknownTCP traffic detected without corresponding DNS query: 123.42.100.91
              Source: unknownTCP traffic detected without corresponding DNS query: 32.250.41.80
              Source: unknownTCP traffic detected without corresponding DNS query: 99.163.237.0
              Source: unknownTCP traffic detected without corresponding DNS query: 114.202.124.115
              Source: unknownTCP traffic detected without corresponding DNS query: 187.98.8.247
              Source: unknownTCP traffic detected without corresponding DNS query: 152.239.41.157
              Source: unknownTCP traffic detected without corresponding DNS query: 167.111.47.34
              Source: unknownTCP traffic detected without corresponding DNS query: 93.187.238.194
              Source: unknownTCP traffic detected without corresponding DNS query: 152.58.229.138
              Source: unknownTCP traffic detected without corresponding DNS query: 103.24.34.109
              Source: unknownTCP traffic detected without corresponding DNS query: 27.159.239.171
              Source: unknownTCP traffic detected without corresponding DNS query: 165.91.59.33
              Source: unknownTCP traffic detected without corresponding DNS query: 85.104.14.201
              Source: unknownTCP traffic detected without corresponding DNS query: 201.58.20.223
              Source: unknownTCP traffic detected without corresponding DNS query: 159.66.105.168
              Source: unknownTCP traffic detected without corresponding DNS query: 115.189.3.188
              Source: unknownTCP traffic detected without corresponding DNS query: 95.17.224.84
              Source: unknownTCP traffic detected without corresponding DNS query: 179.255.115.120
              Source: unknownTCP traffic detected without corresponding DNS query: 83.115.228.5
              Source: unknownTCP traffic detected without corresponding DNS query: 27.223.165.32
              Source: unknownTCP traffic detected without corresponding DNS query: 104.129.211.132
              Source: unknownTCP traffic detected without corresponding DNS query: 200.81.171.90
              Source: unknownTCP traffic detected without corresponding DNS query: 35.114.176.95
              Source: unknownTCP traffic detected without corresponding DNS query: 5.96.127.71
              Source: unknownTCP traffic detected without corresponding DNS query: 124.2.78.61
              Source: unknownTCP traffic detected without corresponding DNS query: 8.191.7.239
              Source: unknownTCP traffic detected without corresponding DNS query: 240.2.82.8
              Source: unknownTCP traffic detected without corresponding DNS query: 43.74.204.152
              Source: unknownTCP traffic detected without corresponding DNS query: 220.185.200.195

              System Summary

              barindex
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
              Source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
              Source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 940, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 661, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 725, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 769, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 782, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 785, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 791, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 794, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 797, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 801, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1289, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1299, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1300, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1309, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2955, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2956, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2991, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3120, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3125, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3157, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5333, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5474, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5475, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5607, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5493)SIGKILL sent: pid: -5493, result: unknownJump to behavior
              Source: ELF static info symbol of initial sample.symtab present: no
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 940, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 490, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 661, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 725, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 726, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 767, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 769, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 780, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 782, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 785, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 791, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 794, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 795, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 797, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 800, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 801, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1289, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1299, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1300, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 1309, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2955, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2956, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 2991, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3120, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3125, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 3157, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5333, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5474, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5475, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)SIGKILL sent: pid: 5607, result: successfulJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5493)SIGKILL sent: pid: -5493, result: unknownJump to behavior
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: xd.sh4.elf, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: xd.sh4.elf, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
              Source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
              Source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
              Source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
              Source: classification engineClassification label: mal100.spre.troj.evad.linELF@0/3@0/0

              Persistence and Installation Behavior

              barindex
              Source: /bin/fusermount (PID: 5634)File: /proc/5634/mountsJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3760/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3761/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1583/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/2672/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1383/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1382/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1381/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/791/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/671/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3759/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/794/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/795/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/674/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1577/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1610/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/797/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/512/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/678/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/514/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/679/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/519/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/917/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/917/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1593/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1394/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3329/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3406/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/683/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/684/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1589/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3129/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1588/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3402/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3245/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/767/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/800/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/888/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/888/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3762/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/801/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/725/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/769/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/726/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/803/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/803/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/806/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/806/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/2517/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/807/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/807/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/928/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/5640/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3420/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1560/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/490/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3142/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1635/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1557/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1633/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1599/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1873/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3215/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1399/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1630/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3412/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/853/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/657/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/658/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/659/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/418/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/419/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1639/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/5438/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1638/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3398/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1371/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/780/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/660/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/782/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/661/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1369/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1567/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/740/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1203/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3304/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3425/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/785/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1444/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1642/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/940/fdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1564/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/941/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1640/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/3147/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/1364/exeJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File opened: /proc/548/exeJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: /tmp/xd.sh4.elf (PID: 5491)File: /usr/sbin/gdm3Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File: /usr/lib/systemd/systemdJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File: /usr/lib/systemd/systemd (deleted)Jump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5491)File: /usr/bin/pulseaudioJump to behavior
              Source: /usr/bin/pulseaudio (PID: 5607)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
              Source: /tmp/xd.sh4.elf (PID: 5489)Queries kernel information via 'uname': Jump to behavior
              Source: /usr/bin/pulseaudio (PID: 5607)Queries kernel information via 'uname': Jump to behavior
              Source: xd.sh4.elf, 5489.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5492.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5493.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5501.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5502.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5503.1.00007ffe131db000.00007ffe131fc000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
              Source: xd.sh4.elf, 5489.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5492.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5493.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5501.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5502.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5503.1.0000561f1657b000.0000561f165de000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
              Source: xd.sh4.elf, 5489.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5492.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5493.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5501.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5502.1.00007ffe131db000.00007ffe131fc000.rw-.sdmp, xd.sh4.elf, 5503.1.00007ffe131db000.00007ffe131fc000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/xd.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/xd.sh4.elf
              Source: xd.sh4.elf, 5489.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5492.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5493.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5501.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5502.1.0000561f1657b000.0000561f165de000.rw-.sdmp, xd.sh4.elf, 5503.1.0000561f1657b000.0000561f165de000.rw-.sdmpBinary or memory string: V5!/etc/qemu-binfmt/sh4

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: xd.sh4.elf, type: SAMPLE
              Source: Yara matchFile source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: xd.sh4.elf, type: SAMPLE
              Source: Yara matchFile source: 5501.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5489.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5502.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5493.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5503.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: 5492.1.00007fbe80400000.00007fbe80410000.r-x.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5489, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5492, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5493, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5501, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5502, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xd.sh4.elf PID: 5503, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
              File Deletion              		1
              OS Credential Dumping              		11
              Security Software Discovery              		Remote ServicesData from Local System1
              Non-Standard Port              		Exfiltration Over Other Network Medium1
              Service Stop
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
              File and Directory Discovery              		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

              Malware Configuration

              No configs have been found

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1655056 Sample: xd.sh4.elf Startdate: 02/04/2025 Architecture: LINUX Score: 100 30 71.16.187.147, 23 WINDSTREAMUS United States 2->30 32 121.75.136.5, 23 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ New Zealand 2->32 34 98 other IPs or domains 2->34 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected Mirai 2->46 8 xd.sh4.elf 2->8         started        10 gvfsd-fuse fusermount 2->10         started        13 systemd journalctl 2->13         started        15 20 other processes 2->15 signatures3 process4 signatures5 17 xd.sh4.elf 8->17         started        20 xd.sh4.elf 8->20         started        22 xd.sh4.elf 8->22         started        48 Sample reads /proc/mounts (often used for finding a writable filesystem) 10->48 process6 signatures7 36 Sample tries to kill multiple processes (SIGKILL) 17->36 38 Sample deletes itself 17->38 24 xd.sh4.elf 20->24         started        26 xd.sh4.elf 20->26         started        28 xd.sh4.elf 20->28         started        process8

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              xd.sh4.elf64%VirustotalBrowse
              xd.sh4.elf69%ReversingLabsLinux.Backdoor.Mirai
              xd.sh4.elf100%AviraLINUX/Mirai.bonb

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Download Network PCAP: filteredfull

              Contacted Domains

              No contacted domains info

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              198.4.112.162
              		unknownUnited States
              		7270NET2PHONEUSfalse
              61.244.161.82
              		unknownHong Kong
              		10103HKBN-AS-APHKBroadbandNetworkLtdHKfalse
              98.185.118.65
              		unknownUnited States
              		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
              152.119.89.146
              		unknownUnited States
              		2576DOT-ASUSfalse
              5.40.24.168
              		unknownSpain
              		205888ENEBROESfalse
              69.58.251.100
              		unknownUnited States
              		10405UPRR-ASN-01USfalse
              247.155.68.150
              		unknownReserved
              		unknownunknownfalse
              209.64.4.17
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              34.170.103.36
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              5.96.127.71
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              122.22.251.4
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              87.211.136.44
              		unknownNetherlands
              		13127VERSATELASfortheTrans-EuropeanTele2IPTransportbackbofalse
              177.5.181.251
              		unknownBrazil
              		8167BrasilTelecomSA-FilialDistritoFederalBRfalse
              254.61.45.128
              		unknownReserved
              		unknownunknownfalse
              195.98.2.103
              		unknownSlovakia (SLOVAK Republic)
              		5578AS-BENESTRABratislavaSlovakRepublicSKfalse
              97.12.10.126
              		unknownUnited States
              		22394CELLCOUSfalse
              90.72.210.171
              		unknownFrance
              		15962OSK-DNISlovakiaSKfalse
              212.141.19.151
              		unknownItaly
              		1267ASN-WINDTREIUNETEUfalse
              27.159.239.171
              		unknownChina
              		133774CHINATELECOM-FUJIAN-FUZHOU-IDC1FuzhouCNfalse
              211.108.59.165
              		unknownKorea Republic of
              		9318SKB-ASSKBroadbandCoLtdKRfalse
              104.124.57.69
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              96.5.204.168
              		unknownUnited States
              		11686ENAUSfalse
              116.179.146.9
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              67.165.242.168
              		unknownUnited States
              		7922COMCAST-7922USfalse
              197.58.220.38
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              120.177.165.157
              		unknownIndonesia
              		4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
              65.157.60.190
              		unknownUnited States
              		393658ATYPONUSfalse
              160.210.178.236
              		unknownIceland
              		15474RHNETSURISRHnetISfalse
              104.129.211.132
              		unknownUnited States
              		395846DIRECTCOMIDUSfalse
              40.255.151.50
              		unknownUnited States
              		4249LILLY-ASUSfalse
              31.37.161.189
              		unknownFrance
              		5410BOUYGTEL-ISPFRfalse
              142.194.4.31
              		unknownCanada
              		13576SDNW-13576USfalse
              90.218.66.216
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              159.106.68.26
              		unknownUnited States
              		16050REUTERS-DOCKLANDS-RES-ASReutersDocklandsresiliancyGBfalse
              121.236.141.141
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              121.75.136.5
              		unknownNew Zealand
              		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
              200.81.171.90
              		unknownArgentina
              		10617SIONSAARfalse
              136.160.205.230
              		unknownUnited States
              		394395TOWSON-UNIVERSITYUSfalse
              38.164.143.236
              		unknownUnited States
              		174COGENT-174USfalse
              181.50.36.104
              		unknownColombia
              		10620TelmexColombiaSACOfalse
              207.174.181.52
              		unknownHong Kong
              		133771RPS-AS-APRapidShieldCompanyLimitedHKfalse
              183.117.83.57
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              170.101.145.220
              		unknownSaudi Arabia
              		25019SAUDINETSTC-ASSAfalse
              178.206.154.9
              		unknownRussian Federation
              		28840TATTELECOM-ASRUfalse
              36.226.22.255
              		unknownTaiwan; Republic of China (ROC)
              		3462HINETDataCommunicationBusinessGroupTWfalse
              124.2.78.61
              		unknownKorea Republic of
              		18302SKG_NW-AS-KRSKTelecomKRfalse
              165.91.59.33
              		unknownUnited States
              		3794TAMUUSfalse
              61.23.78.37
              		unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
              220.185.200.195
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              1.240.32.236
              		unknownKorea Republic of
              		38415GOEGN-AS-KRGuriNamyangjuOfficeOfEducationKRfalse
              47.97.62.117
              		unknownChina
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              244.110.58.231
              		unknownReserved
              		unknownunknownfalse
              117.90.220.5
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              89.16.223.134
              		unknownAustria
              		50226NETCOMPANY1-ASATfalse
              190.145.236.199
              		unknownColombia
              		14080TelmexColombiaSACOfalse
              90.176.174.38
              		unknownCzech Republic
              		5610O2-CZECH-REPUBLICCZfalse
              101.86.70.130
              		unknownChina
              		4812CHINANET-SH-APChinaTelecomGroupCNfalse
              101.192.52.138
              		unknownChina
              		58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
              45.234.194.94
              		unknownBrazil
              		267378CWMCTELECOMLTDAMEBRfalse
              139.12.6.57
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              92.128.180.246
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              93.187.238.194
              		unknownGermany
              		8972GD-EMEA-DC-SXB1DEfalse
              135.154.218.2
              		unknownUnited States
              		14962NCR-252USfalse
              213.209.129.92
              		unknownGermany
              		42821RAPIDNET-DEHaunstetterStr19DEfalse
              65.203.150.129
              		unknownUnited States
              		13782FAFCOUSfalse
              66.199.102.72
              		unknownUnited States
              		8092AMHUSfalse
              244.78.28.232
              		unknownReserved
              		unknownunknownfalse
              69.63.62.79
              		unknownCanada
              		7794EXECULINKCAfalse
              210.57.116.252
              		unknownHong Kong
              		4637ASN-TELSTRA-GLOBALTelstraGlobalHKfalse
              142.183.37.52
              		unknownCanada
              		577BACOMCAfalse
              222.6.45.211
              		unknownJapan2516KDDIKDDICORPORATIONJPfalse
              45.218.210.201
              		unknownMorocco
              		36925ASMediMAfalse
              220.210.142.186
              		unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
              77.124.214.150
              		unknownIsrael
              		9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
              108.47.29.141
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              120.239.63.81
              		unknownChina
              		56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
              150.137.202.91
              		unknownUnited States
              		1600DNIC-ASBLK-01550-01601USfalse
              136.49.55.245
              		unknownUnited States
              		16591GOOGLE-FIBERUSfalse
              93.118.12.83
              		unknownGermany
              		41998NETCOMBW-ASDEfalse
              57.254.142.120
              		unknownBelgium
              		2686ATGS-MMD-ASUSfalse
              144.67.31.132
              		unknownUnited States
              		3243MEO-RESIDENCIALPTfalse
              83.115.228.5
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              118.247.238.129
              		unknownChina
              		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
              184.108.179.80
              		unknownUnited States
              		7922COMCAST-7922USfalse
              172.6.83.22
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              244.65.99.111
              		unknownReserved
              		unknownunknownfalse
              96.52.8.100
              		unknownCanada
              		6327SHAWCAfalse
              95.17.224.84
              		unknownSpain
              		12479UNI2-ASESfalse
              71.16.187.147
              		unknownUnited States
              		7029WINDSTREAMUSfalse
              166.92.120.107
              		unknownUnited States
              		18779EGIHOSTINGUSfalse
              158.165.57.216
              		unknownUnited States
              		63774JNETUSfalse
              8.50.148.169
              		unknownUnited States
              		3356LEVEL3USfalse
              142.219.194.41
              		unknownCanada
              		53442CITY-OF-COQUITLAMCAfalse
              84.172.230.1
              		unknownGermany
              		3320DTAGInternetserviceprovideroperationsDEfalse
              192.10.117.11
              		unknownUnited States
              		36224HCLTA94085USfalse
              48.102.26.129
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              82.241.20.29
              		unknownFrance
              		12322PROXADFRfalse
              193.176.74.69
              		unknownGermany
              		198682NETIWAN-ASFRfalse
              178.197.65.212
              		unknownSwitzerland
              		3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
              117.81.30.100
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              NET2PHONEUSmips.elfGet hashmaliciousUnknownBrowse
              • 206.22.75.129
              mips.elfGet hashmaliciousUnknownBrowse
              • 206.20.174.208
              a.elfGet hashmaliciousUnknownBrowse
              • 206.22.27.214
              nklmips.elfGet hashmaliciousUnknownBrowse
              • 206.22.75.122
              star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
              • 206.22.106.102
              i686.elfGet hashmaliciousUnknownBrowse
              • 207.113.29.119
              i586.elfGet hashmaliciousUnknownBrowse
              • 206.20.67.55
              sora.m68k.elfGet hashmaliciousMiraiBrowse
              • 206.22.5.90
              arm5.elfGet hashmaliciousMiraiBrowse
              • 169.132.160.101
              fuckunix.x86.elfGet hashmaliciousMiraiBrowse
              • 198.4.111.234
              ASN-CXA-ALL-CCI-22773-RDCUSxd.x86_64.elfGet hashmaliciousMiraiBrowse
              • 98.166.19.192
              xd.spc.elfGet hashmaliciousMiraiBrowse
              • 98.175.169.159
              xd.sh4.elfGet hashmaliciousMiraiBrowse
              • 70.182.246.7
              xd.x86_64.elfGet hashmaliciousMiraiBrowse
              • 72.203.37.240
              utorrent_installer.exeGet hashmaliciousUnknownBrowse
              • 70.170.6.32
              xd.mips.elfGet hashmaliciousMiraiBrowse
              • 24.252.38.0
              xd.arm7.elfGet hashmaliciousMiraiBrowse
              • 70.176.53.221
              xd.i686.elfGet hashmaliciousMiraiBrowse
              • 70.169.18.31
              xd.mpsl.elfGet hashmaliciousMiraiBrowse
              • 70.188.235.18
              xd.i486.elfGet hashmaliciousMiraiBrowse
              • 174.64.40.90
              HKBN-AS-APHKBroadbandNetworkLtdHKhttps://c2uah.yazvbqkl.ru/QPImv5ff/#Mjessie.smith@aol.comGet hashmaliciousInvisible JS, Tycoon2FABrowse
              • 103.243.32.90
              resgod.ppc.elfGet hashmaliciousMiraiBrowse
              • 61.238.120.152
              jklx86.elfGet hashmaliciousUnknownBrowse
              • 61.238.158.118
              https://url.us.m.mimecastprotect.com/s/JGhtCKrNg6cxoDKuMfAU5fxvl?domain=link.edgepilot.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 103.243.32.90
              https://www.google.co.zm/url?q=https%3A%2F%2Fembalagenspontual.com%2F.dnd%2F&sa=D&sntz=1&usg=AOvVaw2fQzlrSA6WjuVq4o5C-GZh#?470265860475745Family=X2NlYzY3QG5hc2hpbnRsLmNvbQ==Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
              • 103.243.32.90
              nklmpsl.elfGet hashmaliciousUnknownBrowse
              • 61.238.120.121
              yakov.arm.elfGet hashmaliciousMiraiBrowse
              • 14.136.249.76
              res.x86.elfGet hashmaliciousUnknownBrowse
              • 14.136.156.178
              9aca4b8a-6a18-07b4-f6f9-e37ca5d39458.emlGet hashmaliciousunknownBrowse
              • 103.243.33.5
              https://mobileworld-zag.com/team/b2bredirectscan.htmlGet hashmaliciousUnknownBrowse
              • 103.243.32.90
              DOT-ASUSxd.mips.elfGet hashmaliciousMiraiBrowse
              • 152.122.208.68
              xd.powerpc-440fp.elfGet hashmaliciousMiraiBrowse
              • 169.135.228.11
              bimbo-x86.elfGet hashmaliciousUnknownBrowse
              • 169.135.216.53
              hoho.ppc.elfGet hashmaliciousUnknownBrowse
              • 169.135.241.21
              resgod.sh4.elfGet hashmaliciousMiraiBrowse
              • 169.135.241.22
              cbr.spc.elfGet hashmaliciousMiraiBrowse
              • 204.86.228.44
              a.elfGet hashmaliciousUnknownBrowse
              • 169.135.216.53
              u.elfGet hashmaliciousUnknownBrowse
              • 204.86.228.38
              1isequal9.sh4.elfGet hashmaliciousUnknownBrowse
              • 152.122.184.122
              nklppc.elfGet hashmaliciousUnknownBrowse
              • 152.123.125.57

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):10
              Entropy (8bit):2.9219280948873623
              Encrypted:false
              SSDEEP:3:5bkPn:pkP
              MD5:FF001A15CE15CF062A3704CEA2991B5F
              SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
              SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
              SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:auto_null.
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):18
              Entropy (8bit):3.4613201402110088
              Encrypted:false
              SSDEEP:3:5bkrIZsXvn:pkckv
              MD5:28FE6435F34B3367707BB1C5D5F6B430
              SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
              SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
              SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:auto_null.monitor.
              Process:/usr/bin/pulseaudio
              File Type:ASCII text
              Category:dropped
              Size (bytes):5
              Entropy (8bit):2.321928094887362
              Encrypted:false
              SSDEEP:3:Gin:Gin
              MD5:598C6AA2E3980BBF8748BCB326A02806
              SHA1:4C396CA28D7EF8887F22C94B1B720257EB7DF752
              SHA-256:B1567CF1679025C4D889059A32C5DFE16FDE4CAAFF90E6BDC7166E3634E48A91
              SHA-512:635FA0ED2A446D4B5A2E2ED1DE4B81699D3942238253FFB6B2FC38D2E52ADEBEBB936860BD06213D77FF21B958DB77461B7C6AD4C376E58E0C58D0C266AF8CD0
              Malicious:false
              Reputation:low
              Preview:5607.

              Static File Info

              General

              File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.750278886201358
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:xd.sh4.elf
              File size:66'548 bytes
              MD5:76eda645c0a5c1b312f9fb71e5910d68
              SHA1:456dc910206fc666f0a7f6d08fa05e6bbfa4d87b
              SHA256:4fe119b8fde2be711ee4ac38352480abcaba0767e9c1ad574dab908b27a14894
              SHA512:36e5d01fc31d50054fbe8fc466726ad37cce7c278101b8588016b731c92fc7756b00ed223aad3236d4458b6ca18dfd1b70460e01329810c040d2fde68bfd2e51
              SSDEEP:1536:y/cUfHWfUwtDQikWzYWNt/GpMrASfs3xOJcYw/iYw+QCu8dm:yUU+sTRJWGpMpf+x014iYw+QE8
              TLSH:4D538D75D0A9AE64C65545B87108DE3AEF1381C076D33EF397A183AA9447AEDB008FF1
              File Content Preview:.ELF..............*.......@.4...d.......4. ...(...............@...@...........................A...A.$...............Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, little endian
              Version:1 (current)
              Machine:<unknown>
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x4001a0
              Flags:0x9
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:66148
              Section Header Size:40
              Number of Section Headers:10
              Header String Table Index:9

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x4000940x940x300x00x6AX004
              .textPROGBITS0x4000e00xe00xe3c00x00x6AX0032
              .finiPROGBITS0x40e4a00xe4a00x240x00x6AX004
              .rodataPROGBITS0x40e4c40xe4c40x17c00x00x2A004
              .ctorsPROGBITS0x4100000x100000x80x00x3WA004
              .dtorsPROGBITS0x4100080x100080x80x00x3WA004
              .dataPROGBITS0x4100140x100140x2100x00x3WA004
              .bssNOBITS0x4102240x102240x4d80x00x3WA004
              .shstrtabSTRTAB0x00x102240x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000xfc840xfc846.83760x5R E0x10000.init .text .fini .rodata
              LOAD0x100000x4100000x4100000x2240x6fc2.94060x6RW 0x10000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 296
              • 7887 undefined
              • 23 (Telnet)
              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 22:24:34.902261019 CEST573567887192.168.2.14213.209.129.92
              Apr 2, 2025 22:24:34.988403082 CEST3418423192.168.2.14160.98.59.116
              Apr 2, 2025 22:24:34.988501072 CEST3418423192.168.2.14180.137.14.11
              Apr 2, 2025 22:24:34.988509893 CEST3418423192.168.2.1448.102.26.129
              Apr 2, 2025 22:24:34.988509893 CEST3418423192.168.2.14178.206.154.9
              Apr 2, 2025 22:24:34.988522053 CEST3418423192.168.2.1465.203.150.129
              Apr 2, 2025 22:24:34.988543987 CEST3418423192.168.2.142.175.76.129
              Apr 2, 2025 22:24:34.988548040 CEST3418423192.168.2.1482.241.20.29
              Apr 2, 2025 22:24:34.988662004 CEST3418423192.168.2.148.50.148.169
              Apr 2, 2025 22:24:34.988662004 CEST3418423192.168.2.1467.39.107.219
              Apr 2, 2025 22:24:34.988667965 CEST3418423192.168.2.14207.174.181.52
              Apr 2, 2025 22:24:34.988678932 CEST3418423192.168.2.1496.43.59.208
              Apr 2, 2025 22:24:34.988749981 CEST3418423192.168.2.1493.118.12.83
              Apr 2, 2025 22:24:34.988756895 CEST3418423192.168.2.1427.51.211.151
              Apr 2, 2025 22:24:34.988758087 CEST3418423192.168.2.14177.5.181.251
              Apr 2, 2025 22:24:34.988756895 CEST3418423192.168.2.14247.155.68.150
              Apr 2, 2025 22:24:34.988759041 CEST3418423192.168.2.14200.184.25.103
              Apr 2, 2025 22:24:34.988789082 CEST3418423192.168.2.1448.154.144.169
              Apr 2, 2025 22:24:34.989032030 CEST3418423192.168.2.14151.117.124.60
              Apr 2, 2025 22:24:34.989033937 CEST3418423192.168.2.1494.85.95.173
              Apr 2, 2025 22:24:34.989034891 CEST3418423192.168.2.1436.226.22.255
              Apr 2, 2025 22:24:34.989038944 CEST3418423192.168.2.14123.42.100.91
              Apr 2, 2025 22:24:34.989073038 CEST3418423192.168.2.1432.250.41.80
              Apr 2, 2025 22:24:34.989073038 CEST3418423192.168.2.1499.163.237.0
              Apr 2, 2025 22:24:34.989084005 CEST3418423192.168.2.14114.202.124.115
              Apr 2, 2025 22:24:34.989084005 CEST3418423192.168.2.14187.98.8.247
              Apr 2, 2025 22:24:34.989084005 CEST3418423192.168.2.14152.239.41.157
              Apr 2, 2025 22:24:34.989085913 CEST3418423192.168.2.14167.111.47.34
              Apr 2, 2025 22:24:34.989085913 CEST3418423192.168.2.1493.187.238.194
              Apr 2, 2025 22:24:34.989085913 CEST3418423192.168.2.14152.58.229.138
              Apr 2, 2025 22:24:34.989087105 CEST3418423192.168.2.14103.24.34.109
              Apr 2, 2025 22:24:34.989089012 CEST3418423192.168.2.1427.159.239.171
              Apr 2, 2025 22:24:34.989089012 CEST3418423192.168.2.14165.91.59.33
              Apr 2, 2025 22:24:34.989089966 CEST3418423192.168.2.1445.218.210.201
              Apr 2, 2025 22:24:34.989089012 CEST3418423192.168.2.1485.104.14.201
              Apr 2, 2025 22:24:34.989089966 CEST3418423192.168.2.14201.58.20.223
              Apr 2, 2025 22:24:34.989089012 CEST3418423192.168.2.14159.66.105.168
              Apr 2, 2025 22:24:34.989089966 CEST3418423192.168.2.14115.189.3.188
              Apr 2, 2025 22:24:34.989090919 CEST3418423192.168.2.1495.17.224.84
              Apr 2, 2025 22:24:34.989093065 CEST3418423192.168.2.14179.255.115.120
              Apr 2, 2025 22:24:34.989090919 CEST3418423192.168.2.1483.115.228.5
              Apr 2, 2025 22:24:34.989090919 CEST3418423192.168.2.1427.223.165.32
              Apr 2, 2025 22:24:34.989093065 CEST3418423192.168.2.14104.129.211.132
              Apr 2, 2025 22:24:34.989092112 CEST3418423192.168.2.14200.81.171.90
              Apr 2, 2025 22:24:34.989093065 CEST3418423192.168.2.1435.114.176.95
              Apr 2, 2025 22:24:34.989092112 CEST3418423192.168.2.145.96.127.71
              Apr 2, 2025 22:24:34.989092112 CEST3418423192.168.2.14124.2.78.61
              Apr 2, 2025 22:24:34.989181042 CEST3418423192.168.2.148.191.7.239
              Apr 2, 2025 22:24:34.989181042 CEST3418423192.168.2.14240.2.82.8
              Apr 2, 2025 22:24:34.989181042 CEST3418423192.168.2.1443.74.204.152
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.14220.185.200.195
              Apr 2, 2025 22:24:34.989185095 CEST3418423192.168.2.14120.177.165.157
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.1460.128.154.177
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.14103.152.211.164
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.14158.165.57.216
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.1440.208.94.55
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.14159.106.68.26
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.1461.244.161.82
              Apr 2, 2025 22:24:34.989183903 CEST3418423192.168.2.1473.232.80.111
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1474.227.235.173
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1479.203.223.184
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1442.246.170.60
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.14140.250.174.248
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1467.165.242.168
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.14118.16.95.155
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1493.125.176.71
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.1424.101.55.27
              Apr 2, 2025 22:24:34.989186049 CEST3418423192.168.2.14157.249.255.153
              Apr 2, 2025 22:24:34.989206076 CEST3418423192.168.2.14163.54.251.150
              Apr 2, 2025 22:24:34.989206076 CEST3418423192.168.2.14163.242.82.230
              Apr 2, 2025 22:24:34.989207029 CEST3418423192.168.2.1438.190.133.125
              Apr 2, 2025 22:24:34.989207029 CEST3418423192.168.2.1483.132.83.80
              Apr 2, 2025 22:24:34.989223003 CEST3418423192.168.2.1479.171.7.82
              Apr 2, 2025 22:24:34.989242077 CEST3418423192.168.2.1474.237.143.51
              Apr 2, 2025 22:24:34.989243031 CEST3418423192.168.2.1498.185.118.65
              Apr 2, 2025 22:24:34.989247084 CEST3418423192.168.2.1487.211.136.44
              Apr 2, 2025 22:24:34.989247084 CEST3418423192.168.2.14223.173.122.227
              Apr 2, 2025 22:24:34.989247084 CEST3418423192.168.2.14142.219.194.41
              Apr 2, 2025 22:24:34.989248991 CEST3418423192.168.2.14121.75.136.5
              Apr 2, 2025 22:24:34.989248991 CEST3418423192.168.2.14251.38.164.91
              Apr 2, 2025 22:24:34.989253044 CEST3418423192.168.2.14102.130.173.129
              Apr 2, 2025 22:24:34.989253044 CEST3418423192.168.2.1465.157.60.190
              Apr 2, 2025 22:24:34.989253044 CEST3418423192.168.2.1497.12.10.126
              Apr 2, 2025 22:24:34.989253044 CEST3418423192.168.2.14104.124.57.69
              Apr 2, 2025 22:24:34.989289999 CEST3418423192.168.2.14253.79.109.209
              Apr 2, 2025 22:24:34.989306927 CEST3418423192.168.2.14205.152.223.117
              Apr 2, 2025 22:24:34.989306927 CEST3418423192.168.2.14255.152.202.42
              Apr 2, 2025 22:24:34.989346981 CEST3418423192.168.2.14195.248.50.184
              Apr 2, 2025 22:24:34.989346981 CEST3418423192.168.2.1469.196.99.215
              Apr 2, 2025 22:24:34.989353895 CEST3418423192.168.2.14136.49.55.245
              Apr 2, 2025 22:24:34.989353895 CEST3418423192.168.2.1451.1.113.118
              Apr 2, 2025 22:24:34.989357948 CEST3418423192.168.2.1489.16.223.134
              Apr 2, 2025 22:24:34.989427090 CEST3418423192.168.2.14219.176.170.74
              Apr 2, 2025 22:24:34.989427090 CEST3418423192.168.2.14117.104.174.131
              Apr 2, 2025 22:24:34.989430904 CEST3418423192.168.2.14101.192.52.138
              Apr 2, 2025 22:24:34.989433050 CEST3418423192.168.2.1471.16.187.147
              Apr 2, 2025 22:24:34.989433050 CEST3418423192.168.2.14218.209.251.79
              Apr 2, 2025 22:24:34.989438057 CEST3418423192.168.2.14203.95.247.225
              Apr 2, 2025 22:24:34.989471912 CEST3418423192.168.2.14117.81.30.100
              Apr 2, 2025 22:24:34.989473104 CEST3418423192.168.2.14190.159.44.41
              Apr 2, 2025 22:24:34.989471912 CEST3418423192.168.2.14171.138.128.64
              Apr 2, 2025 22:24:34.989486933 CEST3418423192.168.2.148.106.152.75
              Apr 2, 2025 22:24:34.989490032 CEST3418423192.168.2.14170.101.145.220
              Apr 2, 2025 22:24:34.989490032 CEST3418423192.168.2.14113.101.249.220
              Apr 2, 2025 22:24:34.989566088 CEST3418423192.168.2.1466.199.102.72
              Apr 2, 2025 22:24:34.989566088 CEST3418423192.168.2.14190.145.236.199
              Apr 2, 2025 22:24:34.989584923 CEST3418423192.168.2.1446.31.134.11
              Apr 2, 2025 22:24:34.989593983 CEST3418423192.168.2.14248.8.81.53
              Apr 2, 2025 22:24:34.989604950 CEST3418423192.168.2.14112.132.48.95
              Apr 2, 2025 22:24:34.989646912 CEST3418423192.168.2.14206.173.209.236
              Apr 2, 2025 22:24:34.989686012 CEST3418423192.168.2.1460.211.3.59
              Apr 2, 2025 22:24:34.989689112 CEST3418423192.168.2.14107.115.104.247
              Apr 2, 2025 22:24:34.989696980 CEST3418423192.168.2.1474.30.219.11
              Apr 2, 2025 22:24:34.989743948 CEST3418423192.168.2.1457.161.210.56
              Apr 2, 2025 22:24:34.989797115 CEST3418423192.168.2.14105.156.162.146
              Apr 2, 2025 22:24:34.989799023 CEST3418423192.168.2.1460.27.163.68
              Apr 2, 2025 22:24:34.989799976 CEST3418423192.168.2.14124.40.76.192
              Apr 2, 2025 22:24:34.989800930 CEST3418423192.168.2.14171.45.78.106
              Apr 2, 2025 22:24:34.989799976 CEST3418423192.168.2.14121.202.70.80
              Apr 2, 2025 22:24:34.989799976 CEST3418423192.168.2.14104.222.116.8
              Apr 2, 2025 22:24:34.989803076 CEST3418423192.168.2.1461.23.78.37
              Apr 2, 2025 22:24:34.989804983 CEST3418423192.168.2.14163.191.202.165
              Apr 2, 2025 22:24:34.989811897 CEST3418423192.168.2.1459.143.226.192
              Apr 2, 2025 22:24:34.989824057 CEST3418423192.168.2.14192.203.112.122
              Apr 2, 2025 22:24:34.989861965 CEST3418423192.168.2.141.172.140.63
              Apr 2, 2025 22:24:34.989861965 CEST3418423192.168.2.1488.118.141.243
              Apr 2, 2025 22:24:34.989907026 CEST3418423192.168.2.14102.2.130.126
              Apr 2, 2025 22:24:34.989907980 CEST3418423192.168.2.145.13.28.21
              Apr 2, 2025 22:24:34.989907980 CEST3418423192.168.2.14255.211.232.205
              Apr 2, 2025 22:24:34.989916086 CEST3418423192.168.2.1490.72.210.171
              Apr 2, 2025 22:24:34.989916086 CEST3418423192.168.2.1477.124.214.150
              Apr 2, 2025 22:24:34.989916086 CEST3418423192.168.2.1445.234.194.94
              Apr 2, 2025 22:24:34.989916086 CEST3418423192.168.2.14147.24.149.242
              Apr 2, 2025 22:24:34.989916086 CEST3418423192.168.2.1488.182.216.194
              Apr 2, 2025 22:24:34.989917994 CEST3418423192.168.2.1440.255.151.50
              Apr 2, 2025 22:24:34.990010977 CEST3418423192.168.2.14124.249.212.212
              Apr 2, 2025 22:24:34.990022898 CEST3418423192.168.2.14188.229.80.22
              Apr 2, 2025 22:24:34.990044117 CEST3418423192.168.2.14150.137.202.91
              Apr 2, 2025 22:24:34.990065098 CEST3418423192.168.2.14139.12.6.57
              Apr 2, 2025 22:24:34.990075111 CEST3418423192.168.2.14152.168.102.203
              Apr 2, 2025 22:24:34.990097046 CEST3418423192.168.2.14194.170.102.137
              Apr 2, 2025 22:24:34.990108013 CEST3418423192.168.2.1485.223.29.183
              Apr 2, 2025 22:24:34.990174055 CEST3418423192.168.2.14200.174.19.99
              Apr 2, 2025 22:24:34.990175009 CEST3418423192.168.2.14182.5.46.4
              Apr 2, 2025 22:24:34.990179062 CEST3418423192.168.2.14254.53.239.133
              Apr 2, 2025 22:24:34.990196943 CEST3418423192.168.2.14198.4.112.162
              Apr 2, 2025 22:24:34.990196943 CEST3418423192.168.2.1484.172.230.1
              Apr 2, 2025 22:24:34.990228891 CEST3418423192.168.2.14213.162.97.211
              Apr 2, 2025 22:24:34.990228891 CEST3418423192.168.2.1444.82.115.203
              Apr 2, 2025 22:24:34.990228891 CEST3418423192.168.2.14135.154.218.2
              Apr 2, 2025 22:24:35.912062883 CEST573567887192.168.2.14213.209.129.92
              Apr 2, 2025 22:24:35.991708040 CEST3418423192.168.2.14102.29.164.214
              Apr 2, 2025 22:24:35.991725922 CEST3418423192.168.2.1437.54.15.32
              Apr 2, 2025 22:24:35.991725922 CEST3418423192.168.2.14196.41.107.35
              Apr 2, 2025 22:24:35.991725922 CEST3418423192.168.2.14252.51.26.19
              Apr 2, 2025 22:24:35.991727114 CEST3418423192.168.2.1457.254.142.120
              Apr 2, 2025 22:24:35.991755009 CEST3418423192.168.2.1496.134.21.69
              Apr 2, 2025 22:24:35.991755009 CEST3418423192.168.2.1466.253.222.14
              Apr 2, 2025 22:24:35.991766930 CEST3418423192.168.2.14249.109.56.6
              Apr 2, 2025 22:24:35.991767883 CEST3418423192.168.2.1431.37.161.189
              Apr 2, 2025 22:24:35.991775036 CEST3418423192.168.2.14147.52.123.27
              Apr 2, 2025 22:24:35.991803885 CEST3418423192.168.2.141.240.32.236
              Apr 2, 2025 22:24:35.991811037 CEST3418423192.168.2.1447.97.62.117
              Apr 2, 2025 22:24:35.991811991 CEST3418423192.168.2.14197.58.220.38
              Apr 2, 2025 22:24:35.991816044 CEST3418423192.168.2.1496.52.8.100
              Apr 2, 2025 22:24:35.991815090 CEST3418423192.168.2.1490.218.66.216
              Apr 2, 2025 22:24:35.991830111 CEST3418423192.168.2.14158.136.215.29
              Apr 2, 2025 22:24:35.991836071 CEST3418423192.168.2.14139.253.175.238
              Apr 2, 2025 22:24:35.991839886 CEST3418423192.168.2.1497.56.202.86
              Apr 2, 2025 22:24:35.991839886 CEST3418423192.168.2.1471.21.45.7
              Apr 2, 2025 22:24:35.991839886 CEST3418423192.168.2.14244.110.58.231
              Apr 2, 2025 22:24:35.991839886 CEST3418423192.168.2.145.40.24.168
              Apr 2, 2025 22:24:35.991857052 CEST3418423192.168.2.1490.176.174.38
              Apr 2, 2025 22:24:35.991861105 CEST3418423192.168.2.1472.141.0.12
              Apr 2, 2025 22:24:35.991877079 CEST3418423192.168.2.14184.108.179.80
              Apr 2, 2025 22:24:35.991894007 CEST3418423192.168.2.1491.196.93.239
              Apr 2, 2025 22:24:35.991914988 CEST3418423192.168.2.14195.98.2.103
              Apr 2, 2025 22:24:35.991915941 CEST3418423192.168.2.14221.10.115.12
              Apr 2, 2025 22:24:35.991967916 CEST3418423192.168.2.14185.68.9.137
              Apr 2, 2025 22:24:35.991978884 CEST3418423192.168.2.1439.23.78.169
              Apr 2, 2025 22:24:35.992058992 CEST3418423192.168.2.1496.85.9.5
              Apr 2, 2025 22:24:35.992075920 CEST3418423192.168.2.1487.122.115.46
              Apr 2, 2025 22:24:35.992120028 CEST3418423192.168.2.14244.78.28.232
              Apr 2, 2025 22:24:35.992120981 CEST3418423192.168.2.14213.209.152.102
              Apr 2, 2025 22:24:35.992156982 CEST3418423192.168.2.14209.64.4.17
              Apr 2, 2025 22:24:35.992173910 CEST3418423192.168.2.14122.22.251.4
              Apr 2, 2025 22:24:35.992181063 CEST3418423192.168.2.14150.116.175.2
              Apr 2, 2025 22:24:35.992198944 CEST3418423192.168.2.14118.247.238.129
              Apr 2, 2025 22:24:35.992198944 CEST3418423192.168.2.14154.130.105.255
              Apr 2, 2025 22:24:35.992198944 CEST3418423192.168.2.14117.90.220.5
              Apr 2, 2025 22:24:35.992207050 CEST3418423192.168.2.14123.159.186.146
              Apr 2, 2025 22:24:35.992207050 CEST3418423192.168.2.1438.137.250.234
              Apr 2, 2025 22:24:35.992208004 CEST3418423192.168.2.14118.204.55.184
              Apr 2, 2025 22:24:35.992221117 CEST3418423192.168.2.1470.120.51.187
              Apr 2, 2025 22:24:35.992221117 CEST3418423192.168.2.14222.6.45.211
              Apr 2, 2025 22:24:35.992221117 CEST3418423192.168.2.1437.85.5.227
              Apr 2, 2025 22:24:35.992269993 CEST3418423192.168.2.14121.152.37.13
              Apr 2, 2025 22:24:35.992273092 CEST3418423192.168.2.14108.47.29.141
              Apr 2, 2025 22:24:35.992295980 CEST3418423192.168.2.14156.86.230.205
              Apr 2, 2025 22:24:35.992295980 CEST3418423192.168.2.14189.139.133.92
              Apr 2, 2025 22:24:35.992327929 CEST3418423192.168.2.1488.6.128.25
              Apr 2, 2025 22:24:35.992331028 CEST3418423192.168.2.14121.236.141.141
              Apr 2, 2025 22:24:35.992333889 CEST3418423192.168.2.14242.249.98.137
              Apr 2, 2025 22:24:35.992348909 CEST3418423192.168.2.1424.90.105.180
              Apr 2, 2025 22:24:35.992358923 CEST3418423192.168.2.1492.128.180.246
              Apr 2, 2025 22:24:35.992373943 CEST3418423192.168.2.14149.43.71.114
              Apr 2, 2025 22:24:35.992400885 CEST3418423192.168.2.14136.160.205.230
              Apr 2, 2025 22:24:35.992427111 CEST3418423192.168.2.14220.207.56.114
              Apr 2, 2025 22:24:35.992427111 CEST3418423192.168.2.14190.168.87.181
              Apr 2, 2025 22:24:35.992427111 CEST3418423192.168.2.14221.138.97.243
              Apr 2, 2025 22:24:35.992427111 CEST3418423192.168.2.1470.7.117.145
              Apr 2, 2025 22:24:35.992436886 CEST3418423192.168.2.14200.60.158.11
              Apr 2, 2025 22:24:35.992463112 CEST3418423192.168.2.14113.148.24.41
              Apr 2, 2025 22:24:35.992475986 CEST3418423192.168.2.14157.67.247.142
              Apr 2, 2025 22:24:35.992476940 CEST3418423192.168.2.1481.53.174.100
              Apr 2, 2025 22:24:35.992502928 CEST3418423192.168.2.14103.148.41.26
              Apr 2, 2025 22:24:35.992506027 CEST3418423192.168.2.14149.165.71.202
              Apr 2, 2025 22:24:35.992513895 CEST3418423192.168.2.14178.197.65.212
              Apr 2, 2025 22:24:35.992513895 CEST3418423192.168.2.14217.169.10.195
              Apr 2, 2025 22:24:35.992517948 CEST3418423192.168.2.14197.187.251.238
              Apr 2, 2025 22:24:35.992517948 CEST3418423192.168.2.14198.91.216.76
              Apr 2, 2025 22:24:35.992517948 CEST3418423192.168.2.1459.124.182.14
              Apr 2, 2025 22:24:35.992518902 CEST3418423192.168.2.1496.5.204.168
              Apr 2, 2025 22:24:35.992518902 CEST3418423192.168.2.14142.194.4.31
              Apr 2, 2025 22:24:35.992542982 CEST3418423192.168.2.14165.217.252.242
              Apr 2, 2025 22:24:35.992544889 CEST3418423192.168.2.14200.140.141.245
              Apr 2, 2025 22:24:35.992573023 CEST3418423192.168.2.14193.176.74.69
              Apr 2, 2025 22:24:35.992595911 CEST3418423192.168.2.1499.247.107.3
              Apr 2, 2025 22:24:35.992599010 CEST3418423192.168.2.1424.196.205.49
              Apr 2, 2025 22:24:35.992599010 CEST3418423192.168.2.14183.117.83.57
              Apr 2, 2025 22:24:35.992603064 CEST3418423192.168.2.1437.154.206.240
              Apr 2, 2025 22:24:35.992630959 CEST3418423192.168.2.1492.0.118.123
              Apr 2, 2025 22:24:35.992636919 CEST3418423192.168.2.14108.111.95.70
              Apr 2, 2025 22:24:35.992660046 CEST3418423192.168.2.1414.123.47.230
              Apr 2, 2025 22:24:35.992674112 CEST3418423192.168.2.14185.151.14.31
              Apr 2, 2025 22:24:35.992674112 CEST3418423192.168.2.14126.96.214.209
              Apr 2, 2025 22:24:35.992680073 CEST3418423192.168.2.14116.179.146.9
              Apr 2, 2025 22:24:35.992683887 CEST3418423192.168.2.14211.108.59.165
              Apr 2, 2025 22:24:35.992691994 CEST3418423192.168.2.14118.119.193.27
              Apr 2, 2025 22:24:35.992701054 CEST3418423192.168.2.14115.148.234.195
              Apr 2, 2025 22:24:35.992701054 CEST3418423192.168.2.1443.240.117.120
              Apr 2, 2025 22:24:35.992724895 CEST3418423192.168.2.1487.87.128.76
              Apr 2, 2025 22:24:35.992733002 CEST3418423192.168.2.14158.83.255.41
              Apr 2, 2025 22:24:35.992757082 CEST3418423192.168.2.1477.6.121.47
              Apr 2, 2025 22:24:35.992764950 CEST3418423192.168.2.14223.210.187.18
              Apr 2, 2025 22:24:35.992767096 CEST3418423192.168.2.14149.229.188.251
              Apr 2, 2025 22:24:35.992779016 CEST3418423192.168.2.14206.203.212.200
              Apr 2, 2025 22:24:35.992780924 CEST3418423192.168.2.1419.111.203.78
              Apr 2, 2025 22:24:35.992794037 CEST3418423192.168.2.1471.241.128.118
              Apr 2, 2025 22:24:35.992798090 CEST3418423192.168.2.14206.26.76.12
              Apr 2, 2025 22:24:35.992808104 CEST3418423192.168.2.14166.92.120.107
              Apr 2, 2025 22:24:35.992830038 CEST3418423192.168.2.1469.63.62.79
              Apr 2, 2025 22:24:35.992841005 CEST3418423192.168.2.14160.210.178.236
              Apr 2, 2025 22:24:35.992854118 CEST3418423192.168.2.14192.76.193.44
              Apr 2, 2025 22:24:35.992862940 CEST3418423192.168.2.14101.86.70.130
              Apr 2, 2025 22:24:35.992870092 CEST3418423192.168.2.14198.196.27.170
              Apr 2, 2025 22:24:35.992892981 CEST3418423192.168.2.1487.52.173.128
              Apr 2, 2025 22:24:35.992902994 CEST3418423192.168.2.14220.210.142.186
              Apr 2, 2025 22:24:35.992938042 CEST3418423192.168.2.14176.239.72.227
              Apr 2, 2025 22:24:35.992938042 CEST3418423192.168.2.14245.202.156.246
              Apr 2, 2025 22:24:35.992945910 CEST3418423192.168.2.1468.129.31.103
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14115.40.37.114
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14212.141.19.151
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14120.239.63.81
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14149.140.255.109
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14151.12.243.46
              Apr 2, 2025 22:24:35.992966890 CEST3418423192.168.2.14166.51.36.73
              Apr 2, 2025 22:24:35.992985010 CEST3418423192.168.2.14243.84.16.103
              Apr 2, 2025 22:24:35.992985010 CEST3418423192.168.2.14222.113.246.182
              Apr 2, 2025 22:24:35.993004084 CEST3418423192.168.2.14210.57.116.252
              Apr 2, 2025 22:24:35.993015051 CEST3418423192.168.2.14144.67.31.132
              Apr 2, 2025 22:24:35.993015051 CEST3418423192.168.2.14219.132.181.110
              Apr 2, 2025 22:24:35.993030071 CEST3418423192.168.2.1475.116.251.242
              Apr 2, 2025 22:24:35.993035078 CEST3418423192.168.2.14192.10.117.11
              Apr 2, 2025 22:24:35.993062019 CEST3418423192.168.2.1484.244.215.196
              Apr 2, 2025 22:24:35.993087053 CEST3418423192.168.2.1434.170.103.36
              Apr 2, 2025 22:24:35.993098974 CEST3418423192.168.2.1438.164.143.236
              Apr 2, 2025 22:24:35.993110895 CEST3418423192.168.2.14107.31.4.225
              Apr 2, 2025 22:24:35.993117094 CEST3418423192.168.2.14163.156.239.6
              Apr 2, 2025 22:24:35.993165970 CEST3418423192.168.2.14244.65.99.111
              Apr 2, 2025 22:24:35.993166924 CEST3418423192.168.2.14152.119.89.146
              Apr 2, 2025 22:24:35.993166924 CEST3418423192.168.2.14126.97.203.164
              Apr 2, 2025 22:24:35.993166924 CEST3418423192.168.2.14204.3.34.182
              Apr 2, 2025 22:24:35.993175030 CEST3418423192.168.2.14175.137.252.5
              Apr 2, 2025 22:24:35.993176937 CEST3418423192.168.2.14181.50.36.104
              Apr 2, 2025 22:24:35.993180990 CEST3418423192.168.2.14245.161.33.113
              Apr 2, 2025 22:24:35.993194103 CEST3418423192.168.2.1484.71.240.118
              Apr 2, 2025 22:24:35.993197918 CEST3418423192.168.2.14101.150.184.155
              Apr 2, 2025 22:24:35.993199110 CEST3418423192.168.2.14254.61.45.128
              Apr 2, 2025 22:24:35.993232965 CEST3418423192.168.2.1463.239.143.45
              Apr 2, 2025 22:24:35.993242979 CEST3418423192.168.2.1469.58.251.100
              Apr 2, 2025 22:24:35.993267059 CEST3418423192.168.2.14172.6.83.22
              Apr 2, 2025 22:24:35.993268013 CEST3418423192.168.2.1493.235.62.48
              Apr 2, 2025 22:24:35.993283987 CEST3418423192.168.2.141.137.37.62
              Apr 2, 2025 22:24:35.993307114 CEST3418423192.168.2.14249.146.42.228
              Apr 2, 2025 22:24:35.993307114 CEST3418423192.168.2.14245.236.227.189
              Apr 2, 2025 22:24:35.993323088 CEST3418423192.168.2.14123.41.176.232
              Apr 2, 2025 22:24:35.993336916 CEST3418423192.168.2.14108.115.98.248
              Apr 2, 2025 22:24:35.993405104 CEST3418423192.168.2.14142.183.37.52
              Apr 2, 2025 22:24:35.993405104 CEST3418423192.168.2.1476.190.186.165
              Apr 2, 2025 22:24:36.136121988 CEST788757356213.209.129.92192.168.2.14
              TimestampSource IPDest IPChecksumCodeType
              Apr 2, 2025 22:25:02.763820887 CEST192.168.2.14192.168.2.1827a(Port unreachable)Destination Unreachable
              Apr 2, 2025 22:26:22.781075001 CEST192.168.2.14192.168.2.1827a(Port unreachable)Destination Unreachable

              System Behavior

              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:/tmp/xd.sh4.elf
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities

              System Activities

              Network Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              File Activities

              Process Activities


              General

              Start time (UTC):20:24:34
              Start date (UTC):02/04/2025
              Path:/tmp/xd.sh4.elf
              Arguments:-
              File size:4139976 bytes
              MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/bin/journalctl
              Arguments:/usr/bin/journalctl --smart-relinquish-var
              File size:80120 bytes
              MD5 hash:bf3a987344f3bacafc44efd882abda8b

              File Activities

              Process Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:24:46
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/sbin/gdm3
              Arguments:-
              File size:453296 bytes
              MD5 hash:2492e2d8d34f9377e3e530a61a15674f

              Process Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/etc/gdm3/PrimeOff/Default
              Arguments:/etc/gdm3/PrimeOff/Default
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              File Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              Process Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/bin/pulseaudio
              Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
              File size:100832 bytes
              MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

              File Activities

              Process Activities

              System Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:01
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:02
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:02
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):20:25:38
              Start date (UTC):02/04/2025
              Path:/usr/libexec/gvfsd-fuse
              Arguments:-
              File size:47632 bytes
              MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

              Process Activities


              General

              Start time (UTC):20:25:38
              Start date (UTC):02/04/2025
              Path:/bin/fusermount
              Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
              File size:39144 bytes
              MD5 hash:576a1b135c82bdcbc97a91acea900566

              File Activities

              Network Activities


              General

              Start time (UTC):20:27:08
              Start date (UTC):02/04/2025
              Path:/usr/lib/systemd/systemd (deleted)
              Arguments:-
              File size:1620224 bytes
              MD5 hash:9b2bec7092a40488108543f9334aab75

              File Activities

              Process Activities

              Network Activities