Edit tour

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf

Overview

General Information

Sample name:	SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Analysis ID:	1430164
MD5:	bb08c43e8047acfe9c49af768a8998b8
SHA1:	5cd38d59e8cc458a29a0ba167dbbd66b3e4ea6eb
SHA256:	daad91ca9dd7cf5a4ce54847d7e7ec2f829d5145099930af3f728af644c34697
Tags:	elf
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Queries the IP of a very long domain name

Sample deletes itself

Sample reads /proc/mounts (often used for finding a writable filesystem)

Sample tries to kill multiple processes (SIGKILL)

Connects to many different domains

Deletes log files

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Executes commands using a shell command-line interpreter

Executes the "grep" command used to find patterns in files or piped streams

Executes the "kill" or "pkill" command typically used to terminate processes

Reads CPU information from /sys indicative of miner or evasive malware

Reads the 'hosts' file potentially containing internal network hosts

Sample contains only a LOAD segment without any section mappings

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430164
Start date and time:	2024-04-23 08:33:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Detection:	MAL
Classification:	mal64.spre.troj.evad.linELF@0/0@36/0

Warnings

Connection to analysis system has been lost, crash info: Unknown

Runtime Messages

Command:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
PID:	5425
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	black botnet voodoo
Standard Error:

Process Tree

system is lnxubuntu20

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5425, Parent: 5349, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf New Fork (PID: 5428, Parent: 5425)

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf New Fork (PID: 5430, Parent: 5428)

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf New Fork (PID: 5432, Parent: 5428)

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf New Fork (PID: 5434, Parent: 5428)

SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf New Fork (PID: 5436, Parent: 5428)

systemd New Fork (PID: 5438, Parent: 1)

journalctl (PID: 5438, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var

systemd New Fork (PID: 5458, Parent: 1)

dbus-daemon (PID: 5458, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5472, Parent: 2935)

pulseaudio (PID: 5472, Parent: 2935, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal

systemd New Fork (PID: 5473, Parent: 1)

rsyslogd (PID: 5473, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gvfsd-fuse New Fork (PID: 5474, Parent: 3122)

fusermount (PID: 5474, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs

systemd New Fork (PID: 5477, Parent: 1)

systemd-journald (PID: 5477, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 5480, Parent: 1)

dbus-daemon (PID: 5480, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5481, Parent: 1)

rsyslogd (PID: 5481, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5485, Parent: 1)

systemd-journald (PID: 5485, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 5486, Parent: 1)

dbus-daemon (PID: 5486, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5487, Parent: 1)

rsyslogd (PID: 5487, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5488, Parent: 1)

systemd-journald (PID: 5488, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 5489, Parent: 1)

dbus-daemon (PID: 5489, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5490, Parent: 1)

systemd-journald (PID: 5490, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 5491, Parent: 1)

dbus-daemon (PID: 5491, Parent: 1, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

systemd New Fork (PID: 5492, Parent: 1)

systemd-journald (PID: 5492, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald

systemd New Fork (PID: 5493, Parent: 1)

rsyslogd (PID: 5493, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

gdm3 New Fork (PID: 5494, Parent: 1400)

Default (PID: 5494, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5495, Parent: 1400)

Default (PID: 5495, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

gdm3 New Fork (PID: 5496, Parent: 1400)

Default (PID: 5496, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

systemd New Fork (PID: 5497, Parent: 1)

rsyslogd (PID: 5497, Parent: 1, MD5: 0b8087fc907c42eb3c81a691db258e33) Arguments: /usr/sbin/rsyslogd -n -iNONE

systemd New Fork (PID: 5498, Parent: 1)

gpu-manager (PID: 5498, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5499, Parent: 5498)

sh (PID: 5499, Parent: 5498, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5500, Parent: 5499)

systemd New Fork (PID: 5501, Parent: 1)

generate-config (PID: 5501, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5502, Parent: 5501)

pkill (PID: 5502, Parent: 5501, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 5503, Parent: 1)

gpu-manager (PID: 5503, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

gpu-manager New Fork (PID: 5504, Parent: 5503)

sh (PID: 5504, Parent: 5503, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf"

sh New Fork (PID: 5505, Parent: 5504)

grep (PID: 5505, Parent: 5504, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

systemd New Fork (PID: 5506, Parent: 1)

generate-config (PID: 5506, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5507, Parent: 5506)

pkill (PID: 5507, Parent: 5506, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 5510, Parent: 1)

gpu-manager (PID: 5510, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 5511, Parent: 1)

generate-config (PID: 5511, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5512, Parent: 5511)

pkill (PID: 5512, Parent: 5511, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 5513, Parent: 1)

gpu-manager (PID: 5513, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 5514, Parent: 1)

generate-config (PID: 5514, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5515, Parent: 5514)

pkill (PID: 5515, Parent: 5514, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 5516, Parent: 1)

gpu-manager (PID: 5516, Parent: 1, MD5: 8fae9dd5dd67e1f33d873089c2fd8761) Arguments: /usr/bin/gpu-manager --log /var/log/gpu-manager.log

systemd New Fork (PID: 5517, Parent: 1)

generate-config (PID: 5517, Parent: 1, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/gdm/generate-config

generate-config New Fork (PID: 5518, Parent: 5517)

pkill (PID: 5518, Parent: 5517, MD5: fa96a75a08109d8842e4865b2907d51f) Arguments: pkill --signal HUP --uid gdm dconf-service

systemd New Fork (PID: 5519, Parent: 1)

plymouth (PID: 5519, Parent: 1, MD5: 87003efd8dad470042f5e75360a8f49f) Arguments: /bin/plymouth quit

systemd New Fork (PID: 5521, Parent: 2935)

dbus-daemon (PID: 5521, Parent: 2935, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only

cleanup

Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf

Jump to behavior

Source: /usr/share/gdm/generate-config (PID: 5502)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5507)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5512)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5515)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5518)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5425)

File: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf

Jump to behavior

Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	Submission file: segment LOAD with 7.9024 entropy (max. 8.0)
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	Submission file: segment LOAD with 7.9572 entropy (max. 8.0)

Source: /usr/bin/gpu-manager (PID: 5498)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5503)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5513)	Truncated file: /var/log/gpu-manager.log	Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5516)	Truncated file: /var/log/gpu-manager.log	Jump to behavior

Source: /usr/bin/pkill (PID: 5507)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5515)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior
Source: /usr/bin/pkill (PID: 5518)	Reads CPU info from /sys: /sys/devices/system/cpu/online	Jump to behavior

Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5425)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5493)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/rsyslogd (PID: 5497)	Queries kernel information via 'uname':	Jump to behavior

Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: U/mipsel/tmp/vmware-root_727-4290690966
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: /mipsel/tmp/vmware-root_727-4290690966
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5425.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5432.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5434.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: U1/tmp/vmware-root_727-42906909661mips32r6-generic-mips-cpuQ@&R3
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.00007f69e8430000.00007f69e843c000.rw-.sdmp	Binary or memory string: vmware-root_727-4290690966
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_727-4290690966
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.00007f69e843c000.00007f69e843f000.rw-.sdmp	Binary or memory string: a/tmp/systemd-private-fe424f1b0f85425093f40a37100b81c4-colord.service-PB7Ovfa1/tmp/vmware-root_727-4290690966
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5425.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5432.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5434.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5425.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5432.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5434.1.000055ba334e9000.000055ba33598000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.000055ba334e9000.000055ba33598000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5425.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5432.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5434.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp, SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf, 5436.1.00007fff6d9e8000.00007fff6da09000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	1 Disable or Modify Tools	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Indicator Removal	LSASS Memory	11 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	39%	ReversingLabs	Linux.Trojan.Mirai
SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	10%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
security.rebirth-network.su	212.70.149.10	true	false	unknown
sex.secure-cyber-security.V'f\66a/PV!EH(hvnT5tG]V'fVVPV!a/EH@@	unknown	unknown	true	low
sex.secure-cyber-security.V'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8.JPV!a/E<6@@FbtH}p	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!E((r5D5b`DnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'f6	unknown	unknown	true	low
siegheil.hiter.su.V'fM66a/PV!E((m4C5IV'fNNNPV!a/E@x@@.5,$siegheilhitersusV'f66a/PV!E((n4C5	unknown	unknown	true	low
siegheil.hiter.su.V'fP66a/PV!E((y4C5&dV'fNNPV!a/E@x@@.}5,G_siegheilhitersusV'f5a66a/PV!E((5B5	unknown	unknown	true	low
siegheil.hiter.su.V'fvw66a/PV!EH(3r5,MV'f]xNNPV!a/E@	unknown	unknown	true	low
sex.secure-cyber-security.V'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fh.VPV!a/EHq@@8$W54"<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[VV	unknown	unknown	true	low
siegheil.hiter.su.V'f%66a/PV!EH(4q5Ky.V'fJJPV!a/E<.@@gF&dV'f66a	unknown	unknown	true	low
siegheil.hiter.su.V'fMm66a/PV!EH(2K=5WsV'fnJJPV!a/E<	unknown	unknown	true	low
siegheil.hiter.su.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N	unknown	unknown	true	low
sex.secure-cyber-security.V'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7.VPV!a/EH\@@8$W54<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fhVV	unknown	unknown	true	low
sex.secure-cyber-security.V'fr66a/PV!EH(tm5Y]V'fsVVPV!a/EH@@	unknown	unknown	true	low
siegheil.hiter.su.V'f!66a/PV!E((4E5=nV'fJJPV!a/E<j.@@4F3" V'f66a/PV!E((@0F3"P.'fvNNPV!a/E@N@@2=5,~mWssiegheilhitersu.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N	unknown	unknown	true	low
siegheil.hiter.su.V'fj66a/PV!EH(5pE5pV'fNNPV!a/E@	unknown	unknown	true	low
siegheil.hiter.su.V'fE66a/PV!E((5B5(?V'fJJPV!a/E<@@.F2V'f66a/PV.E((@0F2	unknown	unknown	true	low
sex.secure-cyber-security.V'fz#66a/PV!EH(<vb5]V'f8%JJPV!a/E<@@.	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!E((4E5tnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'fv6.a/PV!E((4E5xn	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!EH(5p)5qV'f,NNPV!a/E@	unknown	unknown	true	low
siegheil.hiter.su.V'f,566a/PV!EH(2KY=5WsV'f5NNPV!a/E@N	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!E((n4C5V'fNNPV!a/E@x@@.&5,siegheilhitersusV'fP66a/PV!E((y4C5&d	unknown	unknown	true	low
sex.secure-cyber-security.V'f66a/PV!EH(@v{5d`]V'fVVPV!a/EH0@@	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!EH(2KH=5<\WsV'fNNPV!a/E@N	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!EH(2K<=5WsV'fNNPV!a/E@N	unknown	unknown	true	low
sex.secure-cyber-security.V'fVVa/PV!EHHs3$W54#<sexsecure-cyber-securitysV'f~.VPV!a/EH3@@8@$W754<sexsecure-cyber-securit.sV'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7VV	unknown	unknown	true	low
sex.secure-cyber-security.V'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[.VPV!a/EH@@7$W54~<sexsecure-cyber-securit.sV'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8JJ	unknown	unknown	true	low
siegheil.hiter.su.V'f66a/PV!EH(4q45V'fNNPV!a/E@	unknown	unknown	true	low
siegheil.hiter.su.V'fv66a/PV!E((4E5xnV'fwNNPV!a/E@w.@@u5,nsiegheilhitersunV'f!66	unknown	unknown	true	low
sex.secure-cyber-security.V'f466a/PV!EH(rv5tl]V'f=VVPV!a/EH@@	unknown	unknown	true	low
siegheil.hiter.su.V'fc66a/PV!E((k5D5j$nV'fdNNPV!a/E@w.@@ub5,nsiegheilhitersun..'f66a/PV!E((r5D5b`DnV'fNNP.!a/E@wD@@u5,nsiegheilhitersunV'f6	unknown	unknown	true	low
siegheil.hiter.su.V'f5a66a/PV!E((5B5V'faNNPV!a/E@x@@.{(5,siegheilhitersusV'fE66a/PV!E((5B5(?	unknown	unknown	true	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
212.70.149.14	unknown	Bulgaria	208410	INTERNET-HOSTINGBG	false
212.70.149.10	security.rebirth-network.su	Bulgaria	208410	INTERNET-HOSTINGBG	false
185.125.190.26	unknown	United Kingdom	41231	CANONICAL-ASGB	false
54.247.62.1	unknown	United States	16509	AMAZON-02US	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
212.70.149.14	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	/arm6
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	/arm7
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	/mips
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	/mpsl
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	/arm5
185.125.190.26	jdsfl.arm7.elf	Get hash	malicious	Unknown	Browse
	.Sx86.elf	Get hash	malicious	Unknown	Browse
	t8WeXq3mvS.elf	Get hash	malicious	Gafgyt	Browse
	HfcQmQis2J.elf	Get hash	malicious	Unknown	Browse
	OO1vDl4L4r.elf	Get hash	malicious	Unknown	Browse
	tajma.mips-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse
	tajma.arm-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse
	tajma.x86-20240421-1853.elf	Get hash	malicious	Mirai, Okiru	Browse
	tajma.mips-20240421-1853.elf	Get hash	malicious	Mirai, Okiru	Browse
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse
54.247.62.1	tajma.x86_64-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse
	client1.elf	Get hash	malicious	Unknown	Browse
	NlF293hgXW.elf	Get hash	malicious	Mirai, Okiru	Browse
	PN9QHDmpS1.elf	Get hash	malicious	Mirai, Okiru	Browse
	s02RKS8Moh.elf	Get hash	malicious	Unknown	Browse
	7NoSwE5r4C.elf	Get hash	malicious	Chaos	Browse
	FMBz4fK3Fo.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	z3u7dnBStL.elf	Get hash	malicious	Mirai	Browse
	YE6HFLEfb4.elf	Get hash	malicious	Unknown	Browse
	0nfIIyGr0B.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
security.rebirth-network.su	ul5RjxwWTK.elf	Get hash	malicious	Unknown	Browse	212.70.149.10

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://url.avanan.click/v2/___https:/novafr-my.sharepoint.com/:b:/g/personal/mfranco_nova-fr_org/EZPaIwPkDApNno6rWIAO20YB4ByiRCAe_VGScx-2iiONBw?e=magUuY/___.YXAzOmVuLW1kYTphOm86ZDA4MDI5MGVhZTA1MzJiMWZlYTg0YjE1OWE2NmVhNjc6NjplYTNkOjc2NzNkYWE0NTMzNWVhMjkxM2VjMGU1NGMyNDY3ZjVhNmJhNjU0MTk1ZmRjMzUzM2QxODAyNDVjY2E1Y2M1ODY6aDpU	Get hash	malicious	HTMLPhisher	Browse	108.156.172.86
	BitTorrent-7.6.exe	Get hash	malicious	Unknown	Browse	99.86.228.107
	BitTorrent-7.6.exe	Get hash	malicious	Unknown	Browse	99.86.228.107
	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	SecuriteInfo.com.Linux.DownLoader.532.20148.6112.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://5gpzyf.cn/	Get hash	malicious	Unknown	Browse	52.85.151.86
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	34.243.110.181
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	52.214.160.103
CANONICAL-ASGB	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.DownLoader.533.23350.4113.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.7014.17279.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.DownLoader.523.26836.26051.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Siggen.9999.26640.11404.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	NLgD8SSCOD.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	jdsfl.arm7.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	.Sarm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.Sx86.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
INTERNET-HOSTINGBG	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	CT9oaKX3q3.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	FPzq69vduv.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	WgOCAsA3rc.elf	Get hash	malicious	Unknown	Browse	87.246.7.195
	Zhg54HPfZj.elf	Get hash	malicious	Unknown	Browse	87.246.7.195
INTERNET-HOSTINGBG	SecuriteInfo.com.Linux.Siggen.7251.3492.11320.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	UOt98MEVJw.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	XtpqFYYOsk.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	M5JK7Pf4NO.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	aIIxWKK5Cm.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	Y8ahzapm43.elf	Get hash	malicious	Unknown	Browse	212.70.149.14
	CT9oaKX3q3.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	FPzq69vduv.elf	Get hash	malicious	Unknown	Browse	87.246.7.66
	WgOCAsA3rc.elf	Get hash	malicious	Unknown	Browse	87.246.7.195
	Zhg54HPfZj.elf	Get hash	malicious	Unknown	Browse	87.246.7.195

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.9552508310543795
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
File size:	52'084 bytes
MD5:	bb08c43e8047acfe9c49af768a8998b8
SHA1:	5cd38d59e8cc458a29a0ba167dbbd66b3e4ea6eb
SHA256:	daad91ca9dd7cf5a4ce54847d7e7ec2f829d5145099930af3f728af644c34697
SHA512:	29e260c7a91c40677831674a0e8065e50e8c5644289870ef97f57b6111c9baf82f8bb5cf0285f91def9ab6602869755524ab5978de7c2370718c232928d1f624
SSDEEP:	1536:YL6cN8CMV+z1WOX20r5sYuNEj0ngMxNpOLwauny:Y+cbg+IOX2g5sfxgO0sA
TLSH:	F133E11D9E7DF182C82EADFD08DE22115464C89163FF4F619794408C8F24E8BBEADD69
File Content Preview:	.ELF......................D.4...........4. ...(...............@...@.....D.....................D...D.5...5.............!.sfga....................V..........?.E.h;....#......b.L#=L`..v...b....F......Q...UN@.....\\|g.t..{a.......T3ls.;S...%h.\|..............p?

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x44b690
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1000	0x3a244	7.9024	0x6	RW	0x10000
LOAD	0x0	0x440000	0x440000	0xca35	0xca35	7.9572	0x5	R E	0x10000

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:34:26.713665009 CEST	57218	443	192.168.2.13	54.247.62.1
Apr 23, 2024 08:34:26.890945911 CEST	443	57218	54.247.62.1	192.168.2.13
Apr 23, 2024 08:34:37.977394104 CEST	48202	443	192.168.2.13	185.125.190.26
Apr 23, 2024 08:34:51.353631973 CEST	42668	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:34:51.548305035 CEST	35342	42668	212.70.149.14	192.168.2.13
Apr 23, 2024 08:34:54.396697998 CEST	42670	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:34:54.591557026 CEST	35342	42670	212.70.149.14	192.168.2.13
Apr 23, 2024 08:34:57.037389040 CEST	42672	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:34:57.232078075 CEST	35342	42672	212.70.149.14	192.168.2.13
Apr 23, 2024 08:35:00.159240007 CEST	42674	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:35:00.354258060 CEST	35342	42674	212.70.149.14	192.168.2.13
Apr 23, 2024 08:35:02.795959949 CEST	42676	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:35:02.991030931 CEST	35342	42676	212.70.149.14	192.168.2.13
Apr 23, 2024 08:35:05.866339922 CEST	42678	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:35:06.061362982 CEST	35342	42678	212.70.149.14	192.168.2.13
Apr 23, 2024 08:35:08.507411003 CEST	42680	35342	192.168.2.13	212.70.149.14
Apr 23, 2024 08:35:08.702358961 CEST	35342	42680	212.70.149.14	192.168.2.13
Apr 23, 2024 08:35:08.953355074 CEST	48202	443	192.168.2.13	185.125.190.26
Apr 23, 2024 08:35:10.917448997 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:11.114120007 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:11.114218950 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:11.115699053 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:11.310523987 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:11.310584068 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:11.505254030 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:26.131283998 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:26.326152086 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:26.326169014 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:26.326204062 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:41.595942974 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:41.596067905 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:35:56.791999102 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:35:56.792094946 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:36:11.987924099 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:36:11.988081932 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:36:27.183844090 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:36:27.184123039 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:36:42.380037069 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:36:42.380325079 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:36:56.403150082 CEST	40674	35342	192.168.2.13	212.70.149.10
Apr 23, 2024 08:36:56.598109961 CEST	35342	40674	212.70.149.10	192.168.2.13
Apr 23, 2024 08:36:56.598373890 CEST	40674	35342	192.168.2.13	212.70.149.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:34:26.327941895 CEST	46607	53	192.168.2.13	94.16.114.254
Apr 23, 2024 08:34:31.335185051 CEST	53477	53	192.168.2.13	94.16.114.254
Apr 23, 2024 08:34:36.340480089 CEST	38474	53	192.168.2.13	94.16.114.254
Apr 23, 2024 08:34:41.345643044 CEST	49495	53	192.168.2.13	94.16.114.254
Apr 23, 2024 08:34:46.347084999 CEST	40569	53	192.168.2.13	94.16.114.254
Apr 23, 2024 08:34:53.549222946 CEST	41225	53	192.168.2.13	178.254.22.166
Apr 23, 2024 08:34:53.717930079 CEST	53	41225	178.254.22.166	192.168.2.13
Apr 23, 2024 08:34:53.718477011 CEST	46568	53	192.168.2.13	178.254.22.166
Apr 23, 2024 08:34:53.888755083 CEST	53	46568	178.254.22.166	192.168.2.13
Apr 23, 2024 08:34:53.889086008 CEST	44808	53	192.168.2.13	178.254.22.166
Apr 23, 2024 08:34:54.057730913 CEST	53	44808	178.254.22.166	192.168.2.13
Apr 23, 2024 08:34:54.057899952 CEST	38700	53	192.168.2.13	178.254.22.166
Apr 23, 2024 08:34:54.227190018 CEST	53	38700	178.254.22.166	192.168.2.13
Apr 23, 2024 08:34:54.227421045 CEST	59467	53	192.168.2.13	178.254.22.166
Apr 23, 2024 08:34:54.396325111 CEST	53	59467	178.254.22.166	192.168.2.13
Apr 23, 2024 08:34:56.591934919 CEST	47490	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:34:56.680838108 CEST	53	47490	134.195.4.2	192.168.2.13
Apr 23, 2024 08:34:56.681185007 CEST	50018	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:34:56.770005941 CEST	53	50018	134.195.4.2	192.168.2.13
Apr 23, 2024 08:34:56.770176888 CEST	44776	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:34:56.858891010 CEST	53	44776	134.195.4.2	192.168.2.13
Apr 23, 2024 08:34:56.859028101 CEST	43745	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:34:56.947860003 CEST	53	43745	134.195.4.2	192.168.2.13
Apr 23, 2024 08:34:56.948215008 CEST	59039	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:34:57.036896944 CEST	53	59039	134.195.4.2	192.168.2.13
Apr 23, 2024 08:34:59.232566118 CEST	37891	53	192.168.2.13	185.181.61.24
Apr 23, 2024 08:34:59.417354107 CEST	53	37891	185.181.61.24	192.168.2.13
Apr 23, 2024 08:34:59.417565107 CEST	36006	53	192.168.2.13	185.181.61.24
Apr 23, 2024 08:34:59.603435993 CEST	53	36006	185.181.61.24	192.168.2.13
Apr 23, 2024 08:34:59.603615046 CEST	57148	53	192.168.2.13	185.181.61.24
Apr 23, 2024 08:34:59.789690971 CEST	53	57148	185.181.61.24	192.168.2.13
Apr 23, 2024 08:34:59.790021896 CEST	49908	53	192.168.2.13	185.181.61.24
Apr 23, 2024 08:34:59.975806952 CEST	53	49908	185.181.61.24	192.168.2.13
Apr 23, 2024 08:34:59.976133108 CEST	47878	53	192.168.2.13	185.181.61.24
Apr 23, 2024 08:35:00.159053087 CEST	53	47878	185.181.61.24	192.168.2.13
Apr 23, 2024 08:35:02.354712009 CEST	56766	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:02.442931890 CEST	53	56766	8.8.4.4	192.168.2.13
Apr 23, 2024 08:35:02.443197012 CEST	56803	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:02.531035900 CEST	53	56803	8.8.4.4	192.168.2.13
Apr 23, 2024 08:35:02.531205893 CEST	35537	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:02.619034052 CEST	53	35537	8.8.4.4	192.168.2.13
Apr 23, 2024 08:35:02.619282961 CEST	60874	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:02.707305908 CEST	53	60874	8.8.4.4	192.168.2.13
Apr 23, 2024 08:35:02.707782984 CEST	38686	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:02.795514107 CEST	53	38686	8.8.4.4	192.168.2.13
Apr 23, 2024 08:35:04.991672039 CEST	57789	53	192.168.2.13	194.36.144.87
Apr 23, 2024 08:35:05.166352987 CEST	53	57789	194.36.144.87	192.168.2.13
Apr 23, 2024 08:35:05.167037964 CEST	44855	53	192.168.2.13	194.36.144.87
Apr 23, 2024 08:35:05.341408014 CEST	53	44855	194.36.144.87	192.168.2.13
Apr 23, 2024 08:35:05.342004061 CEST	54931	53	192.168.2.13	194.36.144.87
Apr 23, 2024 08:35:05.516568899 CEST	53	54931	194.36.144.87	192.168.2.13
Apr 23, 2024 08:35:05.516968012 CEST	58907	53	192.168.2.13	194.36.144.87
Apr 23, 2024 08:35:05.691613913 CEST	53	58907	194.36.144.87	192.168.2.13
Apr 23, 2024 08:35:05.691802979 CEST	44479	53	192.168.2.13	194.36.144.87
Apr 23, 2024 08:35:05.866108894 CEST	53	44479	194.36.144.87	192.168.2.13
Apr 23, 2024 08:35:08.062232018 CEST	34377	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:35:08.150995016 CEST	53	34377	134.195.4.2	192.168.2.13
Apr 23, 2024 08:35:08.151257992 CEST	41730	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:35:08.240046978 CEST	53	41730	134.195.4.2	192.168.2.13
Apr 23, 2024 08:35:08.240284920 CEST	49958	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:35:08.329040051 CEST	53	49958	134.195.4.2	192.168.2.13
Apr 23, 2024 08:35:08.329236031 CEST	32915	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:35:08.418101072 CEST	53	32915	134.195.4.2	192.168.2.13
Apr 23, 2024 08:35:08.418253899 CEST	59432	53	192.168.2.13	134.195.4.2
Apr 23, 2024 08:35:08.506948948 CEST	53	59432	134.195.4.2	192.168.2.13
Apr 23, 2024 08:35:10.702888966 CEST	49887	53	192.168.2.13	8.8.4.4
Apr 23, 2024 08:35:10.916171074 CEST	53	49887	8.8.4.4	192.168.2.13

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 23, 2024 08:34:35.430008888 CEST	192.168.2.13	192.168.2.1	8279	(Port unreachable)	Destination Unreachable
Apr 23, 2024 08:35:55.584357023 CEST	192.168.2.13	192.168.2.1	8279	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 08:34:26.327941895 CEST	192.168.2.13	94.16.114.254	0x64ec	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:31.335185051 CEST	192.168.2.13	94.16.114.254	0x64ec	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:36.340480089 CEST	192.168.2.13	94.16.114.254	0x64ec	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:41.345643044 CEST	192.168.2.13	94.16.114.254	0x64ec	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:46.347084999 CEST	192.168.2.13	94.16.114.254	0x64ec	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:34:53.549222946 CEST	192.168.2.13	178.254.22.166	0x90bb	Standard query (0)	siegheil.hiter.su.V'fj66a/PV!EH(5pE5pV'fNNPV!a/E@	16384	16401	false
Apr 23, 2024 08:34:53.718477011 CEST	192.168.2.13	178.254.22.166	0x90bb	Standard query (0)	siegheil.hiter.su.V'f66a/PV!EH(4q45V'fNNPV!a/E@	16384	16401	false
Apr 23, 2024 08:34:53.889086008 CEST	192.168.2.13	178.254.22.166	0x90bb	Standard query (0)	siegheil.hiter.su.V'f66a/PV!EH(5p)5qV'f,NNPV!a/E@	16384	16401	false
Apr 23, 2024 08:34:54.057899952 CEST	192.168.2.13	178.254.22.166	0x90bb	Standard query (0)	siegheil.hiter.su.V'fvw66a/PV!EH(3r5,MV'f]xNNPV!a/E@	16384	16401	false
Apr 23, 2024 08:34:54.227421045 CEST	192.168.2.13	178.254.22.166	0x90bb	Standard query (0)	siegheil.hiter.su.V'f%66a/PV!EH(4q5Ky.V'fJJPV!a/E<.@@gF&dV'f66a	12032	20566	false
Apr 23, 2024 08:34:56.591934919 CEST	192.168.2.13	134.195.4.2	0xd6e	Standard query (0)	siegheil.hiter.su.V'fc66a/PV!E((k5D5j$nV'fdNNPV!a/E@w.@@ub5,nsiegheilhitersun..'f66a/PV!E((r5D5b`DnV'fNNP.!a/E@wD@@u5,nsiegheilhitersunV'f6	13824	0	false
Apr 23, 2024 08:34:56.681185007 CEST	192.168.2.13	134.195.4.2	0xd6e	Standard query (0)	siegheil.hiter.su.V'f66a/PV!E((r5D5b`DnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'f6	54	0	false
Apr 23, 2024 08:34:56.770176888 CEST	192.168.2.13	134.195.4.2	0xd6e	Standard query (0)	siegheil.hiter.su.V'f66a/PV!E((4E5tnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'fv6.a/PV!E((4E5xn	0	36950	false
Apr 23, 2024 08:34:56.859028101 CEST	192.168.2.13	134.195.4.2	0xd6e	Standard query (0)	siegheil.hiter.su.V'fv66a/PV!E((4E5xnV'fwNNPV!a/E@w.@@u5,nsiegheilhitersunV'f!66	62651	25006	false
Apr 23, 2024 08:34:56.948215008 CEST	192.168.2.13	134.195.4.2	0xd6e	Standard query (0)	siegheil.hiter.su.V'f!66a/PV!E((4E5=nV'fJJPV!a/E<j.@@4F3" V'f66a/PV!E((@0F3"P.'fvNNPV!a/E@N@@2=5,~mWssiegheilhitersu.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N	16384	16401	false
Apr 23, 2024 08:34:59.232566118 CEST	192.168.2.13	185.181.61.24	0x5773	Standard query (0)	siegheil.hiter.su.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N	16384	16401	false
Apr 23, 2024 08:34:59.417565107 CEST	192.168.2.13	185.181.61.24	0x5773	Standard query (0)	siegheil.hiter.su.V'f,566a/PV!EH(2KY=5WsV'f5NNPV!a/E@N	16384	16401	false
Apr 23, 2024 08:34:59.603615046 CEST	192.168.2.13	185.181.61.24	0x5773	Standard query (0)	siegheil.hiter.su.V'f66a/PV!EH(2KH=5<\WsV'fNNPV!a/E@N	16384	16401	false
Apr 23, 2024 08:34:59.790021896 CEST	192.168.2.13	185.181.61.24	0x5773	Standard query (0)	siegheil.hiter.su.V'f66a/PV!EH(2K<=5WsV'fNNPV!a/E@N	16384	16401	false
Apr 23, 2024 08:34:59.976133108 CEST	192.168.2.13	185.181.61.24	0x5773	Standard query (0)	siegheil.hiter.su.V'fMm66a/PV!EH(2K=5WsV'fnJJPV!a/E<	16384	16390	false
Apr 23, 2024 08:35:02.354712009 CEST	192.168.2.13	8.8.4.4	0x5da3	Standard query (0)	sex.secure-cyber-security.V'f466a/PV!EH(rv5tl]V'f=VVPV!a/EH@@	60864	43010	false
Apr 23, 2024 08:35:02.443197012 CEST	192.168.2.13	8.8.4.4	0x5da3	Standard query (0)	sex.secure-cyber-security.V'f\66a/PV!EH(hvnT5tG]V'fVVPV!a/EH@@	56256	43010	false
Apr 23, 2024 08:35:02.531205893 CEST	192.168.2.13	8.8.4.4	0x5da3	Standard query (0)	sex.secure-cyber-security.V'fr66a/PV!EH(tm5Y]V'fsVVPV!a/EH@@	51136	43010	false
Apr 23, 2024 08:35:02.619282961 CEST	192.168.2.13	8.8.4.4	0x5da3	Standard query (0)	sex.secure-cyber-security.V'f66a/PV!EH(@v{5d`]V'fVVPV!a/EH0@@	46016	43010	false
Apr 23, 2024 08:35:02.707782984 CEST	192.168.2.13	8.8.4.4	0x5da3	Standard query (0)	sex.secure-cyber-security.V'fz#66a/PV!EH(<vb5]V'f8%JJPV!a/E<@@.	43010	3540	false
Apr 23, 2024 08:35:04.991672039 CEST	192.168.2.13	194.36.144.87	0x3cb2	Standard query (0)	sex.secure-cyber-security.V'fVVa/PV!EHHs3$W54#<sexsecure-cyber-securitysV'f~.VPV!a/EH3@@8@$W754<sexsecure-cyber-securit.sV'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7VV	0	80	false
Apr 23, 2024 08:35:05.167037964 CEST	192.168.2.13	194.36.144.87	0x3cb2	Standard query (0)	sex.secure-cyber-security.V'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7.VPV!a/EH\@@8$W54<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fhVV	0	80	false
Apr 23, 2024 08:35:05.342004061 CEST	192.168.2.13	194.36.144.87	0x3cb2	Standard query (0)	sex.secure-cyber-security.V'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fh.VPV!a/EHq@@8$W54"<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[VV	0	80	false
Apr 23, 2024 08:35:05.516968012 CEST	192.168.2.13	194.36.144.87	0x3cb2	Standard query (0)	sex.secure-cyber-security.V'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[.VPV!a/EH@@7$W54~<sexsecure-cyber-securit.sV'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8JJ	0	80	false
Apr 23, 2024 08:35:05.691802979 CEST	192.168.2.13	194.36.144.87	0x3cb2	Standard query (0)	sex.secure-cyber-security.V'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8.JPV!a/E<6@@FbtH}p	0	259	false
Apr 23, 2024 08:35:08.062232018 CEST	192.168.2.13	134.195.4.2	0x8fa	Standard query (0)	siegheil.hiter.su.V'fM66a/PV!E((m4C5IV'fNNNPV!a/E@x@@.5,$siegheilhitersusV'f66a/PV!E((n4C5	0	0	false
Apr 23, 2024 08:35:08.151257992 CEST	192.168.2.13	134.195.4.2	0x8fa	Standard query (0)	siegheil.hiter.su.V'f66a/PV!E((n4C5V'fNNPV!a/E@x@@.&5,siegheilhitersusV'fP66a/PV!E((y4C5&d	0	0	false
Apr 23, 2024 08:35:08.240284920 CEST	192.168.2.13	134.195.4.2	0x8fa	Standard query (0)	siegheil.hiter.su.V'fP66a/PV!E((y4C5&dV'fNNPV!a/E@x@@.}5,G_siegheilhitersusV'f5a66a/PV!E((5B5	0	0	false
Apr 23, 2024 08:35:08.329236031 CEST	192.168.2.13	134.195.4.2	0x8fa	Standard query (0)	siegheil.hiter.su.V'f5a66a/PV!E((5B5V'faNNPV!a/E@x@@.{(5,siegheilhitersusV'fE66a/PV!E((5B5(?	0	0	false
Apr 23, 2024 08:35:08.418253899 CEST	192.168.2.13	134.195.4.2	0x8fa	Standard query (0)	siegheil.hiter.su.V'fE66a/PV!E((5B5(?V'fJJPV!a/E<@@.F2V'f66a/PV.E((@0F2	35920	5120	false
Apr 23, 2024 08:35:10.702888966 CEST	192.168.2.13	8.8.4.4	0xfa0b	Standard query (0)	security.rebirth-network.su	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 08:35:05.166352987 CEST	194.36.144.87	192.168.2.13	0x3cb2	Format error (1)	sex.secure-cyber-security.V'f~VVPV!a/EH3@@8@$W754<sexsecure-cyber-securitysV'f5.Va/PV!EHH3$W574V<sexsecure-cyber-securit.sV'f7VVPV!a/EH\@@8$W54<sexsecure-cyber-securitysV'fVV	none	none	0	60660	false
Apr 23, 2024 08:35:05.341408014 CEST	194.36.144.87	192.168.2.13	0x3cb2	Format error (1)	sex.secure-cyber-security.V'f7VVPV!a/EH\@@8$W54<sexsecure-cyber-securitysV'f.Va/PV!EHH3$W54.<sexsecure-cyber-securit.sV'fhVVPV!a/EHq@@8$W54"<sexsecure-cyber-securitysV'fVV	none	none	0	60660	false
Apr 23, 2024 08:35:05.516568899 CEST	194.36.144.87	192.168.2.13	0x3cb2	Format error (1)	sex.secure-cyber-security.V'fhVVPV!a/EHq@@8$W54"<sexsecure-cyber-securitysV'f.Va/PV!EHH3$W54!<sexsecure-cyber-securit.sV'f[VVPV!a/EH@@7$W54~<sexsecure-cyber-securitysV'f=7VV	none	none	0	60660	false
Apr 23, 2024 08:35:05.691613913 CEST	194.36.144.87	192.168.2.13	0x3cb2	Format error (1)	sex.secure-cyber-security.V'f[VVPV!a/EH@@7$W54~<sexsecure-cyber-securitysV'f=7.Va/PV!EHH3$W54W}<sexsecure-cyber-securit.sV'f$8JJPV!a/E<6@@FbtH}pV'f66a/PV	none	none	8469	2048	false
Apr 23, 2024 08:35:05.866108894 CEST	194.36.144.87	192.168.2.13	0x3cb2	Format error (1)	sex.secure-cyber-security.V'f$8JJPV!a/E<6@@FbtH}pV'f66a	none	none	12032	20566	false
Apr 23, 2024 08:35:10.916171074 CEST	8.8.4.4	192.168.2.13	0xfa0b	No error (0)	security.rebirth-network.su		212.70.149.10	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5425, Parent PID: 5349

General

Start time (UTC):	06:34:24
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:24
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:24
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:24
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/bin/journalctl
Arguments:	/usr/bin/journalctl --smart-relinquish-var
File size:	80120 bytes
MD5 hash:	bf3a987344f3bacafc44efd882abda8b

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/bin/pulseaudio
Arguments:	/usr/bin/pulseaudio --daemonize=no --log-target=journal
File size:	100832 bytes
MD5 hash:	0c3b4c789d8ffb12b25507f27e14c186

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/libexec/gvfsd-fuse
Arguments:	-
File size:	47632 bytes
MD5 hash:	d18fbf1cbf8eb57b17fac48b7b4be933

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/bin/fusermount
Arguments:	fusermount -u -q -z -- /run/user/1000/gvfs
File size:	39144 bytes
MD5 hash:	576a1b135c82bdcbc97a91acea900566

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:25
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:26
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/lib/systemd/systemd-journald
Arguments:	/lib/systemd/systemd-journald
File size:	162032 bytes
MD5 hash:	474667ece6cecb5e04c6eb897a1d0d9e

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	06:34:27
Start date (UTC):	23/04/2024
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/sbin/rsyslogd
Arguments:	/usr/sbin/rsyslogd -n -iNONE
File size:	727248 bytes
MD5 hash:	0b8087fc907c42eb3c81a691db258e33

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: systemd PID: 5501, Parent PID: 1

General

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:28
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:29
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:29
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	-
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/bin/grep
Arguments:	grep -G ^blacklist.nvidia[[:space:]]$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
File size:	199136 bytes
MD5 hash:	1e6ebb9dd094f774478f72727bdba0f5

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:30
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:31
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:32
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/bin/gpu-manager
Arguments:	/usr/bin/gpu-manager --log /var/log/gpu-manager.log
File size:	76616 bytes
MD5 hash:	8fae9dd5dd67e1f33d873089c2fd8761

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	/usr/share/gdm/generate-config
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/share/gdm/generate-config
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	06:34:33
Start date (UTC):	23/04/2024
Path:	/usr/bin/pkill
Arguments:	pkill --signal HUP --uid gdm dconf-service
File size:	30968 bytes
MD5 hash:	fa96a75a08109d8842e4865b2907d51f

Start time (UTC):	06:34:35
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:34:35
Start date (UTC):	23/04/2024
Path:	/bin/plymouth
Arguments:	/bin/plymouth quit
File size:	51352 bytes
MD5 hash:	87003efd8dad470042f5e75360a8f49f

Start time (UTC):	06:35:55
Start date (UTC):	23/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	06:35:55
Start date (UTC):	23/04/2024
Path:	/usr/bin/dbus-daemon
Arguments:	/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	ReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf	Virustotal: Detection: 9%			Perma Link

Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fj66a/PV!EH(5pE5pV'fNNPV!a/E@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!EH(4q45V'fNNPV!a/E@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!EH(5p)5qV'f,NNPV!a/E@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fvw66a/PV!EH(3r5,MV'f]xNNPV!a/E@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f%66a/PV!EH(4q5Ky.V'fJJPV!a/E<.@@gF&dV'f66a
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fc66a/PV!E((k5D5j$nV'fdNNPV!a/E@w.@@ub5,nsiegheilhitersun..'f66a/PV!E((r5D5b`DnV'fNNP.!a/E@wD@@u5,nsiegheilhitersunV'f6
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!E((r5D5b`DnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'f6
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!E((4E5tnV'fNNPV!a/E@w.@@u5,nsiegheilhitersunV'fv6.a/PV!E((4E5xn
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fv66a/PV!E((4E5xnV'fwNNPV!a/E@w.@@u5,nsiegheilhitersunV'f!66
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f!66a/PV!E((4E5=nV'fJJPV!a/E<j.@@4F3" V'f66a/PV!E((@0F3"P.'fvNNPV!a/E@N@@2=5,~mWssiegheilhitersu.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fJ^66a/PV!EH(3Jr=5WsV'f_NNPV!a/E@N
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f,566a/PV!EH(2KY=5WsV'f5NNPV!a/E@N
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!EH(2KH=5<\WsV'fNNPV!a/E@N
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!EH(2K<=5WsV'fNNPV!a/E@N
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fMm66a/PV!EH(2K=5WsV'fnJJPV!a/E<
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f466a/PV!EH(rv5tl]V'f=VVPV!a/EH@@
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f\66a/PV!EH(hvnT5tG]V'fVVPV!a/EH@@
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fr66a/PV!EH(tm5Y]V'fsVVPV!a/EH@@
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f66a/PV!EH(@v{5d`]V'fVVPV!a/EH0@@
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fz#66a/PV!EH(<vb5]V'f8%JJPV!a/E<@@.
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fVVa/PV!EHHs3$W54#<sexsecure-cyber-securitysV'f~.VPV!a/EH3@@8@$W754<sexsecure-cyber-securit.sV'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7VV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f5VVa/PV!EHH3$W574V<sexsecure-cyber-securitysV'f7.VPV!a/EH\@@8$W54<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fhVV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fVVa/PV!EHH3$W54.<sexsecure-cyber-securitysV'fh.VPV!a/EHq@@8$W54"<sexsecure-cyber-securit.sV'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[VV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'fVVa/PV!EHH3$W54!<sexsecure-cyber-securitysV'f[.VPV!a/EH@@7$W54~<sexsecure-cyber-securit.sV'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8JJ
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.V'f=7VVa/PV!EHH3$W54W}<sexsecure-cyber-securitysV'f$8.JPV!a/E<6@@FbtH}p
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fM66a/PV!E((m4C5IV'fNNNPV!a/E@x@@.5,$siegheilhitersusV'f66a/PV!E((n4C5
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f66a/PV!E((n4C5V'fNNPV!a/E@x@@.&5,siegheilhitersusV'fP66a/PV!E((y4C5&d
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fP66a/PV!E((y4C5&dV'fNNPV!a/E@x@@.}5,G_siegheilhitersusV'f5a66a/PV!E((5B5
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'f5a66a/PV!E((5B5V'faNNPV!a/E@x@@.{(5,siegheilhitersusV'fE66a/PV!E((5B5(?
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.V'fE66a/PV!E((5B5(?V'fJJPV!a/E<@@.F2V'f66a/PV.E((@0F2

Source: global traffic	TCP traffic: 192.168.2.13:42668 -> 212.70.149.14:35342
Source: global traffic	TCP traffic: 192.168.2.13:40674 -> 212.70.149.10:35342

Source: unknown	TCP traffic detected without corresponding DNS query: 54.247.62.1
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	UDP traffic detected without corresponding DNS query: 94.16.114.254
Source: unknown	UDP traffic detected without corresponding DNS query: 94.16.114.254
Source: unknown	UDP traffic detected without corresponding DNS query: 94.16.114.254
Source: unknown	UDP traffic detected without corresponding DNS query: 94.16.114.254
Source: unknown	UDP traffic detected without corresponding DNS query: 94.16.114.254
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown	UDP traffic detected without corresponding DNS query: 134.195.4.2

Source: unknown	Network traffic detected: HTTP traffic on port 57218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57218
Source: unknown	Network traffic detected: HTTP traffic on port 48202 -> 443

Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1 (init), result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 490, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 660, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 727, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 767, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 778, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 780, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 783, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 790, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 795, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1400, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1432, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1565, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 1805, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 2926, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 2970, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 3069, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 3122, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 3132, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 3589, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 3764, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5266, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5409, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5410, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5432, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5434, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5436, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5438, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5458, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5472, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5473, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5477, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5480, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5481, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5485, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5486, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5487, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5488, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5489, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5490, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5491, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5492, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5493, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5497, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5498, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5501, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5503, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5506, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5507, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5510, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5511, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5513, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5514, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5515, result: no such process	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5516, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5517, result: successful	Jump to behavior
Source: /tmp/SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf (PID: 5430)	SIGKILL sent: pid: 5519, result: successful	Jump to behavior

Source: /usr/bin/gpu-manager (PID: 5499)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"			Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5504)	Shell command executed: sh -c "grep -G \"^blacklist.nvidia[[:space:]]$\" /etc/modprobe.d/*.conf"			Jump to behavior

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5425, Parent PID: 5349

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5428, Parent PID: 5425

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5430, Parent PID: 5428

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5432, Parent PID: 5428

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5434, Parent PID: 5428

General

Chronological Activities

Analysis Process: SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf PID: 5436, Parent PID: 5428

General

Chronological Activities

Analysis Process: systemd PID: 5438, Parent PID: 1

General

Linux Analysis Report
SecuriteInfo.com.Linux.Siggen.7228.11695.14684.elf