Edit tour

Linux Analysis Report
tc2iriCZdi.elf

Overview

General Information

Sample name:	tc2iriCZdi.elf renamed because original name is a hash value
Original sample name:	bc65b67b9d7b698cc14e918d061cc75f.elf
Analysis ID:	1532760
MD5:	bc65b67b9d7b698cc14e918d061cc75f
SHA1:	0e5708a090c4ff4c0ca14d8f5814956e48ca1681
SHA256:	62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e
Tags:	64elfgafgyt
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532760
Start date and time:	2024-10-13 21:50:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	tc2iriCZdi.elf renamed because original name is a hash value
Original Sample Name:	bc65b67b9d7b698cc14e918d061cc75f.elf
Detection:	MAL
Classification:	mal64.evad.linELF@0/0@0/0

Warnings

VT rate limit hit for: tc2iriCZdi.elf

Runtime Messages

Command:	/tmp/tc2iriCZdi.elf
PID:	5454
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

tc2iriCZdi.elf (PID: 5454, Parent: 5374, MD5: bc65b67b9d7b698cc14e918d061cc75f) Arguments: /tmp/tc2iriCZdi.elf

tc2iriCZdi.elf New Fork (PID: 5455, Parent: 5454)

tc2iriCZdi.elf New Fork (PID: 5456, Parent: 5455)

tc2iriCZdi.elf New Fork (PID: 5457, Parent: 5455)

tc2iriCZdi.elf New Fork (PID: 5460, Parent: 5454)

tc2iriCZdi.elf New Fork (PID: 5461, Parent: 5454)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5456.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5456.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5455.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5455.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5454.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5454.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5460.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5460.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
Process Memory Space: tc2iriCZdi.elf PID: 5454	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a0f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a23:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a37:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a4b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a5f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a73:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a87:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a9b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aaf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ac3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ad7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aeb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b13:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b27:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b3b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: tc2iriCZdi.elf PID: 5455	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x52c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x540:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x554:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x568:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x590:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x61c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x66c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: tc2iriCZdi.elf PID: 5456	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x146f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1483:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1497:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x150f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1537:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x154b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x155f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1573:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1587:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x159b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: tc2iriCZdi.elf PID: 5460	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x52c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x540:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x554:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x568:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x57c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x590:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x61c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x66c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: tc2iriCZdi.elf

ReversingLabs: Detection: 36%

Machine Learning detection for sample

Source: tc2iriCZdi.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.13:37462 -> 45.131.65.138:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 45.131.65.138

Source: tc2iriCZdi.elf

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5455.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5455.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5454.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5454.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5460.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5460.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: Process Memory Space: tc2iriCZdi.elf PID: 5454, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: tc2iriCZdi.elf PID: 5455, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: tc2iriCZdi.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: tc2iriCZdi.elf PID: 5460, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x400000

Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5456.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5455.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5455.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5454.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5454.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5460.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5460.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: Process Memory Space: tc2iriCZdi.elf PID: 5454, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: tc2iriCZdi.elf PID: 5455, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: tc2iriCZdi.elf PID: 5456, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: tc2iriCZdi.elf PID: 5460, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/238/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/239/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/914/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/5396/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/3095/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/241/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1906/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/802/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/3768/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1482/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1480/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/371/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1238/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/134/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/3413/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/tc2iriCZdi.elf (PID: 5454)	File opened: /proc/816/status	Jump to behavior

Source: tc2iriCZdi.elf

Submission file: segment LOAD with 7.9636 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
tc2iriCZdi.elf	37%	ReversingLabs	Linux.Backdoor.Mirai
tc2iriCZdi.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	tc2iriCZdi.elf	true	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.131.65.138	unknown	Germany		47987	LOVESERVERSGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.131.65.138	LM762mO6Jt.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LOVESERVERSGB	LM762mO6Jt.elf	Get hash	malicious	Unknown	Browse	45.131.65.138
	M88FIQFvyo.elf	Get hash	malicious	Mirai	Browse	45.150.101.154
	i7b3uBlM8k.elf	Get hash	malicious	Mirai	Browse	45.150.101.181
	TV7RLVOmvl.elf	Get hash	malicious	Mirai	Browse	45.150.101.140
	dDPKtLvVp6.elf	Get hash	malicious	Mirai, Moobot	Browse	85.9.214.159
	yCUczQYIGe.elf	Get hash	malicious	Mirai	Browse	45.150.101.148
	a75e3f3e506051b9e4313a407c2a993f9d662a142f2ec.exe	Get hash	malicious	RHADAMANTHYS, SmokeLoader, Stealc, Vidar	Browse	45.131.66.61
	50GoeHHxhs.exe	Get hash	malicious	DarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBC	Browse	45.131.66.222
	SyuiUx2mcV.exe	Get hash	malicious	DarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBC	Browse	45.131.66.222
	Z8B3qXUXHu.exe	Get hash	malicious	DarkTortilla, Phobos, RHADAMANTHYS, SmokeLoader, SystemBC	Browse	45.131.66.222

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.961640397781978
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	tc2iriCZdi.elf
File size:	37'540 bytes
MD5:	bc65b67b9d7b698cc14e918d061cc75f
SHA1:	0e5708a090c4ff4c0ca14d8f5814956e48ca1681
SHA256:	62e2f7da81a6ce76239af480ef1dc843085c4df0d10d232d6a15b142e218ad2e
SHA512:	0b83139cef0eada4054aaa9da6ece36d4906cd1508c1abf1103b5aa1b56abcc6a36ffbdd7ccbdc96161851a278913aaf87780842d882e974f9c4729cb4e86480
SSDEEP:	768:P+4qtvWUAASjjLMGz7/tjBQd4Mt8nEPH3GgurEF4lZWx0M:29tvWrASjjL17/9BODtoPgumV
TLSH:	7CF2E1828BBDAAB4C1339B7144C785A0B73270A3DE0615BF15C835BF1979A413A33F92
File Content Preview:	.ELF..............>.....`.@.....@...................@.8...@.......................@.......@....................... ......................Ka......Ka.............................Q.td.....................................................I..UPX!D.......8:..8:.

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x408060
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x919c	0x919c	7.9636	0x5	R E	0x200000
LOAD	0xb00	0x614b00	0x614b00	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 21:51:16.589745045 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:16.594858885 CEST	3778	37462	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:16.594917059 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:16.597178936 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:16.602063894 CEST	3778	37462	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:16.602118015 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:16.607120037 CEST	3778	37462	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.251174927 CEST	3778	37462	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.251538038 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.251538992 CEST	37462	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.252144098 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.257194996 CEST	3778	37464	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.257319927 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.258141041 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.263025999 CEST	3778	37464	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.263205051 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.268464088 CEST	3778	37464	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.891325951 CEST	3778	37464	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.891702890 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.891776085 CEST	37464	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.892704964 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.899877071 CEST	3778	37466	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.900044918 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.902096033 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.908366919 CEST	3778	37466	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:17.908549070 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:17.913938046 CEST	3778	37466	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:18.540689945 CEST	3778	37466	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:18.540947914 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.540949106 CEST	37466	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.541666985 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.546681881 CEST	3778	37468	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:18.546802044 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.547679901 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.552781105 CEST	3778	37468	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:18.552845955 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:18.557686090 CEST	3778	37468	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:19.165736914 CEST	3778	37468	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:19.165966034 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.166029930 CEST	37468	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.166702032 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.171688080 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:19.171755075 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.172589064 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.177939892 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:19.177989006 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:19.183203936 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.151951075 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.157196045 CEST	3778	37472	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.157253027 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.158495903 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.163605928 CEST	3778	37472	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.163667917 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.168956995 CEST	3778	37472	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.788883924 CEST	3778	37472	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.789021015 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.789077044 CEST	37472	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.789757013 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.794815063 CEST	3778	37474	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.794883966 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.795639992 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.800548077 CEST	3778	37474	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:22.800600052 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:22.805702925 CEST	3778	37474	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:23.443634987 CEST	3778	37474	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:23.443800926 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.443800926 CEST	37474	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.444428921 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.449378967 CEST	3778	37476	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:23.449470043 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.450176001 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.455457926 CEST	3778	37476	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:23.455522060 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:23.460649014 CEST	3778	37476	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.077904940 CEST	3778	37476	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.078246117 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.078324080 CEST	37476	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.078990936 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.083947897 CEST	3778	37478	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.084131002 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.084650040 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.089467049 CEST	3778	37478	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.089628935 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.094500065 CEST	3778	37478	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.722098112 CEST	3778	37478	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.722485065 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.722485065 CEST	37478	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.722935915 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.727973938 CEST	3778	37480	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.728032112 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.728710890 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.734883070 CEST	3778	37480	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:24.734935045 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:24.739732027 CEST	3778	37480	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.345351934 CEST	3778	37480	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.345487118 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.345487118 CEST	37480	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.345990896 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.350909948 CEST	3778	37482	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.350980997 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.351558924 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.356362104 CEST	3778	37482	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.356415987 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.361213923 CEST	3778	37482	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.993506908 CEST	3778	37482	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:25.993840933 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.993840933 CEST	37482	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:25.994304895 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.000451088 CEST	3778	37484	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.000519037 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.001410961 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.006225109 CEST	3778	37484	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.006324053 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.011344910 CEST	3778	37484	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.653928995 CEST	3778	37484	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.654175043 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.654216051 CEST	37484	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.654800892 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.659683943 CEST	3778	37486	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.659795046 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.660448074 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.665550947 CEST	3778	37486	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:26.665620089 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:26.670500994 CEST	3778	37486	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.288985968 CEST	3778	37486	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.289135933 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.289186954 CEST	37486	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.289820910 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.295279026 CEST	3778	37488	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.295452118 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.296276093 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.301249027 CEST	3778	37488	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.301417112 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.306502104 CEST	3778	37488	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.939378023 CEST	3778	37488	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.939665079 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.939665079 CEST	37488	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.940592051 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.945487022 CEST	3778	37490	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.945564032 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.946676016 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.951580048 CEST	3778	37490	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:27.951639891 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:27.956587076 CEST	3778	37490	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:28.594849110 CEST	3778	37490	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:28.595097065 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.595155001 CEST	37490	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.596276045 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.601100922 CEST	3778	37492	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:28.601207972 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.602574110 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.607443094 CEST	3778	37492	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:28.607501984 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:28.612339020 CEST	3778	37492	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.176594019 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.181649923 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.243207932 CEST	3778	37492	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.243398905 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.243473053 CEST	37492	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.244637012 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.249579906 CEST	3778	37494	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.249674082 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.250946045 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.255759001 CEST	3778	37494	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.255841017 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.260658979 CEST	3778	37494	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.361980915 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.362121105 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.877686024 CEST	3778	37494	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.878083944 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.878145933 CEST	37494	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.879316092 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.884301901 CEST	3778	37496	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.884396076 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.885970116 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.890872002 CEST	3778	37496	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:29.890949965 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:29.895884991 CEST	3778	37496	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:30.527133942 CEST	3778	37496	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:30.527425051 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.527483940 CEST	37496	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.528522968 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.533960104 CEST	3778	37498	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:30.534024000 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.535429955 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.540426970 CEST	3778	37498	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:30.540481091 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:30.545398951 CEST	3778	37498	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.180871964 CEST	3778	37498	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.181061983 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.181113958 CEST	37498	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.182329893 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.187774897 CEST	3778	37500	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.187879086 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.189372063 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.194282055 CEST	3778	37500	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.194365978 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.199330091 CEST	3778	37500	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.829487085 CEST	3778	37500	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.829657078 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.829657078 CEST	37500	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.830651999 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.835597992 CEST	3778	37502	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.835676908 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.836958885 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.841818094 CEST	3778	37502	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:31.841866016 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:31.846736908 CEST	3778	37502	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:32.464315891 CEST	3778	37502	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:32.464595079 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.464595079 CEST	37502	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.465620995 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.471249104 CEST	3778	37504	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:32.471349001 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.473634005 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.478696108 CEST	3778	37504	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:32.478779078 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:32.483838081 CEST	3778	37504	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.134236097 CEST	3778	37504	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.134697914 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.134699106 CEST	37504	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.136111975 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.141597986 CEST	3778	37506	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.141824961 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.142949104 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.148139954 CEST	3778	37506	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.148336887 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.153726101 CEST	3778	37506	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.782974958 CEST	3778	37506	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.783452034 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.783452034 CEST	37506	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.783858061 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.789040089 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.789103031 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.789716959 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.795440912 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:33.795510054 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:33.800471067 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:43.800132036 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:51:43.805840015 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:44.027533054 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:51:44.027964115 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:52:29.414238930 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:52:29.420213938 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:52:29.599756002 CEST	3778	37470	45.131.65.138	192.168.2.13
Oct 13, 2024 21:52:29.600359917 CEST	37470	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:52:44.084881067 CEST	37508	3778	192.168.2.13	45.131.65.138
Oct 13, 2024 21:52:44.090786934 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:52:44.275983095 CEST	3778	37508	45.131.65.138	192.168.2.13
Oct 13, 2024 21:52:44.276418924 CEST	37508	3778	192.168.2.13	45.131.65.138

System Behavior

Analysis Process: tc2iriCZdi.elf PID: 5454, Parent PID: 5374

General

Start time (UTC):	19:51:15
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	/tmp/tc2iriCZdi.elf
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5455, Parent PID: 5454

General

Start time (UTC):	19:51:15
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5456, Parent PID: 5455

General

Start time (UTC):	19:51:15
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5457, Parent PID: 5455

General

Start time (UTC):	19:51:15
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5460, Parent PID: 5454

General

Start time (UTC):	19:51:21
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5461, Parent PID: 5454

General

Start time (UTC):	19:51:21
Start date (UTC):	13/10/2024
Path:	/tmp/tc2iriCZdi.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	bc65b67b9d7b698cc14e918d061cc75f

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report tc2iriCZdi.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: tc2iriCZdi.elf PID: 5454, Parent PID: 5374

General

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5455, Parent PID: 5454

General

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5456, Parent PID: 5455

General

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5457, Parent PID: 5455

General

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5460, Parent PID: 5454

General

Chronological Activities

Analysis Process: tc2iriCZdi.elf PID: 5461, Parent PID: 5454

General

Chronological Activities

Linux Analysis Report
tc2iriCZdi.elf