Linux Analysis Report
65kw6IfQdO.elf

ID:	1430993
Product:	CloudBasic
Start time:	13:03:09
Start date:	24.04.2024
Sample:	65kw6IfQdO.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	eec45382ecf8d7788756e561626e7803
SHA1:	145fd848e20b364f10fab3167cb0edc11b32c1f4
SHA256:	40c92002d0e54b11a3826db7e2fe0be6d86b3cfa20e5eb2b1140f2d653fa0276
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: 65kw6IfQdO.elf	ReversingLabs: Detection: 31%
Source: 65kw6IfQdO.elf	Virustotal: Detection: 12%			Perma Link

Bitcoin Miner

Source: /usr/bin/pkill (PID: 6322)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6325)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6330)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6333)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Spreading

Source: 65kw6IfQdO.elf

String: yxpts/ttysocket:[/proc/net/tcp/proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor

Networking

Source: unknown	DNS traffic detected: query: siegheil.hiter.su.L(f{66PV,PV!EH(U25d/L(f?}NNPV!PV,E@:.@@
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.L(f66PV,PV!EH(U0256m"/L(fNNPV!PV,E@:.@@5,&/siegheilhitersunM(f_a66PV.PV!EH(U425>/
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(f_a66PV,PV!EH(U425>/M(f,cNNPV!PV,E@:.@@b5,/siegheilhitersunM(fU66PV,PV!EH(U;2
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(fU66PV,PV!EH(U;25b/M(fbNNPV!PV,E@:.@@5,w/siegheilhitersunM(f666PV,PV!EH(UZ2
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.M(f666PV,PV!EH(UZ25/M(fJJPV!PV,E<
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(f66PV,PV!EH(p54P(fSNNPV!PV,E@.@@.8.,.4siegheilhitersunP(fNz66
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(fNz66PV,PV!EH(q-58W4P(f}|NNPV!PV,E@.@@*5,<4siegheilhiter.unP(fN66PV,PV!EH(Q%q)5*Ie4P(fMNNPV!PV,E@5@.5,4siegheilhitersunP(f6
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(fN66PV,PV!EH(Q%q)5*Ie4P(fMNNPV!PV,E@.@@5,4siegheilhitersun
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.P(f66PV,PV!EH(t_5#4P(fNNPV!PV,E@.@@5,4siegheilhitersunQ(f*66PV,PV
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.Q(f*66PV,PV!EH(q[54Q(fmJJPV!PV,E<-.@@F
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.S(fZNNPV,PV!EH@/$W5,dsiegheilhitersunS(fN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.S(fTNNPV,PV!EH@/$W5,mdsiegheilhitersunS(fxWN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(fNNPV,PV!EH@/p$W5,dsiegheilhitersunT(fUN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(flNNPV,PV!EH@/N$W5P,f5dsiegheilhitersunT(foN
Source: unknown	DNS traffic detected: query: siegheil.hiter.su.T(fNNPV,PV!EH@/'$W5,edsiegheilhitersunT(fJ
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.\(fwNNPV!PV,E@N@@X!^rM5,(6kzadolfhitlersun`(fB
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.`(fBBPV!PV,E4\@@[[*gBfP_tSfQa(fNNPV!.V,E@Q@@U^r5,nW6kzadolfhitlersunf(fN
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.f(fNNPV!PV,E@S@@SH^r5,t6kzadolfhitlersunk(fsN
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.k(fsNNPV!PV,E@Tn@@Rq^r5,Y6kzadolfhitlersunp(f{J
Source: unknown	DNS traffic detected: query: kz.adolfhitler.su.p(f{JJPV!PV,E<.@@)yFNI`H#p(fm66
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.r(fwVVPV,PV!E(H/|3l54vsexsecure-cyber-securitysr(fy.VPV!PV,EH)@@R3l54fzvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/|3l54xvsexsecure-cyber-securityss(f-VV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H/|3l54xvsexsecure-cyber-securityss(f-.VPV!PV,EHf@@3l}54Mvsexsecure-cyber-securit.ss(fVVPV,PV!E(H/|3l5}4vsexsecure-cyber-securityss(fVV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H/|3l5}4vsexsecure-cyber-securityss(f.VPV!PV,EH@@3l54oevsexsecure-cyber-securit.ss(f0VVPV,PV!E(H/|w3l54cvsexsecure-cyber-securityss(fVV
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(f0VVPV,PV!E(H/|w3l54cvsexsecure-cyber-securityss(f.VPV!PV,EH@@3l4549,vsexsecure-cyber-securit.ss(fVVPV,PV!E(H%/|/3l544*vsexsecure-cyber-securityss(fJJ
Source: unknown	DNS traffic detected: query: sex.secure-cyber-security.s(fVVPV,PV!E(H%/|/3l544*vsexsecure-cyber-securityss(f.JPV!PV,E<@@MFo[TQ#

Source: global traffic	TCP traffic: 192.168.2.23:55768 -> 212.70.149.14:35342
Source: global traffic	TCP traffic: 192.168.2.23:41846 -> 212.70.149.10:35342

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

Socket: 127.0.0.1::8345

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.176.203.42

Source: unknown

DNS traffic detected: queries for: siegheil.hiter.su

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55506
Source: unknown	Network traffic detected: HTTP traffic on port 55470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55502
Source: unknown	Network traffic detected: HTTP traffic on port 55432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55466
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55500
Source: unknown	Network traffic detected: HTTP traffic on port 55506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55472
Source: unknown	Network traffic detected: HTTP traffic on port 55484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55474
Source: unknown	Network traffic detected: HTTP traffic on port 55458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55470
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55518
Source: unknown	Network traffic detected: HTTP traffic on port 55446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55478
Source: unknown	Network traffic detected: HTTP traffic on port 55524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55512
Source: unknown	Network traffic detected: HTTP traffic on port 55518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55486
Source: unknown	Network traffic detected: HTTP traffic on port 55464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55482
Source: unknown	Network traffic detected: HTTP traffic on port 55478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55528
Source: unknown	Network traffic detected: HTTP traffic on port 55428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55524
Source: unknown	Network traffic detected: HTTP traffic on port 33606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55488
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55530
Source: unknown	Network traffic detected: HTTP traffic on port 55440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55490
Source: unknown	Network traffic detected: HTTP traffic on port 55456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55492
Source: unknown	Network traffic detected: HTTP traffic on port 55536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55532
Source: unknown	Network traffic detected: HTTP traffic on port 55522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55420
Source: unknown	Network traffic detected: HTTP traffic on port 55434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55426
Source: unknown	Network traffic detected: HTTP traffic on port 55502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55430
Source: unknown	Network traffic detected: HTTP traffic on port 55480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55432
Source: unknown	Network traffic detected: HTTP traffic on port 55528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55434
Source: unknown	Network traffic detected: HTTP traffic on port 55436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55442
Source: unknown	Network traffic detected: HTTP traffic on port 55514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55448
Source: unknown	Network traffic detected: HTTP traffic on port 55430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55450
Source: unknown	Network traffic detected: HTTP traffic on port 55520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55452
Source: unknown	Network traffic detected: HTTP traffic on port 55492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55458
Source: unknown	Network traffic detected: HTTP traffic on port 55526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55464
Source: unknown	Network traffic detected: HTTP traffic on port 55438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55460
Source: unknown	Network traffic detected: HTTP traffic on port 55512 -> 443

System Summary

Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1 (init), result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 491, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 658, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 720, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 721, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 759, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 761, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 772, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 774, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 777, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 785, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 793, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 797, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1320, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1334, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1335, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1344, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1389, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1476, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1601, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1809, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1860, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1872, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1886, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1983, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2038, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2048, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4334, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4529, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6079, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6228, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6229, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6247, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6249, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6251, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6254, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6276, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6288, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6289, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6290, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6291, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6294, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6296, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6297, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6298, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6299, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6300, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6301, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6302, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6303, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6304, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6305, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6306, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6309, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6310, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6311, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6313, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6314, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6315, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6317, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6318, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6319, result: no such process			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6320, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6321, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6323, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6324, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6325, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6328, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6329, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6330, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6331, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6332, result: successful			Jump to behavior

Source: Initial sample	String containing 'busybox' found: busybox
Source: Initial sample	String containing 'busybox' found: yxpts/ttysocket:[/proc/net/tcp/proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1 (init), result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 491, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 658, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 720, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 721, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 759, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 761, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 772, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 774, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 777, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 785, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 793, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 797, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1320, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1334, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1335, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1344, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1389, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1476, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1601, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1809, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1860, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1872, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1886, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 1983, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2038, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 2048, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4334, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 4529, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6079, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6228, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6229, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6247, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6249, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6251, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6254, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6276, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6288, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6289, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6290, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6291, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6294, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6296, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6297, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6298, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6299, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6300, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6301, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6302, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6303, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6304, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6305, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6306, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6309, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6310, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6311, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6313, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6314, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6315, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6317, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6318, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6319, result: no such process			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6320, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6321, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6323, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6324, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6325, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6328, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6329, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6330, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6331, result: successful			Jump to behavior
Source: /tmp/65kw6IfQdO.elf (PID: 6246)	SIGKILL sent: pid: 6332, result: successful			Jump to behavior

Source: classification engine

Classification label: mal60.spre.troj.evad.linELF@0/0@51/0

Persistence and Installation Behavior

Source: /usr/share/gdm/generate-config (PID: 6319)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service			Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6322)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service			Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6325)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service			Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6330)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service			Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 6333)	Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service			Jump to behavior

Source: /tmp/65kw6IfQdO.elf (PID: 6244)

Reads from proc file: /proc/stat

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

File: /tmp/65kw6IfQdO.elf

Jump to behavior

Malware Analysis System Evasion

Source: /usr/bin/pkill (PID: 6322)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6325)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6330)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /usr/bin/pkill (PID: 6333)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior

Source: /tmp/65kw6IfQdO.elf (PID: 6242)

Queries kernel information via 'uname':

Jump to behavior

Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /m68k/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: $0vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;|U/m68k/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: 65kw6IfQdO.elf, 6242.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;|U!/etc/qemu-binfmt/m68k
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8041000.00007fb2e8045000.rw-.sdmp	Binary or memory string: Q/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9fY/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj)/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8033000.00007fb2e8041000.rw-.sdmp	Binary or memory string: vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: 65kw6IfQdO.elf, 6251.1.0000557c3bbea000.0000557c3bc90000.rw-.sdmp	Binary or memory string: ;|U1/tmp/vmware-root_721-42905598891p
Source: 65kw6IfQdO.elf, 6251.1.00007fb2e8041000.00007fb2e8045000.rw-.sdmp	Binary or memory string: )/tmp/vmware-root_721-4290559889
Source: 65kw6IfQdO.elf, 6242.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6247.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6249.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6251.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6336.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6338.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6340.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp, 65kw6IfQdO.elf, 6342.1.00007ffcc6d83000.00007ffcc6da4000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/65kw6IfQdO.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/65kw6IfQdO.elf