Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
LM762mO6Jt.elf

Overview

General Information

Sample name:LM762mO6Jt.elf
renamed because original name is a hash value
Original sample name:90c58d4ccf845e6760ae01e9f33860f0.elf
Analysis ID:1532756
MD5:90c58d4ccf845e6760ae01e9f33860f0
SHA1:00da5eefc2376ac097b77991db59dcb56335262e
SHA256:ba32df5db660e77956c09f1d9c2ff3a56ed9542d6fc7618a21df32ea2a0d02f4
Tags:32elfgafgytintel
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1532756
Start date and time:2024-10-13 21:46:11 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:LM762mO6Jt.elf
renamed because original name is a hash value
Original Sample Name:90c58d4ccf845e6760ae01e9f33860f0.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: LM762mO6Jt.elf

Runtime Messages

Command:/tmp/LM762mO6Jt.elf
PID:5488
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5488.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5488.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5488.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5490.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5490.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
Click to see the 11 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: LM762mO6Jt.elfReversingLabs: Detection: 47%
Machine Learning detection for sample
Source: LM762mO6Jt.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.14:55968 -> 45.131.65.138:3778
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknownTCP traffic detected without corresponding DNS query: 45.131.65.138
Source: LM762mO6Jt.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: LM762mO6Jt.elf PID: 5488, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: LM762mO6Jt.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: LM762mO6Jt.elf PID: 5490, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: LM762mO6Jt.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5488.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5500.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: LM762mO6Jt.elf PID: 5488, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: LM762mO6Jt.elf PID: 5489, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: LM762mO6Jt.elf PID: 5490, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: LM762mO6Jt.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1583/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/2672/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/110/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/111/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/112/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/113/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/234/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1577/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/114/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/235/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/115/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/116/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/117/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/118/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/119/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/10/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/917/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/11/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/12/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/13/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/14/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/15/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/16/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/17/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/18/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/19/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1593/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/240/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/120/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3094/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/121/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/242/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3406/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/122/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/243/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/2/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/123/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/244/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1589/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/124/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/245/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1588/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/125/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/4/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/246/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3402/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/126/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/5/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/247/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/127/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/6/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/248/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/128/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/7/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/249/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/8/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/129/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/800/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/9/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/801/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/803/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/20/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/806/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/21/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/807/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/928/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/22/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/23/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/24/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/25/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/26/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/27/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/28/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/29/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3420/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/490/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/250/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/130/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/251/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/131/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/252/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/132/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/253/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/254/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/255/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/135/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/256/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1599/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/257/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/378/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/258/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3412/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/259/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/30/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/35/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/3671/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/1371/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/260/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/261/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/262/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/142/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/263/statusJump to behavior
Source: /tmp/LM762mO6Jt.elf (PID: 5488)File opened: /proc/264/statusJump to behavior
Source: LM762mO6Jt.elfSubmission file: segment LOAD with 7.9628 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532756 Sample: LM762mO6Jt.elf Startdate: 13/10/2024 Architecture: LINUX Score: 64 20 45.131.65.138, 3778, 55968, 55970 LOVESERVERSGB Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Machine Learning detection for sample 2->26 28 Sample is packed with UPX 2->28 8 LM762mO6Jt.elf 2->8         started        signatures3 process4 process5 10 LM762mO6Jt.elf 8->10         started        12 LM762mO6Jt.elf 8->12         started        14 LM762mO6Jt.elf 8->14         started        process6 16 LM762mO6Jt.elf 10->16         started        18 LM762mO6Jt.elf 10->18         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LM762mO6Jt.elf47%ReversingLabsLinux.Backdoor.Mirai
LM762mO6Jt.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netLM762mO6Jt.elftrue
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
45.131.65.138
unknownGermany
47987LOVESERVERSGBfalse

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
LOVESERVERSGBM88FIQFvyo.elfGet hashmaliciousMiraiBrowse
  • 45.150.101.154
i7b3uBlM8k.elfGet hashmaliciousMiraiBrowse
  • 45.150.101.181
TV7RLVOmvl.elfGet hashmaliciousMiraiBrowse
  • 45.150.101.140
dDPKtLvVp6.elfGet hashmaliciousMirai, MoobotBrowse
  • 85.9.214.159
yCUczQYIGe.elfGet hashmaliciousMiraiBrowse
  • 45.150.101.148
a75e3f3e506051b9e4313a407c2a993f9d662a142f2ec.exeGet hashmaliciousRHADAMANTHYS, SmokeLoader, Stealc, VidarBrowse
  • 45.131.66.61
50GoeHHxhs.exeGet hashmaliciousDarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBCBrowse
  • 45.131.66.222
SyuiUx2mcV.exeGet hashmaliciousDarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBCBrowse
  • 45.131.66.222
Z8B3qXUXHu.exeGet hashmaliciousDarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBCBrowse
  • 45.131.66.222
SecuriteInfo.com.Trojan.PackedNET.2387.19648.17401.exeGet hashmaliciousPhobos, RHADAMANTHYS, SmokeLoaderBrowse
  • 45.131.66.61

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):7.960974308603252
TrID:
  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:LM762mO6Jt.elf
File size:38'296 bytes
MD5:90c58d4ccf845e6760ae01e9f33860f0
SHA1:00da5eefc2376ac097b77991db59dcb56335262e
SHA256:ba32df5db660e77956c09f1d9c2ff3a56ed9542d6fc7618a21df32ea2a0d02f4
SHA512:cfbd549bd7f4300bbfd60aa701122c90d0fe9265ed2f668ad427a6682e81d768bc952a840224cbca5304f067a6e0e4475a796ba7ffb74eaaff747cad2ee1d34c
SSDEEP:768:8wtA4ekApSSGy1ITyzAv+tTmoTu5Jbb+Y88mV1uKICnbcuyD7UHQRjF:8wtAAA7DAWlTWJe7znouy8Hyh
TLSH:3D03F151C03A5708D2DE91798CFBBA5FD690B01DA5543BFA9BCAF4BD4C23B2B5A0804D
File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.|.>#.....{~vx...A.Zg..3~........2..R.

Static ELF Info

ELF header

Class:ELF32
Data:2's complement, little endian
Version:1 (current)
Machine:Intel 80386
Version Number:0x1
Type:EXEC (Executable file)
OS/ABI:UNIX - Linux
ABI Version:0
Entry Point Address:0xc092a8
Flags:0x0
ELF Header Size:52
Program Header Offset:52
Program Header Size:32
Number of Program Headers:3
Section Header Offset:0
Section Header Size:40
Number of Section Headers:0
Header String Table Index:0

Program Segments

TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
LOAD0x00xc010000xc010000x949c0x949c7.96280x5R E0x1000
LOAD0xc080x805cc080x805cc080x00x00.00000x6RW 0x1000
GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Oct 13, 2024 21:46:58.536067963 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:58.541737080 CEST37785596845.131.65.138192.168.2.14
Oct 13, 2024 21:46:58.541821957 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:58.541856050 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:58.547238111 CEST37785596845.131.65.138192.168.2.14
Oct 13, 2024 21:46:58.547297955 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:58.552407026 CEST37785596845.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.174509048 CEST37785596845.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.174623013 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.174654961 CEST559683778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.174704075 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.179848909 CEST37785597045.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.179996014 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.179996967 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.185471058 CEST37785597045.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.185656071 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.191083908 CEST37785597045.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.821341038 CEST37785597045.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.821803093 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.821873903 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.821875095 CEST559703778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.826968908 CEST37785597245.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.827354908 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.827419996 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.832592010 CEST37785597245.131.65.138192.168.2.14
Oct 13, 2024 21:46:59.832782030 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:46:59.839992046 CEST37785597245.131.65.138192.168.2.14
Oct 13, 2024 21:47:00.458403111 CEST37785597245.131.65.138192.168.2.14
Oct 13, 2024 21:47:00.458970070 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.459110975 CEST559723778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.459122896 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.464344025 CEST37785597445.131.65.138192.168.2.14
Oct 13, 2024 21:47:00.464755058 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.464756012 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.470633030 CEST37785597445.131.65.138192.168.2.14
Oct 13, 2024 21:47:00.471187115 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:00.476931095 CEST37785597445.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.094450951 CEST37785597445.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.095015049 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.095015049 CEST559743778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.095026970 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.100636005 CEST37785597645.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.100841999 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.100884914 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.106208086 CEST37785597645.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.106390953 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.111907005 CEST37785597645.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.788228989 CEST37785597645.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.788734913 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.788755894 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.788757086 CEST559763778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.794228077 CEST37785597845.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.794464111 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.794512987 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.799932957 CEST37785597845.131.65.138192.168.2.14
Oct 13, 2024 21:47:01.800101042 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:01.805404902 CEST37785597845.131.65.138192.168.2.14
Oct 13, 2024 21:47:02.422497988 CEST37785597845.131.65.138192.168.2.14
Oct 13, 2024 21:47:02.423038960 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.423038960 CEST559783778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.423079967 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.428689003 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:47:02.429135084 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.429224968 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.434772968 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:47:02.435228109 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:02.440560102 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.217343092 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.222924948 CEST37785598245.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.223011971 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.223092079 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.228370905 CEST37785598245.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.228437901 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.233695030 CEST37785598245.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.856586933 CEST37785598245.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.856920004 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.856920004 CEST559823778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.857057095 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.862552881 CEST37785598445.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.862896919 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.862898111 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.868324995 CEST37785598445.131.65.138192.168.2.14
Oct 13, 2024 21:47:04.868556023 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:04.874160051 CEST37785598445.131.65.138192.168.2.14
Oct 13, 2024 21:47:05.522057056 CEST37785598445.131.65.138192.168.2.14
Oct 13, 2024 21:47:05.522363901 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.522460938 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.522460938 CEST559843778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.528023958 CEST37785598645.131.65.138192.168.2.14
Oct 13, 2024 21:47:05.528223991 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.528223991 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.533806086 CEST37785598645.131.65.138192.168.2.14
Oct 13, 2024 21:47:05.533866882 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:05.539170027 CEST37785598645.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.194799900 CEST37785598645.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.195033073 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.195225954 CEST559863778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.195341110 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.200726032 CEST37785598845.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.200927019 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.200927019 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.207566977 CEST37785598845.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.207761049 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.212969065 CEST37785598845.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.832273006 CEST37785598845.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.832510948 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.832535028 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.832535028 CEST559883778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.838371992 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.838617086 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.838617086 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.844166040 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:47:06.844597101 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:06.849944115 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:47:12.439023972 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:12.444220066 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:47:12.619544983 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:47:12.619808912 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:16.848558903 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:47:16.854088068 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:47:17.031286955 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:47:17.031555891 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:48:12.669821978 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:48:12.675633907 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:48:12.850146055 CEST37785598045.131.65.138192.168.2.14
Oct 13, 2024 21:48:12.850615025 CEST559803778192.168.2.1445.131.65.138
Oct 13, 2024 21:48:17.085331917 CEST559903778192.168.2.1445.131.65.138
Oct 13, 2024 21:48:17.091032982 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:48:17.273272038 CEST37785599045.131.65.138192.168.2.14
Oct 13, 2024 21:48:17.273498058 CEST559903778192.168.2.1445.131.65.138

System Behavior

General

Start time (UTC):19:46:57
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:/tmp/LM762mO6Jt.elf
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0

Chronological Activities


General

Start time (UTC):19:46:57
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:-
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0

Chronological Activities


General

Start time (UTC):19:46:57
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:-
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0

Chronological Activities


General

Start time (UTC):19:46:57
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:-
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0

General

Start time (UTC):19:47:03
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:-
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0

Chronological Activities


General

Start time (UTC):19:47:03
Start date (UTC):13/10/2024
Path:/tmp/LM762mO6Jt.elf
Arguments:-
File size:38296 bytes
MD5 hash:90c58d4ccf845e6760ae01e9f33860f0