Linux Analysis Report
czEunnbk7b.elf

Overview

General Information

Sample name: czEunnbk7b.elf
renamed because original name is a hash value
Original sample name: 9634adfcbf936c181b582eee76513eea.elf
Analysis ID: 1428401
MD5: 9634adfcbf936c181b582eee76513eea
SHA1: 4be5ab4aba5f6f1900eb2110d8dd900e4fa7f0a5
SHA256: 0bf90fde92e3e91cddd522164a046848c4b7904c872d10e1bc1dede11cf28c86
Tags: 64elfmirai
Infos:

Detection

Mirai
Score: 100
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Snort IDS alert for network traffic
Yara detected Mirai
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Mirai Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: czEunnbk7b.elf Avira: detected
Multi AV Scanner detection for submitted file
Source: czEunnbk7b.elf ReversingLabs: Detection: 36%
Machine Learning detection for sample
Source: czEunnbk7b.elf Joe Sandbox ML: detected
Found strings indicative of a multi-platform dropper
Source: czEunnbk7b.elf String: /proc/self/exe/proc/proc//comm/root//tmp//dev//bin//etc//boot//usr//mnt//var//lib//lib64/wgettftpcurl/mapsqllwnf-{zy

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2023449 ET TROJAN Possible Linux.Mirai Login Attempt (vizxv) 192.168.2.14:37658 -> 190.51.117.254:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.14:46960 -> 186.137.187.131:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.14:46984 -> 186.137.187.131:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.14:59868 -> 124.10.164.161:23
Source: Traffic Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.14:37856 -> 190.51.117.254:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.14:37856 -> 190.51.117.254:23
Source: Traffic Snort IDS: 2023449 ET TROJAN Possible Linux.Mirai Login Attempt (vizxv) 192.168.2.14:37988 -> 190.51.117.254:23
Source: Traffic Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.14:57286 -> 181.27.48.220:23
Source: Traffic Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.14:57286 -> 181.27.48.220:23
Source: Traffic Snort IDS: 2023448 ET TROJAN Possible Linux.Mirai Login Attempt (ubnt) 192.168.2.14:33360 -> 187.62.210.210:23
Performs DNS queries to domains with low reputation
Source: DNS query: rootme.xyz
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.14:46382 -> 45.128.232.208:33335
Sample listens on a socket
Source: /tmp/czEunnbk7b.elf (PID: 5499) Socket: 127.0.0.1::33337 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 81.2.169.200
Source: unknown TCP traffic detected without corresponding DNS query: 33.42.131.203
Source: unknown TCP traffic detected without corresponding DNS query: 165.228.31.200
Source: unknown TCP traffic detected without corresponding DNS query: 112.93.216.115
Source: unknown TCP traffic detected without corresponding DNS query: 240.14.67.14
Source: unknown TCP traffic detected without corresponding DNS query: 154.202.217.58
Source: unknown TCP traffic detected without corresponding DNS query: 140.51.34.233
Source: unknown TCP traffic detected without corresponding DNS query: 93.42.2.204
Source: unknown TCP traffic detected without corresponding DNS query: 65.156.190.108
Source: unknown TCP traffic detected without corresponding DNS query: 9.85.158.158
Source: unknown TCP traffic detected without corresponding DNS query: 196.63.67.33
Source: unknown TCP traffic detected without corresponding DNS query: 178.161.44.91
Source: unknown TCP traffic detected without corresponding DNS query: 61.217.193.230
Source: unknown TCP traffic detected without corresponding DNS query: 21.105.145.242
Source: unknown TCP traffic detected without corresponding DNS query: 40.179.37.52
Source: unknown TCP traffic detected without corresponding DNS query: 247.1.77.10
Source: unknown TCP traffic detected without corresponding DNS query: 62.206.130.241
Source: unknown TCP traffic detected without corresponding DNS query: 89.151.251.194
Source: unknown TCP traffic detected without corresponding DNS query: 244.253.93.13
Source: unknown TCP traffic detected without corresponding DNS query: 161.242.57.136
Source: unknown TCP traffic detected without corresponding DNS query: 14.162.146.65
Source: unknown TCP traffic detected without corresponding DNS query: 111.204.181.159
Source: unknown TCP traffic detected without corresponding DNS query: 173.183.153.168
Source: unknown TCP traffic detected without corresponding DNS query: 243.231.98.39
Source: unknown TCP traffic detected without corresponding DNS query: 90.75.190.34
Source: unknown TCP traffic detected without corresponding DNS query: 79.185.254.221
Source: unknown TCP traffic detected without corresponding DNS query: 81.181.75.81
Source: unknown TCP traffic detected without corresponding DNS query: 138.163.221.215
Source: unknown TCP traffic detected without corresponding DNS query: 24.209.226.25
Source: unknown TCP traffic detected without corresponding DNS query: 25.115.97.132
Source: unknown TCP traffic detected without corresponding DNS query: 248.135.28.166
Source: unknown TCP traffic detected without corresponding DNS query: 55.130.72.121
Source: unknown TCP traffic detected without corresponding DNS query: 32.146.241.62
Source: unknown TCP traffic detected without corresponding DNS query: 107.20.152.177
Source: unknown TCP traffic detected without corresponding DNS query: 217.209.190.49
Source: unknown TCP traffic detected without corresponding DNS query: 28.109.42.12
Source: unknown TCP traffic detected without corresponding DNS query: 185.4.253.120
Source: unknown TCP traffic detected without corresponding DNS query: 167.253.74.53
Source: unknown TCP traffic detected without corresponding DNS query: 216.219.136.250
Source: unknown TCP traffic detected without corresponding DNS query: 1.4.160.99
Source: unknown TCP traffic detected without corresponding DNS query: 84.7.12.124
Source: unknown TCP traffic detected without corresponding DNS query: 4.75.34.163
Source: unknown TCP traffic detected without corresponding DNS query: 130.212.193.220
Source: unknown TCP traffic detected without corresponding DNS query: 18.129.196.125
Source: unknown TCP traffic detected without corresponding DNS query: 86.14.233.53
Source: unknown TCP traffic detected without corresponding DNS query: 94.28.189.132
Source: unknown TCP traffic detected without corresponding DNS query: 26.93.182.68
Source: unknown TCP traffic detected without corresponding DNS query: 141.120.253.8
Source: unknown TCP traffic detected without corresponding DNS query: 240.175.156.16
Source: unknown TCP traffic detected without corresponding DNS query: 250.97.209.60
Source: unknown DNS traffic detected: queries for: rootme.xyz

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: czEunnbk7b.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: 5499.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 2, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 3, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 4, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 5, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 6, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 7, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 8, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 9, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 10, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 11, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 12, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 13, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 14, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 15, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 16, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 17, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 18, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 19, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 20, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 21, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 22, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 23, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 24, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 25, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 26, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 27, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 28, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 29, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 30, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 35, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 77, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 78, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 79, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 80, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 81, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 82, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 83, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 84, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 85, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 86, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 88, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 89, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 91, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 92, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 93, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 94, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 95, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 96, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 97, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 98, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 99, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 100, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 101, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 102, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 103, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 104, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 105, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 106, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 107, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 108, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 109, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 110, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 111, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 112, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 113, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 114, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 115, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 116, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 117, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 118, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 119, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 120, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 121, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 122, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 123, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 124, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 125, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 126, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 127, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 128, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 129, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 130, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 131, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 132, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 135, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 142, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 145, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 158, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 202, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 203, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 204, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 205, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 234, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 235, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 240, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 242, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 243, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 244, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 245, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 246, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 247, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 248, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 249, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 250, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 251, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 252, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 253, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 254, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 255, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 256, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 257, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 258, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 259, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 260, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 261, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 262, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 263, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 264, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 265, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 266, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 267, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 268, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 269, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 270, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 271, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 272, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 273, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 274, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 275, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 276, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 277, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 278, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 279, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 280, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 281, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 282, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 283, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 284, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 285, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 286, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 287, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 288, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 289, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 290, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 291, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 292, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 293, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 294, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 295, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 296, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 297, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 298, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 299, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 300, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 301, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 302, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 303, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 304, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 305, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 306, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 307, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 308, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 309, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 310, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 311, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 312, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 313, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 314, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 315, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 316, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 317, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 318, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 319, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 320, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 321, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 322, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 323, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 324, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 325, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 326, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 327, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 328, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 329, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 333, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 348, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 378, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 418, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 419, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 512, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 514, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 519, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 548, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 657, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 658, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 659, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 660, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 671, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 674, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 678, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 679, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 683, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 684, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 740, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent to PID below 1000: pid: 941, result: successful Jump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 86, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 129, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 131, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 135, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 142, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 145, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 242, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 244, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 245, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 246, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 247, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 268, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 273, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 275, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 276, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 277, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 278, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 279, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 280, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 281, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 282, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 283, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 284, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 285, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 286, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 287, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 288, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 289, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 290, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 291, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 292, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 294, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 295, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 296, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 297, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 298, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 299, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 300, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 301, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 302, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 303, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 304, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 305, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 306, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 307, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 308, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 309, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 310, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 311, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 312, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 313, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 314, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 315, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 316, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 317, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 318, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 319, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 320, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 321, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 323, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 325, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 329, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 333, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 348, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 378, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 418, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 512, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 514, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 519, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 548, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 659, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 671, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 678, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 679, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 683, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 684, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 740, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 941, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1203, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1583, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1873, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2517, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2672, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3686, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3761, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3762, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3763, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3764, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 5440, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 4, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 5, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 6, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 7, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 8, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 9, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 10, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 11, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 12, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 13, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 14, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 15, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 16, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 17, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 18, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 19, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 20, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 21, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 22, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 23, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 24, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 25, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 26, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 27, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 28, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 29, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 30, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 35, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 77, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 78, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 79, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 80, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 81, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 82, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 83, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 84, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 85, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 86, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 88, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 89, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 91, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 92, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 93, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 94, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 95, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 96, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 97, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 98, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 99, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 100, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 101, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 102, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 103, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 104, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 105, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 106, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 107, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 108, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 109, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 110, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 111, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 112, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 113, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 114, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 115, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 116, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 117, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 118, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 119, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 120, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 121, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 122, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 123, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 124, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 125, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 126, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 127, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 128, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 129, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 130, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 131, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 132, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 135, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 142, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 145, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 158, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 202, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 203, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 204, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 205, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 234, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 235, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 240, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 242, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 243, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 244, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 245, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 246, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 247, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 248, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 249, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 250, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 251, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 252, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 253, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 254, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 255, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 256, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 257, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 258, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 259, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 260, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 261, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 262, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 263, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 264, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 265, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 266, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 267, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 268, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 269, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 270, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 271, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 272, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 273, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 274, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 275, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 276, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 277, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 278, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 279, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 280, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 281, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 282, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 283, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 284, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 285, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 286, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 287, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 288, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 289, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 290, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 291, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 292, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 293, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 294, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 295, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 296, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 297, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 298, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 299, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 300, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 301, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 302, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 303, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 304, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 305, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 306, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 307, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 308, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 309, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 310, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 311, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 312, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 313, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 314, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 315, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 316, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 317, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 318, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 319, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 320, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 321, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 322, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 323, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 324, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 325, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 326, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 327, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 328, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 329, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 333, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 348, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 378, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 418, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 419, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 512, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 514, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 519, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 548, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 657, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 659, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 660, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 671, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 674, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 678, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 679, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 683, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 684, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 740, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 941, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1203, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1583, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 1873, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2517, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 2672, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3686, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3761, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3762, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3763, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 3764, result: successful Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) SIGKILL sent: pid: 5440, result: successful Jump to behavior
Yara signature match
Source: czEunnbk7b.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: 5499.1.0000000000400000.000000000040d000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: classification engine Classification label: mal100.spre.troj.linELF@0/0@3/0
Enumerates processes within the "proc" file system
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3761/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1583/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/2672/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/110/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/111/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/112/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/113/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/234/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1577/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1577/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/114/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/235/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/115/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/116/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/117/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/118/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/119/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/10/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/917/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/917/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/11/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/12/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/13/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/14/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/15/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/16/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/17/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/18/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/19/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1593/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1593/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/240/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/120/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3094/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3094/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/121/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/242/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3406/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3406/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/122/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/243/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/2/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/123/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/244/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1589/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1589/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/124/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/245/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1588/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/1588/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/125/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/4/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/246/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3402/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3402/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/126/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/5/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/247/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/127/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/6/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/248/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/128/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/7/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/249/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/8/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/129/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/800/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/800/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3762/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/9/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/801/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/801/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3763/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3764/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/803/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/803/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/20/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/806/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/806/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/21/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/807/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/807/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/928/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/928/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/22/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/23/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/24/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/25/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/26/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/27/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/28/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/29/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3420/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/3420/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/490/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/490/comm Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/250/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/130/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/251/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/131/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/252/maps Jump to behavior
Source: /tmp/czEunnbk7b.elf (PID: 5500) File opened: /proc/132/maps Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
Sample contains strings that are user agent strings indicative of HTTP manipulation
Source: Initial sample User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Source: Initial sample User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Source: Initial sample User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Source: Initial sample User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Source: Initial sample User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7

Remote Access Functionality
barindex
Detected Mirai
Source: Traffic Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (vizxv)
Source: Traffic Snort IDS: ET TROJAN Linux.Mirai Login Attempt (xc3511)
Source: Traffic Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (vizxv)
Source: Traffic Snort IDS: ET TROJAN Linux.Mirai Login Attempt (xc3511)
Source: Traffic Snort IDS: ET TROJAN Possible Linux.Mirai Login Attempt (ubnt)
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
98.126.6.34
 unknown United States
35908 VPLSNETUS false
12.70.59.90
 unknown United States
7018 ATT-INTERNET4US false
68.156.0.99
 unknown United States
6389 BELLSOUTH-NET-BLKUS false
11.69.245.32
 unknown United States
3356 LEVEL3US false
168.80.227.81
 unknown Seychelles
62355 NETWORKDEDICATEDCH false
21.134.33.170
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
102.56.159.226
 unknown Egypt
36992 ETISALAT-MISREG false
27.255.12.86
 unknown Pakistan
55714 APNIC-FIBERLINK-PKFiberlinkPvtLtdPK false
143.236.35.211
 unknown United States
3128 BRUWS-AS3128US false
247.217.190.121
 unknown Reserved
unknown unknown false
130.14.191.106
 unknown United States
70 NLM-GWUS false
249.183.252.75
 unknown Reserved
unknown unknown false
15.6.35.85
 unknown United States
13979 ATT-IPFRUS false
49.157.19.126
 unknown Philippines
18190 WWW-PH-APSunValleyNewOrientalPH false
201.59.149.145
 unknown Brazil
7738 TelemarNorteLesteSABR false
111.158.249.176
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
33.67.172.93
 unknown United States
2686 ATGS-MMD-ASUS false
34.247.50.25
 unknown United States
16509 AMAZON-02US false
204.201.160.30
 unknown United States
2914 NTT-COMMUNICATIONS-2914US false
54.119.141.90
 unknown United States
16509 AMAZON-02US false
137.116.165.121
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
206.198.155.16
 unknown United States
46160 SKYTAP-TUKUS false
85.69.16.32
 unknown France
21502 ASN-NUMERICABLEFR false
122.93.239.85
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
108.13.157.235
 unknown United States
5650 FRONTIER-FRTRUS false
62.57.223.119
 unknown Spain
12357 COMUNITELSPAINES false
4.84.3.238
 unknown United States
3356 LEVEL3US false
37.178.235.104
 unknown Italy
30722 VODAFONE-IT-ASNIT false
192.150.30.209
 unknown United States
1848 AS1848US false
69.13.71.56
 unknown United States
54489 CORESPACE-DALUS false
159.47.222.152
 unknown United States
25019 SAUDINETSTC-ASSA false
251.62.202.150
 unknown Reserved
unknown unknown false
70.141.98.73
 unknown United States
7018 ATT-INTERNET4US false
36.234.139.181
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
117.56.169.135
 unknown Taiwan; Republic of China (ROC)
4782 GSNETDataCommunicationBusinessGroupTW false
195.118.81.92
 unknown European Union
5617 TPNETPL false
37.48.232.44
 unknown Croatia (LOCAL Name: Hrvatska)
35549 METRONET-ASZagrebCroatiaHR false
199.214.176.79
 unknown Canada
393952 GOANETCA false
246.88.196.217
 unknown Reserved
unknown unknown false
171.221.148.220
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
187.193.242.67
 unknown Mexico
8151 UninetSAdeCVMX false
180.45.169.143
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
117.191.47.249
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
129.5.114.70
 unknown United States
22742 CT-EDU-NETUS false
202.214.114.191
 unknown Japan 2497 IIJInternetInitiativeJapanIncJP false
53.220.148.3
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
73.19.116.65
 unknown United States
7922 COMCAST-7922US false
139.190.86.97
 unknown Pakistan
38547 WITRIBE-AS-APWITRIBEPAKISTANLIMITEDPK false
64.100.50.231
 unknown United States
109 CISCOSYSTEMSUS false
125.177.38.24
 unknown Korea Republic of
17858 POWERVIS-AS-KRLGPOWERCOMMKR false
101.184.63.77
 unknown Australia
1221 ASN-TELSTRATelstraCorporationLtdAU false
140.93.240.55
 unknown France
1715 FR-REMIP2000REMIP2000AutonomousSystemEU false
61.130.143.144
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
25.68.137.189
 unknown United Kingdom
7922 COMCAST-7922US false
124.40.126.134
 unknown China
23724 CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation false
249.142.96.62
 unknown Reserved
unknown unknown false
150.110.90.123
 unknown United States
32531 FORDHAM-UNIVERSITYUS false
212.3.215.204
 unknown Latvia
24921 LMT-3GRigaLatviaLV false
100.246.39.212
 unknown United States
21928 T-MOBILE-AS21928US false
45.109.69.159
 unknown Egypt
37069 MOBINILEG false
212.212.147.235
 unknown United Kingdom
4589 EASYNETEasynetGlobalServicesEU false
118.106.74.170
 unknown Japan 18126 CTCXChubuTelecommunicationsCompanyIncJP false
126.230.11.223
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
5.52.25.196
 unknown Iran (ISLAMIC Republic Of)
197207 MCCI-ASIR false
100.175.221.190
 unknown United States
21928 T-MOBILE-AS21928US false
27.77.90.67
 unknown Viet Nam
7552 VIETEL-AS-APViettelGroupVN false
141.96.163.214
 unknown Belgium
25367 AS-ADTS-LUForIDARroutingLU false
106.4.232.113
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
64.0.102.91
 unknown United States
2828 XO-AS15US false
57.230.53.35
 unknown Belgium
2686 ATGS-MMD-ASUS false
38.250.206.97
 unknown United States
174 COGENT-174US false
13.68.45.10
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
13.3.222.203
 unknown United States
7018 ATT-INTERNET4US false
155.159.96.94
 unknown South Africa
137951 CLAYERLIMITED-AS-APClayerLimitedHK false
94.129.228.109
 unknown Kuwait
47589 KTC3GKW false
93.123.141.96
 unknown Russian Federation
35539 INFOLINK-T-ASMoscowRussiaRU false
40.31.253.171
 unknown United States
4249 LILLY-ASUS false
105.77.76.135
 unknown Morocco
36884 MAROCCONNECTMA false
160.112.157.216
 unknown United States
715 WOODYNET-2US false
57.64.136.165
 unknown Belgium
51964 ORANGE-BUSINESS-SERVICES-IPSN-ASNFR false
251.174.211.200
 unknown Reserved
unknown unknown false
117.52.238.156
 unknown Korea Republic of
23576 NHN-AS-KRNBPKR false
246.78.191.10
 unknown Reserved
unknown unknown false
253.151.102.34
 unknown Reserved
unknown unknown false
248.155.90.89
 unknown Reserved
unknown unknown false
35.37.66.133
 unknown United States
36375 UMICH-AS-5US false
151.29.184.179
 unknown Italy
1267 ASN-WINDTREIUNETEU false
12.120.106.199
 unknown United States
4466 EASYLINK2US false
120.172.113.8
 unknown Indonesia
4761 INDOSAT-INP-APINDOSATInternetNetworkProviderID false
22.196.29.214
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
158.131.170.234
 unknown Finland
55 UPENNUS false
206.243.162.193
 unknown United States
3356 LEVEL3US false
118.148.86.76
 unknown New Zealand
23655 SNAP-NZ-ASSnapInternetLimitedNZ false
50.138.60.204
 unknown United States
7922 COMCAST-7922US false
158.195.1.102
 unknown Slovakia (SLOVAK Republic)
2607 SANETSlovakAcademicNetworkSK false
14.38.74.4
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
240.102.211.5
 unknown Reserved
unknown unknown false
145.157.171.140
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
67.254.77.228
 unknown United States
12271 TWC-12271-NYCUS false
164.36.249.212
 unknown United Kingdom
29355 KCELL-ASKZ false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.35.24 true
rootme.xyz 45.128.232.208 true