Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf

Overview

General Information

Sample name:SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
Analysis ID:1502371
MD5:d29c38b1faeef29c417921f241c77721
SHA1:3e0a81b62ef69079aa8a5df756e3325c06b1c910
SHA256:7e60f2d39e10c4d16f1f7d460a4ab29a73bf6d0b62ab16eef1ece6f1b6bb1f63
Tags:elf
Infos:

Detection

Mirai
Score:68
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502371
Start date and time:2024-09-01 01:50:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@2/0

Runtime Messages

Command:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
PID:5427
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x16284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x162ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x162c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x162d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x162e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x162fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1634c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1639c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x163b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x163c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x163d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x163ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x16414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x167dc:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x16284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x162ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x162c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x162d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x162e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x162fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1634c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1639c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x163b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x163c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x163d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x163ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x16414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      Click to see the 2 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfReversingLabs: Detection: 39%
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfVirustotal: Detection: 33%Perma Link
      Source: global trafficTCP traffic: 192.168.2.13:40412 -> 94.156.71.225:3778
      Source: global trafficTCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfString found in binary or memory: http://upx.sf.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 48202 -> 443

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: LOAD without section mappingsProgram segment: 0x8000
      Source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf PID: 5427, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@2/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/5268/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/230/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/110/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/231/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/111/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/232/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/112/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/233/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/113/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/234/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/114/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/235/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/115/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/236/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/116/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/237/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/117/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/238/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/118/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/239/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/119/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/914/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/10/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/917/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/11/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/12/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/13/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/14/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/15/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/16/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/17/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/18/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/19/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/240/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3095/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/120/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/241/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/121/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/242/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/122/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/243/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/2/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/123/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/244/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/124/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/245/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1588/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/125/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/4/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/246/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/126/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/5/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/247/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/127/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/6/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/248/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/128/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/7/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/249/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/129/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/8/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/800/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/9/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1906/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/802/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/803/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3646/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/20/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/21/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/22/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/23/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/24/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/25/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/26/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/27/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/28/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3661/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/29/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3420/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1482/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/490/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1480/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/250/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/371/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/130/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/251/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/131/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/252/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/132/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/253/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/254/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1238/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/134/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/255/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/256/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/257/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/378/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/3413/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/258/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/259/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/1475/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/936/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5429)File opened: /proc/30/statusJump to behavior
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfSubmission file: segment LOAD with 7.9709 entropy (max. 8.0)
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf (PID: 5427)Queries kernel information via 'uname': Jump to behavior
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5427.1.000055fe8d643000.000055fe8d7f1000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5432.1.000055fe8d643000.000055fe8d7f1000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5427.1.000055fe8d643000.000055fe8d7f1000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5432.1.000055fe8d643000.000055fe8d7f1000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5427.1.00007ffc86317000.00007ffc86338000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5432.1.00007ffc86317000.00007ffc86338000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
      Source: SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5427.1.00007ffc86317000.00007ffc86338000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf, 5432.1.00007ffc86317000.00007ffc86338000.rw-.sdmpBinary or memory string: Yx86_64/usr/bin/qemu-arm/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5427.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5432.1.00007f24c4017000.00007f24c4030000.r-x.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
      Application Layer Protocol      		Traffic DuplicationData Destruction

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf39%ReversingLabsLinux.Trojan.Mirai
      SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf33%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      daisy.ubuntu.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://upx.sf.net0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.25
      		truefalseunknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netSecuriteInfo.com.Linux.Siggen.9999.18582.17843.elftrue
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      94.156.71.225
      		unknownBulgaria
      		31420TERASYST-ASBGfalse
      185.125.190.26
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      94.156.71.225SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
        185.125.190.26bot.sh4.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
          SecuriteInfo.com.ELF.Flooder-TB.29079.9826.elfGet hashmaliciousUnknownBrowse
            XDY9SmIKRN.elfGet hashmaliciousUnknownBrowse
              criptonize.i486.elfGet hashmaliciousUnknownBrowse
                arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                  hmips.elfGet hashmaliciousUnknownBrowse
                    bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                      bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                        1CbMtpPRrp.elfGet hashmaliciousUnknownBrowse
                          5W1oMx0mvDdA5qxT1IJjtPL48vEFbOM1gh.elfGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            daisy.ubuntu.combot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.20093.10545.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            SecuriteInfo.com.ELF.Flooder-TB.29079.9826.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.25
                            sora.arm7.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            sora.m68k.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            sora.ppc.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.25
                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.13028.25214.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.11438.19201.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 162.213.35.24

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CANONICAL-ASGBSecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            bot.sh4.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 185.125.190.26
                            bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            arm5.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            SecuriteInfo.com.ELF.Mirai-CTV.23934.12709.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            aisuru.arm7.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            botnt.arm7.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            TERASYST-ASBGSecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                            • 94.156.71.225
                            SecuriteInfo.com.ELF.Agent-CMS.31992.20858.elfGet hashmaliciousUnknownBrowse
                            • 94.156.69.214
                            6I8BO0tIYE.exeGet hashmaliciousSmokeLoaderBrowse
                            • 94.156.69.247
                            Customer-orderlist-Bestellung0940670009988208.exeGet hashmaliciousRedLineBrowse
                            • 94.156.65.203
                            best.x86.elfGet hashmaliciousUnknownBrowse
                            • 94.156.69.188
                            1724226243b9348f3b411af582580bd6a603a5ce20b028cbcc95a10a9590dca310f3191fd6655.dat-decoded.exeGet hashmaliciousRemcosBrowse
                            • 94.156.65.159
                            PurchaseOrder849393.vbsGet hashmaliciousRemcosBrowse
                            • 94.156.65.159
                            qaAwmfSJCf.exeGet hashmaliciousAsyncRATBrowse
                            • 94.156.65.159
                            file.exeGet hashmaliciousGo Injector, Stealc, VidarBrowse
                            • 94.156.68.106
                            CONTRACT TERMS 2024 RENEWAL .doc.exeGet hashmaliciousXWormBrowse
                            • 94.156.68.149

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            No created / dropped files found

                            Static File Info

                            General

                            File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                            Entropy (8bit):7.968763416434501
                            TrID:
                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                            File name:SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            File size:42'056 bytes
                            MD5:d29c38b1faeef29c417921f241c77721
                            SHA1:3e0a81b62ef69079aa8a5df756e3325c06b1c910
                            SHA256:7e60f2d39e10c4d16f1f7d460a4ab29a73bf6d0b62ab16eef1ece6f1b6bb1f63
                            SHA512:36fa94c0fc827ea464c6b5b362ec9111235e1ca8988befd5990231060b692b0500c63780fceb557b23d6c6ff917182527a2c07f0314d5cf639cfa6ba926e0b28
                            SSDEEP:768:GoiEyv/gqbYKMp6MG6I/y0rEdSqT5VlKScZbSUR6iTCOD9q3UELlef:AEggipk6MG40r6S0VKS9UR6iTCOCLla
                            TLSH:BC13F1B2D249A321E56125FB496982C3B2294BBD127C36F311E68AAEC5670D31BF5309
                            File Content Preview:.ELF..............(..... ...4...........4. ...(.....................................................................Q.td............................>. NUPX!........@...@.......]..........?.E.h;....#..$.......Q...U3b......S..."...y.qO..wY.~)E.E.....A..+. .

                            Static ELF Info

                            ELF header

                            Class:ELF32
                            Data:2's complement, little endian
                            Version:1 (current)
                            Machine:ARM
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - Linux
                            ABI Version:0
                            Entry Point Address:0x11120
                            Flags:0x4000002
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:0
                            Section Header Size:40
                            Number of Section Headers:0
                            Header String Table Index:0

                            Program Segments

                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x80000x80000xa30d0xa30d7.97090x5R E0x8000
                            LOAD0xdb80x28db80x28db80x00x00.00000x6RW 0x8000
                            GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 1, 2024 01:50:50.022119045 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.027074099 CEST37784041294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.027124882 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.044814110 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.049614906 CEST37784041294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.049657106 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.054390907 CEST37784041294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.687489986 CEST37784041294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.687660933 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.687799931 CEST404123778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.688230038 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.693097115 CEST37784041494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.693140030 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.693810940 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.698575974 CEST37784041494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:50.698621988 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:50.703340054 CEST37784041494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.304441929 CEST37784041494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.304543018 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.304590940 CEST404143778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.305047989 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.309870005 CEST37784041694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.309911966 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.310693979 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.315434933 CEST37784041694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.315471888 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.320230961 CEST37784041694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.916389942 CEST37784041694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.917725086 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.917766094 CEST404163778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.933749914 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:51.938690901 CEST37784041894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:51.941508055 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.025671959 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.030461073 CEST37784041894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:52.030524969 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.036212921 CEST37784041894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:52.533101082 CEST37784041894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:52.533344030 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.533344030 CEST404183778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.533751965 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.539221048 CEST37784042094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:52.539263010 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.539814949 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.545082092 CEST37784042094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:52.545121908 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:52.549912930 CEST37784042094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.158724070 CEST37784042094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.158926010 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.158926010 CEST404203778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.159338951 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.164160967 CEST37784042294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.164235115 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.165044069 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.169851065 CEST37784042294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.169897079 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.174717903 CEST37784042294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.764731884 CEST37784042294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.764851093 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.764878035 CEST404223778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.765326023 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.770097971 CEST37784042494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.770154953 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.770716906 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.775670052 CEST37784042494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:53.775707006 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:53.780462980 CEST37784042494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.385627985 CEST37784042494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.385735035 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.385871887 CEST404243778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.386338949 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.391180038 CEST37784042694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.391257048 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.391782999 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.396586895 CEST37784042694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.396636963 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.401423931 CEST37784042694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.991524935 CEST37784042694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.991646051 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.991667986 CEST404263778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.992100954 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.996846914 CEST37784042894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:54.996953011 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:54.997558117 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.002584934 CEST37784042894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:55.002656937 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.007417917 CEST37784042894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:55.590805054 CEST37784042894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:55.590914011 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.590943098 CEST404283778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.591399908 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.596143007 CEST37784043094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:55.596200943 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.596836090 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.601576090 CEST37784043094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:55.601622105 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:55.606355906 CEST37784043094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.187359095 CEST37784043094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.189505100 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.189505100 CEST404303778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.197628975 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.202410936 CEST37784043294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.205391884 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.213960886 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.218821049 CEST37784043294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.221421957 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.226146936 CEST37784043294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.859585047 CEST37784043294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.859749079 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.859750032 CEST404323778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.860090971 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.864866972 CEST37784043494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.864936113 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.865565062 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.870275021 CEST37784043494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:56.870318890 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:56.875055075 CEST37784043494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:57.470180988 CEST37784043494.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:57.470354080 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.470354080 CEST404343778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.470668077 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.475464106 CEST37784043694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:57.475508928 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.476037025 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.480756044 CEST37784043694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:57.480798960 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:57.485549927 CEST37784043694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.217432976 CEST37784043694.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.217595100 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.217595100 CEST404363778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.217933893 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.222760916 CEST37784043894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.222830057 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.223433971 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.228183985 CEST37784043894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.228225946 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.233242989 CEST37784043894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.828202963 CEST37784043894.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.828291893 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.828322887 CEST404383778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.828744888 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.833513975 CEST37784044094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.833570004 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.834126949 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.838830948 CEST37784044094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:58.838872910 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:58.843633890 CEST37784044094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:59.450614929 CEST37784044094.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:59.450742960 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.450768948 CEST404403778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.451222897 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.456625938 CEST37784044294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:59.456671000 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.457247019 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.462596893 CEST37784044294.156.71.225192.168.2.13
                            Sep 1, 2024 01:50:59.462637901 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:50:59.467418909 CEST37784044294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.307049036 CEST37784044294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.307184935 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.307184935 CEST404423778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.307425022 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.312140942 CEST37784044494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.312310934 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.312818050 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.317575932 CEST37784044494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.317636013 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.322417021 CEST37784044494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.939227104 CEST37784044494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.939630032 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.939630032 CEST404443778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.939950943 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.944745064 CEST37784044694.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.944788933 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.945319891 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.950076103 CEST37784044694.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:00.950133085 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:00.954843998 CEST37784044694.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:02.520349026 CEST48202443192.168.2.13185.125.190.26
                            Sep 1, 2024 01:51:03.135451078 CEST37784044694.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.135653973 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.135653973 CEST404463778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.135993958 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.141228914 CEST37784044894.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.141272068 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.141836882 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.146636963 CEST37784044894.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.146697998 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.151494980 CEST37784044894.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.758826017 CEST37784044894.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.759032011 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.759032011 CEST404483778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.759512901 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.764250040 CEST37784045094.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.764358044 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.765058041 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.769824982 CEST37784045094.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:03.769890070 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:03.774804115 CEST37784045094.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.374245882 CEST37784045094.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.374440908 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.374458075 CEST404503778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.374880075 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.379633904 CEST37784045294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.379682064 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.380238056 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.385042906 CEST37784045294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.385085106 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.389859915 CEST37784045294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.999181986 CEST37784045294.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:04.999358892 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.999404907 CEST404523778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:04.999820948 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:05.004933119 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:05.005053043 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:05.005654097 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:05.010457993 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:05.010538101 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:05.015311003 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:15.008322954 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:15.013180971 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:15.175362110 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:51:15.175415993 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:51:34.520371914 CEST48202443192.168.2.13185.125.190.26
                            Sep 1, 2024 01:52:15.235826015 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:52:15.241240978 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:52:15.590014935 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:52:15.590127945 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:53:15.648355007 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:53:15.653224945 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:53:15.815448999 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:53:15.815598965 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:54:15.872534990 CEST404543778192.168.2.1394.156.71.225
                            Sep 1, 2024 01:54:15.877355099 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:54:16.150029898 CEST37784045494.156.71.225192.168.2.13
                            Sep 1, 2024 01:54:16.150094986 CEST404543778192.168.2.1394.156.71.225

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 1, 2024 01:53:35.891242981 CEST3724353192.168.2.131.1.1.1
                            Sep 1, 2024 01:53:35.891303062 CEST3634253192.168.2.131.1.1.1
                            Sep 1, 2024 01:53:35.897948980 CEST53363421.1.1.1192.168.2.13
                            Sep 1, 2024 01:53:35.898863077 CEST53372431.1.1.1192.168.2.13

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 1, 2024 01:53:35.891242981 CEST192.168.2.131.1.1.10x9637Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                            Sep 1, 2024 01:53:35.891303062 CEST192.168.2.131.1.1.10xae40Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 1, 2024 01:53:35.898863077 CEST1.1.1.1192.168.2.130x9637No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                            Sep 1, 2024 01:53:35.898863077 CEST1.1.1.1192.168.2.130x9637No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                            System Behavior

                            General

                            Start time (UTC):23:50:49
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:50:49
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:50:49
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:50:54
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:00
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:05
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:11
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:16
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:21
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:26
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:31
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:36
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:41
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:46
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:51
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:51:57
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:02
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:07
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:12
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:17
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:22
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:27
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:32
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:37
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:42
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:47
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:52
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:52:57
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:02
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:07
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:12
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:17
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:22
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:27
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:32
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:37
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:42
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:47
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:52
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:53:57
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:54:02
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:54:07
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:54:12
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:54:17
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:54:22
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:50:49
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities


                            General

                            Start time (UTC):23:50:49
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.18582.17843.elf
                            Arguments:-
                            File size:4956856 bytes
                            MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                            Chronological Activities