Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf

Overview

General Information

Sample name:SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
Analysis ID:1502372
MD5:4de74a22ebb3b2008d93fdf898611bdb
SHA1:eb8c46d817f3fca933e91e289897789122b73a54
SHA256:728c84285231652ea1b50ed634d83ef0c6e60a78db8ce93a8ae578e21f677f7e
Tags:elf
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502372
Start date and time:2024-09-01 01:50:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 46s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@2/0

Runtime Messages

Command:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
PID:5487
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5489.1.0000000000400000.0000000000413000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5489.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x10840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1087c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x108a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x108b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x108cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x108e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x108f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1091c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1096c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10980:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10994:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x109a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x109bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x109d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5489.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x10da0:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    5489.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Mirai_564b8edaunknownunknown
    • 0x6092:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
    5487.1.0000000000400000.0000000000413000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      Click to see the 9 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfReversingLabs: Detection: 28%
      Source: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfVirustotal: Detection: 21%Perma Link
      Machine Learning detection for sample
      Source: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfJoe Sandbox ML: detected
      Source: global trafficTCP traffic: 192.168.2.14:39314 -> 94.156.71.225:3778
      Source: global trafficTCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: unknownTCP traffic detected without corresponding DNS query: 94.156.71.225
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfString found in binary or memory: http://upx.sf.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: LOAD without section mappingsProgram segment: 0x400000
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@2/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1583/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/2672/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/110/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/111/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/112/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/113/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/234/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1577/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/114/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/235/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/115/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/116/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/117/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/118/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/119/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/10/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/917/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/11/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/12/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/13/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/14/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/15/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/16/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/17/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/18/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/19/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1593/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/240/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/120/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3094/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/121/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/242/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3406/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/122/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/243/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/2/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/123/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/244/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1589/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/124/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/245/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1588/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/125/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/4/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/246/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3402/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/126/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/5/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/247/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/127/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/6/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/248/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/128/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/7/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/249/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/8/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/129/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/800/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/9/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/801/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/803/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/20/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/806/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/21/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/807/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/928/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/22/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/23/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/24/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/25/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/26/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/27/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/28/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/29/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3420/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/490/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/250/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/130/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/251/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/131/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/252/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/132/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/253/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/254/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/255/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/135/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/256/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1599/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/257/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/378/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/258/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/3412/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/259/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/30/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/35/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/1371/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/260/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/261/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/262/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/142/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/263/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/264/statusJump to behavior
      Source: /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf (PID: 5488)File opened: /proc/265/statusJump to behavior
      Source: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elfSubmission file: segment LOAD with 7.8929 entropy (max. 8.0)

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5489.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5487.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5487, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf PID: 5489, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		System Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
      Application Layer Protocol      		Traffic DuplicationData Destruction

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf29%ReversingLabsLinux.Backdoor.Mirai
      SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf21%VirustotalBrowse
      SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      daisy.ubuntu.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://upx.sf.net0%URL Reputationsafe
      http://upx.sf.net0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.25
      		truefalseunknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netSecuriteInfo.com.Linux.Siggen.9999.9304.22091.elftrue
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      94.156.71.225
      		unknownBulgaria
      		31420TERASYST-ASBGfalse
      185.125.190.26
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      94.156.71.225SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
        185.125.190.26bot.sh4.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
          SecuriteInfo.com.ELF.Flooder-TB.29079.9826.elfGet hashmaliciousUnknownBrowse
            XDY9SmIKRN.elfGet hashmaliciousUnknownBrowse
              criptonize.i486.elfGet hashmaliciousUnknownBrowse
                arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                  hmips.elfGet hashmaliciousUnknownBrowse
                    bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                      bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                        1CbMtpPRrp.elfGet hashmaliciousUnknownBrowse
                          5W1oMx0mvDdA5qxT1IJjtPL48vEFbOM1gh.elfGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            daisy.ubuntu.combot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.20093.10545.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            SecuriteInfo.com.ELF.Flooder-TB.29079.9826.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.25
                            sora.arm7.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            sora.m68k.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            sora.ppc.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.25
                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.13028.25214.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            SecuriteInfo.com.Linux.Siggen.9999.11438.19201.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            arm6.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 162.213.35.24

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CANONICAL-ASGBSecuriteInfo.com.Linux.Siggen.9999.27011.25101.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            bot.mpsl.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            bot.sh4.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 185.125.190.26
                            bot.mips.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            bot.m68k.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                            • 91.189.91.42
                            SecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            arm5.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            SecuriteInfo.com.ELF.Mirai-CTV.23934.12709.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            aisuru.arm7.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            botnt.arm7.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            TERASYST-ASBGSecuriteInfo.com.Linux.Siggen.9999.22319.26890.elfGet hashmaliciousMiraiBrowse
                            • 94.156.71.225
                            SecuriteInfo.com.ELF.Agent-CMS.31992.20858.elfGet hashmaliciousUnknownBrowse
                            • 94.156.69.214
                            6I8BO0tIYE.exeGet hashmaliciousSmokeLoaderBrowse
                            • 94.156.69.247
                            Customer-orderlist-Bestellung0940670009988208.exeGet hashmaliciousRedLineBrowse
                            • 94.156.65.203
                            best.x86.elfGet hashmaliciousUnknownBrowse
                            • 94.156.69.188
                            1724226243b9348f3b411af582580bd6a603a5ce20b028cbcc95a10a9590dca310f3191fd6655.dat-decoded.exeGet hashmaliciousRemcosBrowse
                            • 94.156.65.159
                            PurchaseOrder849393.vbsGet hashmaliciousRemcosBrowse
                            • 94.156.65.159
                            qaAwmfSJCf.exeGet hashmaliciousAsyncRATBrowse
                            • 94.156.65.159
                            file.exeGet hashmaliciousGo Injector, Stealc, VidarBrowse
                            • 94.156.68.106
                            CONTRACT TERMS 2024 RENEWAL .doc.exeGet hashmaliciousXWormBrowse
                            • 94.156.68.149

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            No created / dropped files found

                            Static File Info

                            General

                            File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                            Entropy (8bit):7.889937425972499
                            TrID:
                            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                            File name:SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            File size:36'284 bytes
                            MD5:4de74a22ebb3b2008d93fdf898611bdb
                            SHA1:eb8c46d817f3fca933e91e289897789122b73a54
                            SHA256:728c84285231652ea1b50ed634d83ef0c6e60a78db8ce93a8ae578e21f677f7e
                            SHA512:2bc0a4d9610ae4f15475a3eae1b85d812cb8c5229e53f09f2e47aaf26c6963eaffae5d57b27271f2bb35979ddf358e53adcebc1df503030e9854214af1a3c944
                            SSDEEP:768:1LAridbETdBiaspZ6gprUn825GlheuRbCE2gDH2jIlqcxyuButNRMu:1LAridbY4G8O8/ZgEBDMcxyuButLMu
                            TLSH:68F2E1E6C29D1B69C1E74D7422A888B30073575F50DF962FFD786AC8EC9C0852A1FD24
                            File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@....................... .............@.......@La.....@La.............................Q.td......................................................".UPX! .......x=..x=.

                            Static ELF Info

                            ELF header

                            Class:ELF64
                            Data:2's complement, little endian
                            Version:1 (current)
                            Machine:Advanced Micro Devices X86-64
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x408498
                            Flags:0x0
                            ELF Header Size:64
                            Program Header Offset:64
                            Program Header Size:56
                            Number of Program Headers:3
                            Section Header Offset:0
                            Section Header Size:64
                            Number of Section Headers:0
                            Header String Table Index:0

                            Program Segments

                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00x4000000x4000000x8caa0x8caa7.89290x5R E0x200000
                            LOAD0xc400x614c400x614c400x00x00.00000x6RW 0x1000
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 1, 2024 01:50:50.820677996 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:50.825460911 CEST37783931494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:50.825508118 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:50.827960968 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:50.832690954 CEST37783931494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:50.832737923 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:50.837476969 CEST37783931494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:51.430572987 CEST37783931494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:51.430748940 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.430804014 CEST393143778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.431375027 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.436153889 CEST37783931694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:51.436233997 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.436742067 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.441498995 CEST37783931694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:51.441576004 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:51.446486950 CEST37783931694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.251951933 CEST37783931694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.252074957 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.252106905 CEST393163778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.252527952 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.257366896 CEST37783931894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.257460117 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.257986069 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.262748957 CEST37783931894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.262815952 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.267544985 CEST37783931894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.863177061 CEST37783931894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.863373995 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.863399029 CEST393183778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.863790035 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.868591070 CEST37783932094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.868653059 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.869189024 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.873959064 CEST37783932094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:52.874000072 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:52.878784895 CEST37783932094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:53.583168030 CEST37783932094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:53.583477974 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.583477974 CEST393203778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.583900928 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.588701010 CEST37783932294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:53.588783979 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.589363098 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.594132900 CEST37783932294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:53.594178915 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:53.598941088 CEST37783932294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.185484886 CEST37783932294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.185842037 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.185842037 CEST393223778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.186310053 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.191165924 CEST37783932494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.191211939 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.191937923 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.196702003 CEST37783932494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.196743965 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.201533079 CEST37783932494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.799185038 CEST37783932494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.799278975 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.799295902 CEST393243778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.799783945 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.804594994 CEST37783932694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.804680109 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.805313110 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.810071945 CEST37783932694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:54.810118914 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:54.814868927 CEST37783932694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:55.401500940 CEST37783932694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:55.401803970 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.401803970 CEST393263778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.402224064 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.406975031 CEST37783932894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:55.407035112 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.407562971 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.412316084 CEST37783932894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:55.412364006 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:55.417094946 CEST37783932894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.006472111 CEST37783932894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.006632090 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.006632090 CEST393283778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.006961107 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.011759043 CEST37783933094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.011828899 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.012490034 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.017232895 CEST37783933094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.017273903 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.022051096 CEST37783933094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.616307974 CEST37783933094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.616372108 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.616372108 CEST393303778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.617017984 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.621772051 CEST37783933294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.621870995 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.623051882 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.627763987 CEST37783933294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:56.627820015 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:56.632523060 CEST37783933294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.239523888 CEST37783933294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.239772081 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.239772081 CEST393323778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.241630077 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.246397018 CEST37783933494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.249399900 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.249990940 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.254769087 CEST37783933494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.261404991 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.266161919 CEST37783933494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.875552893 CEST37783933494.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.875720024 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.875720024 CEST393343778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.876096964 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.880844116 CEST37783933694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.880918980 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.881527901 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.886298895 CEST37783933694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:57.886339903 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:57.891093016 CEST37783933694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:58.494172096 CEST37783933694.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:58.494498014 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.494498014 CEST393363778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.494839907 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.499634981 CEST37783933894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:58.499680042 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.500193119 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.504949093 CEST37783933894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:58.504988909 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:58.509799004 CEST37783933894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.118700027 CEST37783933894.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.118869066 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.118869066 CEST393383778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.119215965 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.123960018 CEST37783934094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.124036074 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.124651909 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.129393101 CEST37783934094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.129439116 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.134218931 CEST37783934094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.719997883 CEST37783934094.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.720244884 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.720244884 CEST393403778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.720668077 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.725516081 CEST37783934294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.725564003 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.726089001 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.730839968 CEST37783934294.156.71.225192.168.2.14
                            Sep 1, 2024 01:50:59.730896950 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:50:59.735642910 CEST37783934294.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.346983910 CEST37783934294.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.347179890 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.347179890 CEST393423778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.347557068 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.352298021 CEST37783934494.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.352344036 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.352941990 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.357675076 CEST37783934494.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.357731104 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.362505913 CEST37783934494.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.956201077 CEST37783934494.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.956259012 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.956259012 CEST393443778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.956587076 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.961349964 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.961441040 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.962043047 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.966825008 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:00.966869116 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:00.971616030 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:02.800941944 CEST46540443192.168.2.14185.125.190.26
                            Sep 1, 2024 01:51:10.971721888 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:10.976671934 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:14.142086983 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:51:14.142322063 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:51:32.751643896 CEST46540443192.168.2.14185.125.190.26
                            Sep 1, 2024 01:52:14.187390089 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:52:14.192251921 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:52:14.354574919 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:52:14.354691029 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:53:14.405050993 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:53:14.411792040 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:53:14.574048996 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:53:14.574246883 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:54:14.629295111 CEST393463778192.168.2.1494.156.71.225
                            Sep 1, 2024 01:54:14.634218931 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:54:14.796329975 CEST37783934694.156.71.225192.168.2.14
                            Sep 1, 2024 01:54:14.796384096 CEST393463778192.168.2.1494.156.71.225

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Sep 1, 2024 01:53:36.844108105 CEST3617053192.168.2.141.1.1.1
                            Sep 1, 2024 01:53:36.844178915 CEST5200453192.168.2.141.1.1.1
                            Sep 1, 2024 01:53:36.851208925 CEST53361701.1.1.1192.168.2.14
                            Sep 1, 2024 01:53:36.851228952 CEST53520041.1.1.1192.168.2.14

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 1, 2024 01:53:36.844108105 CEST192.168.2.141.1.1.10x522aStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                            Sep 1, 2024 01:53:36.844178915 CEST192.168.2.141.1.1.10x6285Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 1, 2024 01:53:36.851208925 CEST1.1.1.1192.168.2.140x522aNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                            Sep 1, 2024 01:53:36.851208925 CEST1.1.1.1192.168.2.140x522aNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                            System Behavior

                            General

                            Start time (UTC):23:50:50
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:50:50
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:50:50
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:50:55
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:00
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:06
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:11
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:17
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:22
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:27
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:32
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:37
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:42
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:47
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:53
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:51:58
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:03
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:08
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:13
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:18
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:23
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:28
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:33
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:38
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:43
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:48
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:53
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:52:58
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:03
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:08
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:13
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:18
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:23
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:28
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:33
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:38
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:43
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:48
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:53
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:53:58
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:54:03
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:54:08
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:54:13
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:54:18
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:54:23
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:50:50
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities


                            General

                            Start time (UTC):23:50:50
                            Start date (UTC):31/08/2024
                            Path:/tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
                            Arguments:-
                            File size:36284 bytes
                            MD5 hash:4de74a22ebb3b2008d93fdf898611bdb

                            Chronological Activities