Edit tour

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf

Overview

General Information

Sample name:	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Analysis ID:	1430163
MD5:	a7bbd9d15d98cabc448db9d9631a5955
SHA1:	3665a8652b068332615ddd1d2e9a19b63f0d2475
SHA256:	3f0df94d07c25f6ede17cef36aa664c0c0240f875446733323a1bfda64413bd1
Tags:	elf
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Queries the IP of a very long domain name

Sample deletes itself

Sample tries to kill multiple processes (SIGKILL)

Deletes log files

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Sample contains only a LOAD segment without any section mappings

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430163
Start date and time:	2024-04-23 08:32:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/0@44/0

Warnings

Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
PID:	6218
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	black botnet voodoo
Standard Error:

Process Tree

system is lnxubuntu20

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6218, Parent: 6133, MD5: a7bbd9d15d98cabc448db9d9631a5955) Arguments: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf New Fork (PID: 6219, Parent: 6218)

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf New Fork (PID: 6220, Parent: 6219)

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf New Fork (PID: 6221, Parent: 6219)

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf New Fork (PID: 6222, Parent: 6219)

SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf New Fork (PID: 6223, Parent: 6219)

systemd New Fork (PID: 6224, Parent: 1)

journalctl (PID: 6224, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 6246, Parent: 1)

dbus-daemon (PID: 6246, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6260, Parent: 1)

rsyslogd (PID: 6260, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6261, Parent: 1860)

pulseaudio (PID: 6261, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

gvfsd-fuse New Fork (PID: 6262, Parent: 2038)

fusermount (PID: 6262, Parent: 2038, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 6265, Parent: 1)

systemd-journald (PID: 6265, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6266, Parent: 1)

dbus-daemon (PID: 6266, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6267, Parent: 1)

systemd-journald (PID: 6267, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6268, Parent: 1)

rsyslogd (PID: 6268, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6270, Parent: 1)

dbus-daemon (PID: 6270, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6271, Parent: 1)

systemd-journald (PID: 6271, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6272, Parent: 1)

dbus-daemon (PID: 6272, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6273, Parent: 1)

systemd-journald (PID: 6273, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 6274, Parent: 1)

rsyslogd (PID: 6274, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6276, Parent: 1)

dbus-daemon (PID: 6276, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 6277, Parent: 1)

systemd-journald (PID: 6277, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

gdm3 New Fork (PID: 6278, Parent: 1320)

Default (PID: 6278, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6279, Parent: 1320)

Default (PID: 6279, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 6280, Parent: 1320)

Default (PID: 6280, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 6281, Parent: 1)

rsyslogd (PID: 6281, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6283, Parent: 1)

rsyslogd (PID: 6283, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 6285, Parent: 1)

gpu-manager (PID: 6285, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6286, Parent: 1)

generate-config (PID: 6286, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6287, Parent: 6286)

pkill (PID: 6287, Parent: 6286, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6290, Parent: 1)

gpu-manager (PID: 6290, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6291, Parent: 6290)

sh (PID: 6291, Parent: 6290, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6292, Parent: 6291)

systemd New Fork (PID: 6293, Parent: 1)

generate-config (PID: 6293, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6294, Parent: 6293)

pkill (PID: 6294, Parent: 6293, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6295, Parent: 1)

gpu-manager (PID: 6295, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 6296, Parent: 6295)

sh (PID: 6296, Parent: 6295, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 6297, Parent: 6296)

grep (PID: 6297, Parent: 6296, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

systemd New Fork (PID: 6298, Parent: 1)

generate-config (PID: 6298, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6299, Parent: 6298)

pkill (PID: 6299, Parent: 6298, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6300, Parent: 1)

gpu-manager (PID: 6300, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6301, Parent: 1)

generate-config (PID: 6301, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6302, Parent: 6301)

pkill (PID: 6302, Parent: 6301, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6303, Parent: 1)

gpu-manager (PID: 6303, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 6304, Parent: 1)

generate-config (PID: 6304, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 6305, Parent: 6304)

pkill (PID: 6305, Parent: 6304, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 6306, Parent: 1)

plymouth (PID: 6306, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

systemd New Fork (PID: 6307, Parent: 1860)

dbus-daemon (PID: 6307, Parent: 1860, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6222.1.0000000000400000.0000000000416000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0xf02:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6218.1.0000000000400000.0000000000416000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0xf02:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6221.1.0000000000400000.0000000000416000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0xf02:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6223.1.0000000000400000.0000000000416000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0xf02:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01

Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 6287)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6294)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6299)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6302)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6305)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6218)

File: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf

Jump to behavior

Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Submission file: segment LOAD with 7.8087 entropy (max. 8.0)
Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Submission file: segment LOAD with 7.9722 entropy (max. 8.0)

Source: /usr/bin/gpu-manager (PID: 6285)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6290)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6295)	Truncated file: /var/log/gpu-manager.log	Jump to behavior

Source: /usr/bin/pkill (PID: 6299)

Reads CPU info from /sys: /sys/devices/system/cpu/online

Jump to behavior

Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf, 6223.1.0000000000f12000.0000000000f15000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_721-4290559889
Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf, 6223.1.0000000000f11000.0000000000f12000.rw-.sdmp	Binary or memory string: vmware-root_721-4290559889
Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf, 6223.1.0000000000f12000.0000000000f15000.rw-.sdmp	Binary or memory string: `A/tmp/vmware-root_721-4290559889A

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Disable or Modify Tools	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Indicator Removal	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	47%	ReversingLabs	Linux.Trojan.Mirai
SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	15%	Virustotal		Browse
SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
kz.adolfhitler.su.V'fW66PV,PV!EH(652)V'f3NNPV!PV,E@@@	unknown	unknown	true	unknown
sex.secure-cyber-security.!V'fVVPV,PV!EHH3$W54]sexsecure-cyber-securitys!V'f.JPV!PV,E<@@wFqg#	unknown	unknown	true	unknown
sex.secure-cyber-security.V'f66PV,PV!E((4G/3M5Ng/yV'fDVVPV!PV,EHp@@.=3M54ysexsecure-cyber-securitys.'f6)66PV,PV!E((4o/3M5eyV'f*VVP.!PV,EHp@@>,3M54xysexsecure-cyber-securitysV'.66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq.@>3M54xysexsecure-cyber-securitys..'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6	unknown	unknown	true	low
kz.adolfhitler.su.V'f_66PV,PV!EH(~4{!5HV'fNNPV!PV,E@.@@@5,#kzadolfhitlersunV'f<V66PV,PV!EH(4{	unknown	unknown	true	unknown
kz.adolfhitler.su.V'f<V66PV,PV!EH(4{5@V'fWNNPV!PV,E@.@@=5,kzadolfhitlersunV'f66PV,PV!EH(3\|5	unknown	unknown	true	unknown
kz.adolfhitler.su.V'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV!PV,E@.@@H5,}kzadolfhitlersunV'f_66PV,	unknown	unknown	true	unknown
kz.adolfhitler.su.V'fe66PV,PV!EH(6f5Oz)V'f/gNNPV!PV,E@C@@	unknown	unknown	true	low
sex.secure-cyber-security.V'f&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq@@.3M54ysexsecure-cyber-securitys.V'f66PV,PV.E((4/`3M5gy	unknown	unknown	true	low
kz.adolfhitler.su.V'f66PV,PV!EH(6?5y>)V'fPNNPV!PV,E@i@@	unknown	unknown	true	unknown
kz.adolfhitler.su.V'f0h66PV,PV!EH(65;I)V'fhJJPV!PV,E<t@@	unknown	unknown	true	unknown
kz.adolfhitler.su.xV'f;JJPV!PV,E<7@@XpFaQD.#+xV'f466	unknown	unknown	true	unknown
sex.secure-cyber-security.V'fVVPV,PV!EHH3d$W54+dsexsecure-cyber-securitysV'f.JPV!PV,E<@@#F6#H	unknown	unknown	true	unknown
kz.adolfhitler.su.V'f66PV,PV!EH(3\|5=V'fkJJPV!PV,E<.@@OjF4#jV'f	unknown	unknown	true	unknown
security.rebirth-network.su	unknown	unknown	true	unknown
sex.secure-cyber-security.V'f66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq@@.3M54xysexsecure-cyber-securitys.'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6	unknown	unknown	true	low
kz.adolfhitler.su.V'f66PV,PV!EH(~4{n5PV'fNNPV!PV,E@.@@5,Nkzadolf.itlersunV'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV.PV,E@P@@H5	unknown	unknown	true	unknown
kz.adolfhitler.su.sV'f)NNPV!PV,E@S@@SF^r5,PkzadolfhitlersunxV'f;J	unknown	unknown	true	unknown
kz.adolfhitler.su.OV'fNNPV,PV!EH@3$W5,SkzadolfhitlersunOV'fcJ	unknown	unknown	true	unknown
kz.adolfhitler.su.dV'fNNPV!PV,E@O@@WD^r5,PkzadolfhitlersuniV'f%N	unknown	unknown	true	unknown
sex.secure-cyber-security.V'f66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<@@.F]#V'f66PV,PV!E((@0.F]P..'fN9BBPV!PV,E4a@@_T[[+T>V48_iV'fY.W.PV!PV,EI@@3;55{securityrebirth-networksu...'fzeWWPV,PV!E(I2T3;55securityrebirth-.etworksuV'ffWWPV!PV,EI@@3;Y55\securityrebirth-network.uV'fWWPV,PV!E(I2T3;5Y5securityrebirth-networksuV'fY.WW.V!PV,EI@@3;)55~securityrebirth-networksu	unknown	unknown	true	low
kz.adolfhitler.su.iV'f%NNPV!PV,E@P]@@V^r5,sPkzadolfhitlersunmV'fJ	unknown	unknown	true	unknown
kz.adolfhitler.su.#V'fNNPV,PV!E(@3L3l5Y,p\kzadolfhitlersus#V'fJJJ	unknown	unknown	true	unknown
sex.secure-cyber-security.V'f6)66PV,PV!E((4o/3M5eyV'f*VVPV!PV,EHp@@.,3M54xysexsecure-cyber-securitys.'f66PV,PV!E((4/p3M5eyV'fVVP.!PV,EHq@@>3M54xysexsecure-cyber-securitysV'.&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq.@=3M54ysexsecure-cyber-securitys..'f66PV,PV!E((4/`3M5gyV'fJJJP.!PV,E<@@YF]#V'f66	unknown	unknown	true	low
kz.adolfhitler.su.mV'fJJPV!PV,E<R]@;E '@@<JUPINGnV'f`$NN	unknown	unknown	true	unknown
kz.adolfhitler.su.V'fV66PV,PV!EH(65G)V'fNNPV!PV,E@u@@	unknown	unknown	true	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
212.70.149.14	unknown	Bulgaria	208410	INTERNET-HOSTINGBG	false
0.4.0.4	unknown	unknown	unknown	unknown	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
212.70.149.14	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	/arm6
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	/arm7
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	/mips
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	/mpsl
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	/arm5
109.202.202.202	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse
	.Sarm7.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	oahFOiuDO1.elf	Get hash	malicious	Unknown	Browse
	vXahA76yEa.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse
	.Sarm7.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	oahFOiuDO1.elf	Get hash	malicious	Unknown	Browse
	vXahA76yEa.elf	Get hash	malicious	Unknown	Browse
	AfF3NP01xL.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse
	.Sarm7.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	oahFOiuDO1.elf	Get hash	malicious	Unknown	Browse
	vXahA76yEa.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	jdsfl.arm7.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	.Sarm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.Sx86.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	t8WeXq3mvS.elf	Get hash	malicious	Gafgyt	Browse	185.125.190.26
CANONICAL-ASGB	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	jdsfl.arm7.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	.Sarm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.Sx86.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	t8WeXq3mvS.elf	Get hash	malicious	Gafgyt	Browse	185.125.190.26
INIT7CH	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	.Sarm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm6.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	oahFOiuDO1.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	vXahA76yEa.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
INTERNET-HOSTINGBG	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	CT9oaKX3q3.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	FPzq69vduv.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	WgOCAsA3rc.elf	Get hash	malicious	Unknown	Browse	87.246.7.195
	Zhg54HPfZj.elf	Get hash	malicious	Unknown	Browse	87.246.7.195
	AqO97d3N90.elf	Get hash	malicious	Unknown	Browse	87.246.7.66

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.970173886490618
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
File size:	43'716 bytes
MD5:	a7bbd9d15d98cabc448db9d9631a5955
SHA1:	3665a8652b068332615ddd1d2e9a19b63f0d2475
SHA256:	3f0df94d07c25f6ede17cef36aa664c0c0240f875446733323a1bfda64413bd1
SHA512:	3f11d98d9660d4b1ca2701c91a0af2de91cb26335f32ec821d782246c394d4babb2f316778e0ac17eb45411d1a3d4bbef68c712b2ff20eb6d0a8d87285dbd215
SSDEEP:	768:6PGmYCCMAKys36bgArPn74hmSDxCBMLRawR+eJ334Ulq9s1:1UCMAKysyPn7rSFBJ3IL9S
TLSH:	C713F1F2B228DCB2D89669773209C970FEE178331E16974B008D72AF0EDC5588D75E60
File Content Preview:	.ELF..............>.............@...................@.8...@.......................@.......@..............."....... ....................................................... .....Q.td......................................................E.sfga.........q...^.

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8097a8
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x1000	0x220980	7.8087	0x6	RW	0x200000
LOAD	0x0	0x800000	0x800000	0xa9b6	0xa9b6	7.9722	0x5	R E	0x200000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:32:52.901130915 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2024 08:32:54.123138905 CEST	55764	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:32:54.318262100 CEST	35342	55764	212.70.149.14	192.168.2.23
Apr 23, 2024 08:32:57.185162067 CEST	55766	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:32:57.384773970 CEST	35342	55766	212.70.149.14	192.168.2.23
Apr 23, 2024 08:32:58.276813984 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 23, 2024 08:32:59.812120914 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 23, 2024 08:33:00.206063032 CEST	55768	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:33:00.401328087 CEST	35342	55768	212.70.149.14	192.168.2.23
Apr 23, 2024 08:33:03.256875038 CEST	55770	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:33:03.451793909 CEST	35342	55770	212.70.149.14	192.168.2.23
Apr 23, 2024 08:33:05.627171993 CEST	55772	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:33:05.822217941 CEST	35342	55772	212.70.149.14	192.168.2.23
Apr 23, 2024 08:33:07.981578112 CEST	41852	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:08.994817019 CEST	41852	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:11.010545969 CEST	41852	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:14.402096033 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2024 08:33:15.169934988 CEST	41852	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:24.640798092 CEST	42836	443	192.168.2.23	91.189.91.43
Apr 23, 2024 08:33:30.783787012 CEST	42516	80	192.168.2.23	109.202.202.202
Apr 23, 2024 08:33:49.009509087 CEST	55776	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:33:49.204612970 CEST	35342	55776	212.70.149.14	192.168.2.23
Apr 23, 2024 08:33:51.379746914 CEST	41856	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:52.380744934 CEST	41856	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:54.396509886 CEST	41856	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:33:55.356339931 CEST	43928	443	192.168.2.23	91.189.91.42
Apr 23, 2024 08:33:58.427915096 CEST	41856	35342	192.168.2.23	0.4.0.4
Apr 23, 2024 08:34:32.408319950 CEST	55780	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:34:32.603262901 CEST	35342	55780	212.70.149.14	192.168.2.23
Apr 23, 2024 08:34:59.620570898 CEST	55782	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:34:59.815460920 CEST	35342	55782	212.70.149.14	192.168.2.23
Apr 23, 2024 08:35:01.990624905 CEST	55784	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:35:02.185345888 CEST	35342	55784	212.70.149.14	192.168.2.23
Apr 23, 2024 08:35:05.026869059 CEST	55786	35342	192.168.2.23	212.70.149.14
Apr 23, 2024 08:35:05.221579075 CEST	35342	55786	212.70.149.14	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:32:53.582046986 CEST	56603	53	192.168.2.23	134.195.4.2
Apr 23, 2024 08:32:53.671452999 CEST	53	56603	134.195.4.2	192.168.2.23
Apr 23, 2024 08:32:53.758572102 CEST	40686	53	192.168.2.23	134.195.4.2
Apr 23, 2024 08:32:53.850266933 CEST	53	40686	134.195.4.2	192.168.2.23
Apr 23, 2024 08:32:53.850395918 CEST	51760	53	192.168.2.23	134.195.4.2
Apr 23, 2024 08:32:53.944479942 CEST	53	51760	134.195.4.2	192.168.2.23
Apr 23, 2024 08:32:53.944595098 CEST	35214	53	192.168.2.23	134.195.4.2
Apr 23, 2024 08:32:54.033895969 CEST	53	35214	134.195.4.2	192.168.2.23
Apr 23, 2024 08:32:54.034020901 CEST	38022	53	192.168.2.23	134.195.4.2
Apr 23, 2024 08:32:54.122992039 CEST	53	38022	134.195.4.2	192.168.2.23
Apr 23, 2024 08:32:56.318504095 CEST	39246	53	192.168.2.23	51.77.149.139
Apr 23, 2024 08:32:56.491415024 CEST	53	39246	51.77.149.139	192.168.2.23
Apr 23, 2024 08:32:56.491588116 CEST	39556	53	192.168.2.23	51.77.149.139
Apr 23, 2024 08:32:56.665910006 CEST	53	39556	51.77.149.139	192.168.2.23
Apr 23, 2024 08:32:56.666111946 CEST	39563	53	192.168.2.23	51.77.149.139
Apr 23, 2024 08:32:56.835073948 CEST	53	39563	51.77.149.139	192.168.2.23
Apr 23, 2024 08:32:56.835208893 CEST	57364	53	192.168.2.23	51.77.149.139
Apr 23, 2024 08:32:57.009871960 CEST	53	57364	51.77.149.139	192.168.2.23
Apr 23, 2024 08:32:57.010049105 CEST	39142	53	192.168.2.23	51.77.149.139
Apr 23, 2024 08:32:57.184552908 CEST	53	39142	51.77.149.139	192.168.2.23
Apr 23, 2024 08:32:59.384856939 CEST	44986	53	192.168.2.23	51.254.162.59
Apr 23, 2024 08:32:59.550266027 CEST	53	44986	51.254.162.59	192.168.2.23
Apr 23, 2024 08:32:59.550429106 CEST	54873	53	192.168.2.23	51.254.162.59
Apr 23, 2024 08:32:59.715735912 CEST	53	54873	51.254.162.59	192.168.2.23
Apr 23, 2024 08:32:59.715864897 CEST	46377	53	192.168.2.23	51.254.162.59
Apr 23, 2024 08:32:59.880034924 CEST	53	46377	51.254.162.59	192.168.2.23
Apr 23, 2024 08:32:59.880188942 CEST	41918	53	192.168.2.23	51.254.162.59
Apr 23, 2024 08:33:00.041558027 CEST	53	41918	51.254.162.59	192.168.2.23
Apr 23, 2024 08:33:00.041907072 CEST	47596	53	192.168.2.23	51.254.162.59
Apr 23, 2024 08:33:00.205921888 CEST	53	47596	51.254.162.59	192.168.2.23
Apr 23, 2024 08:33:02.401468039 CEST	53193	53	192.168.2.23	178.254.22.166
Apr 23, 2024 08:33:02.570636034 CEST	53	53193	178.254.22.166	192.168.2.23
Apr 23, 2024 08:33:02.570766926 CEST	48345	53	192.168.2.23	178.254.22.166
Apr 23, 2024 08:33:02.739690065 CEST	53	48345	178.254.22.166	192.168.2.23
Apr 23, 2024 08:33:02.739923954 CEST	36168	53	192.168.2.23	178.254.22.166
Apr 23, 2024 08:33:02.908382893 CEST	53	36168	178.254.22.166	192.168.2.23
Apr 23, 2024 08:33:02.908571005 CEST	59200	53	192.168.2.23	178.254.22.166
Apr 23, 2024 08:33:03.087611914 CEST	53	59200	178.254.22.166	192.168.2.23
Apr 23, 2024 08:33:03.087809086 CEST	34621	53	192.168.2.23	178.254.22.166
Apr 23, 2024 08:33:03.256658077 CEST	53	34621	178.254.22.166	192.168.2.23
Apr 23, 2024 08:33:05.451858997 CEST	46535	53	192.168.2.23	194.36.144.87
Apr 23, 2024 08:33:05.626715899 CEST	53	46535	194.36.144.87	192.168.2.23
Apr 23, 2024 08:33:07.822268009 CEST	46169	53	192.168.2.23	51.158.108.203
Apr 23, 2024 08:33:07.981436968 CEST	53	46169	51.158.108.203	192.168.2.23
Apr 23, 2024 08:33:23.987054110 CEST	46299	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:33:28.991520882 CEST	58331	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:33:33.996131897 CEST	44912	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:33:39.000598907 CEST	33067	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:33:44.005105019 CEST	59743	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:33:51.204799891 CEST	59152	53	192.168.2.23	194.36.144.87
Apr 23, 2024 08:33:51.379573107 CEST	53	59152	194.36.144.87	192.168.2.23
Apr 23, 2024 08:34:07.390824080 CEST	55473	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:34:12.395256996 CEST	35995	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:34:17.399652958 CEST	51614	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:34:22.402528048 CEST	43478	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:34:27.403909922 CEST	43683	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:34:34.603477955 CEST	52170	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:34:39.606133938 CEST	43347	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:34:44.610577106 CEST	38739	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:34:49.612862110 CEST	36681	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:34:54.616172075 CEST	50582	53	192.168.2.23	91.217.137.37
Apr 23, 2024 08:35:01.815711021 CEST	45561	53	192.168.2.23	194.36.144.87
Apr 23, 2024 08:35:01.990441084 CEST	53	45561	194.36.144.87	192.168.2.23
Apr 23, 2024 08:35:04.185679913 CEST	36943	53	192.168.2.23	195.10.195.195
Apr 23, 2024 08:35:04.353739977 CEST	53	36943	195.10.195.195	192.168.2.23
Apr 23, 2024 08:35:04.354094982 CEST	52345	53	192.168.2.23	195.10.195.195
Apr 23, 2024 08:35:04.521668911 CEST	53	52345	195.10.195.195	192.168.2.23
Apr 23, 2024 08:35:04.522063971 CEST	50196	53	192.168.2.23	195.10.195.195
Apr 23, 2024 08:35:04.689749956 CEST	53	50196	195.10.195.195	192.168.2.23
Apr 23, 2024 08:35:04.690155983 CEST	55425	53	192.168.2.23	195.10.195.195
Apr 23, 2024 08:35:04.858198881 CEST	53	55425	195.10.195.195	192.168.2.23
Apr 23, 2024 08:35:04.858675003 CEST	49467	53	192.168.2.23	195.10.195.195
Apr 23, 2024 08:35:05.026671886 CEST	53	49467	195.10.195.195	192.168.2.23
Apr 23, 2024 08:35:07.221807957 CEST	38554	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:35:12.226332903 CEST	37530	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:35:17.229104042 CEST	57639	53	192.168.2.23	94.16.114.254
Apr 23, 2024 08:35:22.233705997 CEST	37307	53	192.168.2.23	94.16.114.254

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 23, 2024 08:33:01.553786993 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable
Apr 23, 2024 08:34:21.723339081 CEST	192.168.2.23	192.168.2.1	8283	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 08:32:53.582046986 CEST	192.168.2.23	134.195.4.2	0xfc0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:53.758572102 CEST	192.168.2.23	134.195.4.2	0xfc0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:53.850395918 CEST	192.168.2.23	134.195.4.2	0xfc0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:53.944595098 CEST	192.168.2.23	134.195.4.2	0xfc0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:54.034020901 CEST	192.168.2.23	134.195.4.2	0xfc0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:56.318504095 CEST	192.168.2.23	51.77.149.139	0xf279	Standard query (0)	sex.secure-cyber-security.V'f66PV,PV!E((4G/3M5Ng/yV'fDVVPV!PV,EHp@@.=3M54ysexsecure-cyber-securitys.'f6)66PV,PV!E((4o/3M5eyV'f*VVP.!PV,EHp@@>,3M54xysexsecure-cyber-securitysV'.66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq.@>3M54xysexsecure-cyber-securitys..'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6	13824	0	false
Apr 23, 2024 08:32:56.491588116 CEST	192.168.2.23	51.77.149.139	0xf279	Standard query (0)	sex.secure-cyber-security.V'f6)66PV,PV!E((4o/3M5eyV'f*VVPV!PV,EHp@@.,3M54xysexsecure-cyber-securitys.'f66PV,PV!E((4/p3M5eyV'fVVP.!PV,EHq@@>3M54xysexsecure-cyber-securitysV'.&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq.@=3M54ysexsecure-cyber-securitys..'f66PV,PV!E((4/`3M5gyV'fJJJP.!PV,E<@@YF]#V'f66	80	22168	false
Apr 23, 2024 08:32:56.666111946 CEST	192.168.2.23	51.77.149.139	0xf279	Standard query (0)	sex.secure-cyber-security.V'f66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq@@.3M54xysexsecure-cyber-securitys.'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6	13824	0	false
Apr 23, 2024 08:32:56.835208893 CEST	192.168.2.23	51.77.149.139	0xf279	Standard query (0)	sex.secure-cyber-security.V'f&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq@@.3M54ysexsecure-cyber-securitys.V'f66PV,PV.E((4/`3M5gy	256	0	false
Apr 23, 2024 08:32:57.010049105 CEST	192.168.2.23	51.77.149.139	0xf279	Standard query (0)	sex.secure-cyber-security.V'f66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<@@.F]#V'f66PV,PV!E((@0.F]P..'fN9BBPV!PV,E4a@@_T[[+T>V48_iV'fY.W.PV!PV,EI@@3;55{securityrebirth-networksu...'fzeWWPV,PV!E(I2T3;55securityrebirth-.etworksuV'ffWWPV!PV,EI@@3;Y55\securityrebirth-network.uV'fWWPV,PV!E(I2T3;5Y5securityrebirth-networksuV'fY.WW.V!PV,EI@@3;)55~securityrebirth-networksu	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.384856939 CEST	192.168.2.23	51.254.162.59	0x8a0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.550429106 CEST	192.168.2.23	51.254.162.59	0x8a0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.715864897 CEST	192.168.2.23	51.254.162.59	0x8a0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.880188942 CEST	192.168.2.23	51.254.162.59	0x8a0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:00.041907072 CEST	192.168.2.23	51.254.162.59	0x8a0e	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:02.401468039 CEST	192.168.2.23	178.254.22.166	0x8a11	Standard query (0)	kz.adolfhitler.su.V'f66PV,PV!EH(~4{n5PV'fNNPV!PV,E@.@@5,Nkzadolf.itlersunV'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV.PV,E@P@@H5	11389	37514	false
Apr 23, 2024 08:33:02.570766926 CEST	192.168.2.23	178.254.22.166	0x8a11	Standard query (0)	kz.adolfhitler.su.V'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV!PV,E@.@@H5,}kzadolfhitlersunV'f_66PV,	20566	42785	false
Apr 23, 2024 08:33:02.739923954 CEST	192.168.2.23	178.254.22.166	0x8a11	Standard query (0)	kz.adolfhitler.su.V'f_66PV,PV!EH(~4{!5HV'fNNPV!PV,E@.@@@5,#kzadolfhitlersunV'f<V66PV,PV!EH(4{	65046	42688	false
Apr 23, 2024 08:33:02.908571005 CEST	192.168.2.23	178.254.22.166	0x8a11	Standard query (0)	kz.adolfhitler.su.V'f<V66PV,PV!EH(4{5@V'fWNNPV!PV,E@.@@=5,kzadolfhitlersunV'f66PV,PV!EH(3\|5	15616	5344	false
Apr 23, 2024 08:33:03.087809086 CEST	192.168.2.23	178.254.22.166	0x8a11	Standard query (0)	kz.adolfhitler.su.V'f66PV,PV!EH(3\|5=V'fkJJPV!PV,E<.@@OjF4#jV'f	13824	0	false
Apr 23, 2024 08:33:05.451858997 CEST	192.168.2.23	194.36.144.87	0xb0b3	Standard query (0)	sex.secure-cyber-security.!V'fVVPV,PV!EHH3$W54]sexsecure-cyber-securitys!V'f.JPV!PV,E<@@wFqg#	0	259	false
Apr 23, 2024 08:33:07.822268009 CEST	192.168.2.23	51.158.108.203	0x45c	Standard query (0)	kz.adolfhitler.su.#V'fNNPV,PV!E(@3L3l5Y,p\kzadolfhitlersus#V'fJJJ	20566	42785	false
Apr 23, 2024 08:33:23.987054110 CEST	192.168.2.23	91.217.137.37	0xb4bb	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:28.991520882 CEST	192.168.2.23	91.217.137.37	0xb4bb	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:33.996131897 CEST	192.168.2.23	91.217.137.37	0xb4bb	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:39.000598907 CEST	192.168.2.23	91.217.137.37	0xb4bb	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:44.005105019 CEST	192.168.2.23	91.217.137.37	0xb4bb	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:51.204799891 CEST	192.168.2.23	194.36.144.87	0xcb53	Standard query (0)	kz.adolfhitler.su.OV'fNNPV,PV!EH@3$W5,SkzadolfhitlersunOV'fcJ	18944	0	false
Apr 23, 2024 08:34:07.390824080 CEST	192.168.2.23	94.16.114.254	0x50ca	Standard query (0)	kz.adolfhitler.su.dV'fNNPV!PV,E@O@@WD^r5,PkzadolfhitlersuniV'f%N	19968	0	false
Apr 23, 2024 08:34:12.395256996 CEST	192.168.2.23	94.16.114.254	0x50ca	Standard query (0)	kz.adolfhitler.su.iV'f%NNPV!PV,E@P]@@V^r5,sPkzadolfhitlersunmV'fJ	18944	0	false
Apr 23, 2024 08:34:17.399652958 CEST	192.168.2.23	94.16.114.254	0x50ca	Standard query (0)	kz.adolfhitler.su.mV'fJJPV!PV,E<R]@;E '@@<JUPINGnV'f`$NN	80	22183	false
Apr 23, 2024 08:34:22.402528048 CEST	192.168.2.23	94.16.114.254	0x50ca	Standard query (0)	kz.adolfhitler.su.sV'f)NNPV!PV,E@S@@SF^r5,PkzadolfhitlersunxV'f;J	18944	0	false
Apr 23, 2024 08:34:27.403909922 CEST	192.168.2.23	94.16.114.254	0x50ca	Standard query (0)	kz.adolfhitler.su.xV'f;JJPV!PV,E<7@@XpFaQD.#+xV'f466	80	22168	false
Apr 23, 2024 08:34:34.603477955 CEST	192.168.2.23	91.217.137.37	0x6737	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:39.606133938 CEST	192.168.2.23	91.217.137.37	0x6737	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:44.610577106 CEST	192.168.2.23	91.217.137.37	0x6737	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:49.612862110 CEST	192.168.2.23	91.217.137.37	0x6737	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:54.616172075 CEST	192.168.2.23	91.217.137.37	0x6737	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:35:01.815711021 CEST	192.168.2.23	194.36.144.87	0x6406	Standard query (0)	sex.secure-cyber-security.V'fVVPV,PV!EHH3d$W54+dsexsecure-cyber-securitysV'f.JPV!PV,E<@@#F6#H	0	259	false
Apr 23, 2024 08:35:04.185679913 CEST	192.168.2.23	195.10.195.195	0x29e2	Standard query (0)	kz.adolfhitler.su.V'fe66PV,PV!EH(6f5Oz)V'f/gNNPV!PV,E@C@@	56256	43010	false
Apr 23, 2024 08:35:04.354094982 CEST	192.168.2.23	195.10.195.195	0x29e2	Standard query (0)	kz.adolfhitler.su.V'f66PV,PV!EH(6?5y>)V'fPNNPV!PV,E@i@@	46528	43010	false
Apr 23, 2024 08:35:04.522063971 CEST	192.168.2.23	195.10.195.195	0x29e2	Standard query (0)	kz.adolfhitler.su.V'fV66PV,PV!EH(65G)V'fNNPV!PV,E@u@@	43456	43010	false
Apr 23, 2024 08:35:04.690155983 CEST	192.168.2.23	195.10.195.195	0x29e2	Standard query (0)	kz.adolfhitler.su.V'fW66PV,PV!EH(652)V'f3NNPV!PV,E@@@	37056	43010	false
Apr 23, 2024 08:35:04.858675003 CEST	192.168.2.23	195.10.195.195	0x29e2	Standard query (0)	kz.adolfhitler.su.V'f0h66PV,PV!EH(65;I)V'fhJJPV!PV,E<t@@	4800	43010	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 08:32:53.671452999 CEST	134.195.4.2	192.168.2.23	0xfc0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:53.850266933 CEST	134.195.4.2	192.168.2.23	0xfc0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:53.944479942 CEST	134.195.4.2	192.168.2.23	0xfc0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:54.033895969 CEST	134.195.4.2	192.168.2.23	0xfc0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:54.122992039 CEST	134.195.4.2	192.168.2.23	0xfc0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.550266027 CEST	51.254.162.59	192.168.2.23	0x8a0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.715735912 CEST	51.254.162.59	192.168.2.23	0x8a0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:32:59.880034924 CEST	51.254.162.59	192.168.2.23	0x8a0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:00.041558027 CEST	51.254.162.59	192.168.2.23	0x8a0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:00.205921888 CEST	51.254.162.59	192.168.2.23	0x8a0e	Format error (1)	security.rebirth-network.su	none	none	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:33:05.626715899 CEST	194.36.144.87	192.168.2.23	0xb0b3	Format error (1)	sex.secure-cyber-security.!V'fJJPV!PV,E<@@wFqg#!V'f66PV	none	none	11264	20566	false
Apr 23, 2024 08:33:07.981436968 CEST	51.158.108.203	192.168.2.23	0x45c	Format error (1)	kz.adolfhitler.su.#V'fJJJPV!PV,E<V@@ \|<#%+$V'f.JJPV.PV,E<V@@ \|.#/+'V'f2)JJPV!PV	none	none	37164	2048	false
Apr 23, 2024 08:33:51.379573107 CEST	194.36.144.87	192.168.2.23	0xcb53	Format error (1)	kz.adolfhitler.su.OV'fcJJPV!PV,E<@@:T+PV'fIJJ	none	none	80	22183	false
Apr 23, 2024 08:35:01.990441084 CEST	194.36.144.87	192.168.2.23	0x6406	Format error (1)	sex.secure-cyber-security.V'fJJPV!PV,E<@@#F6#HV'f66PV	none	none	11264	20566	false

System Behavior

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6218, Parent PID: 6133

General

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	-
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	-
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	-
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	-
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf
Arguments:	-
File size:	43716 bytes
MD5 hash:	a7bbd9d15d98cabc448db9d9631a5955

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:53
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:54
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:32:55
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:55
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:56
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: systemd PID: 6293, Parent PID: 1

General

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:57
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:32:59
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:33:00
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:33:01
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:33:02
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:33:02
Start date (UTC):	23/04/2024
Path:	/bin/plymouth
Arguments:	/bin/plymouth quit
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

Start time (UTC):	06:34:23
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:23
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	ReversingLabs: Detection: 47%
Source: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Virustotal: Detection: 15%			Perma Link

Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f66PV,PV!E((4G/3M5Ng/yV'fDVVPV!PV,EHp@@.=3M54ysexsecure-cyber-securitys.'f6)66PV,PV!E((4o/3M5eyV'f*VVP.!PV,EHp@@>,3M54xysexsecure-cyber-securitysV'.66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq.@>3M54xysexsecure-cyber-securitys..'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f6)66PV,PV!E((4o/3M5eyV'f*VVPV!PV,EHp@@.,3M54xysexsecure-cyber-securitys.'f66PV,PV!E((4/p3M5eyV'fVVP.!PV,EHq@@>3M54xysexsecure-cyber-securitysV'.&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq.@=3M54ysexsecure-cyber-securitys..'f66PV,PV!E((4/`3M5gyV'fJJJP.!PV,E<@@YF]#V'f66
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f66PV,PV!E((4/p3M5eyV'fVVPV!PV,EHq@@.3M54xysexsecure-cyber-securitys.'f&66PV,PV!E((4/g3M5 iyV'fA'VVP.!PV,EHq@@=3M54ysexsecure-cyber-securitysV'.66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<.@YF]#V'f6
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f&66PV,PV!E((4/g3M5 iyV'fA'VVPV!PV,EHq@@.3M54ysexsecure-cyber-securitys.V'f66PV,PV.E((4/`3M5gy
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f66PV,PV!E((4/`3M5gyV'fJJJPV!PV,E<@@.F]#V'f66PV,PV!E((@0.F]P..'fN9BBPV!PV,E4a@@_T[[+T>V48_iV'fY.W.PV!PV,EI@@3;55{securityrebirth-networksu...'fzeWWPV,PV!E(I2T3;55securityrebirth-.etworksuV'ffWWPV!PV,EI@@3;Y55\securityrebirth-network.uV'fWWPV,PV!E(I2T3;5Y5securityrebirth-networksuV'fY.WW.V!PV,EI@@3;)55~securityrebirth-networksu
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f66PV,PV!EH(~4{n5PV'fNNPV!PV,E@.@@5,Nkzadolf.itlersunV'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV.PV,E@P@@H5
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'fjI66PV,PV!EH(~3\|E5@V'fTJNNPV!PV,E@.@@H5,}kzadolfhitlersunV'f_66PV,
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f_66PV,PV!EH(~4{!5HV'fNNPV!PV,E@.@@@5,#kzadolfhitlersunV'f<V66PV,PV!EH(4{
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f<V66PV,PV!EH(4{5@V'fWNNPV!PV,E@.@@=5,kzadolfhitlersunV'f66PV,PV!EH(3\|5
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f66PV,PV!EH(3\|5=V'fkJJPV!PV,E<.@@OjF4#jV'f
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.!V'fVVPV,PV!EHH3$W54]sexsecure-cyber-securitys!V'f.JPV!PV,E<@@wFqg#
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.#V'fNNPV,PV!E(@3L3l5Y,p\kzadolfhitlersus#V'fJJJ
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.OV'fNNPV,PV!EH@3$W5,SkzadolfhitlersunOV'fcJ
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.dV'fNNPV!PV,E@O@@WD^r5,PkzadolfhitlersuniV'f%N
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.iV'f%NNPV!PV,E@P]@@V^r5,sPkzadolfhitlersunmV'fJ
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.mV'fJJPV!PV,E<R]@;E '@@<JUPINGnV'f`$NN
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.sV'f)NNPV!PV,E@S@@SF^r5,PkzadolfhitlersunxV'f;J
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.xV'f;JJPV!PV,E<7@@XpFaQD.#+xV'f466
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fVVPV,PV!EHH3d$W54+dsexsecure-cyber-securitysV'f.JPV!PV,E<@@#F6#H
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'fe66PV,PV!EH(6f5Oz)V'f/gNNPV!PV,E@C@@
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f66PV,PV!EH(6?5y>)V'fPNNPV!PV,E@i@@
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'fV66PV,PV!EH(65G)V'fNNPV!PV,E@u@@
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'fW66PV,PV!EH(652)V'f3NNPV!PV,E@@@
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.V'f0h66PV,PV!EH(65;I)V'fhJJPV!PV,E<t@@

Source: global traffic	TCP traffic: 192.168.2.23:55764 -> 212.70.149.14:35342
Source: global traffic	TCP traffic: 192.168.2.23:41852 -> 0.4.0.4:35342

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 0.4.0.4
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 51.77.149.139
Source: unknown	UDP traffic detected without corresponding DNS query: 51.77.149.139
Source: unknown	UDP traffic detected without corresponding DNS query: 51.77.149.139
Source: unknown	UDP traffic detected without corresponding DNS query: 51.77.149.139
Source: unknown	UDP traffic detected without corresponding DNS query: 51.77.149.139
Source: unknown	UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown	UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown	UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown	UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown	UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 91.217.137.37
Source: unknown	UDP traffic detected without corresponding DNS query: 91.217.137.37
Source: unknown	UDP traffic detected without corresponding DNS query: 91.217.137.37

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: 6222.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6218.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6221.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6223.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown

Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 658, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 761, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 772, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 774, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 777, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 785, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 793, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 797, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1320, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1344, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1389, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1476, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1809, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1860, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1886, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1888, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 2038, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 4498, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6034, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6196, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6197, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6221, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6222, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6223, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6224, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6246, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6258, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6267, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6270, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6271, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6272, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6273, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6274, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6275, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6276, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6277, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6281, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6282, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6283, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6284, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6285, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6286, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6290, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6293, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6295, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6298, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6299, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6300, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6301, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6302, result: no such process	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6303, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6304, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf (PID: 6220)	SIGKILL sent: pid: 6305, result: no such process	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 6291)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"			Jump to behavior
Source: /usr/bin/gpu-manager (PID: 6296)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"			Jump to behavior

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Source: 6222.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6218.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6221.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6218, Parent PID: 6133

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6219, Parent PID: 6218

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6220, Parent PID: 6219

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6221, Parent PID: 6219

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6222, Parent PID: 6219

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf PID: 6223, Parent PID: 6219

General

Chronological Activities

Analysis Process: systemd PID: 6224, Parent PID: 1

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf