Edit tour
Linux
Analysis Report
fsa.elf
Overview
General Information
Sample name: | fsa.elf |
Analysis ID: | 1431994 |
MD5: | 5e692b7351f3ed9e69629ed39d66a0c5 |
SHA1: | f47809e62dc517133dc7b45bb517fcd23a181673 |
SHA256: | 3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f |
Tags: | elf |
Infos: |
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
ELF contains segments with high entropy indicating compressed/encrypted content
Executes the "rm" command used to delete files or directories
Sample contains only a LOAD segment without any section mappings
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431994 |
Start date and time: | 2024-04-26 08:13:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | fsa.elf |
Detection: | MAL |
Classification: | mal64.evad.linELF@0/0@0/0 |
Command: | /tmp/fsa.elf |
PID: | 6214 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Host is none |
Standard Error: | ___ _ / _ \ ___ ___ _ __ __ _ ___| | __ / /_\/____/ __|/ __| '__/ _` |/ __| |/ / / /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ fscan version: 1.8.0 Usage of /tmp/fsa.elf: -br int Brute threads (default 1) -c string exec command (ssh) -cookie string set poc cookie,-cookie rememberMe=login -debug int every time to LogErr (default 60) -domain string smb domain -full poc full scan,as: shiro 100 key -h string IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12 -hf string host file, -hf ip.txt -hn string the hosts no scan,as: -hn 192.168.1.1/24 -m string Select scan type ,as: -m ssh (default "all") -no not to save output log -nobr not to Brute password -nopoc not to scan web vul -np not to ping -num int poc rate (default 20) -o string Outputfile (default "result.txt") -p string Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017") -pa string add port base DefaultPorts,-pa 3389 -path string fcgismb romote file path -ping using ping replace icmp -pn string the ports no scan,as: -pn 445 -pocname string use the pocs these contain pocname, -pocname weblogic -pocpath string poc file path -portf string Port File -proxy string set poc proxy, -proxy http://127.0.0.1:8080 -pwd string password -pwda string add a password base DefaultPasses,-pwda password -pwdf string password file -rf string redis file to write sshkey file (as: -rf id_rsa.pub) -rs string redis shell to write cron file (as: -rs 192.168.1.1:6666) -sc string ms17 shellcode,as -sc add -silent silent scan -socks5 string set socks5 proxy, will be used in tcp connection, timeout setting will not work -sshkey string sshkey file (id_rsa) -t int Thread nums (default 600) -time int Set timeout (default 3) -top int show live len top (default 10) -u string url -uf string urlfile -user string username -usera string add a user base DefaultUsers,-usera user -userf string username file -wt int Set web timeout (default 5) |
- system is lnxubuntu20
- dash New Fork (PID: 6218, Parent: 4334)
- dash New Fork (PID: 6219, Parent: 4334)
- dash New Fork (PID: 6220, Parent: 4334)
- dash New Fork (PID: 6221, Parent: 4334)
- dash New Fork (PID: 6222, Parent: 4334)
- dash New Fork (PID: 6223, Parent: 4334)
- dash New Fork (PID: 6224, Parent: 4334)
- dash New Fork (PID: 6225, Parent: 4334)
- dash New Fork (PID: 6226, Parent: 4334)
- dash New Fork (PID: 6227, Parent: 4334)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Program segment: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Stderr: ___ _ / _ \ ___ ___ _ __ __ _ ___| | __ / /_\/____/ __|/ __| '__/ _` |/ __| |/ // /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ fscan version: 1.8.0Usage of /tmp/fsa.elf: -br int Brute threads (default 1) -c string exec command (ssh) -cookie string set poc cookie,-cookie rememberMe=login -debug int every time to LogErr (default 60) -domain string smb domain -full poc full scan,as: shiro 100 key -h string IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12 -hf string host file, -hf ip.txt -hn string the hosts no scan,as: -hn 192.168.1.1/24 -m string Select scan type ,as: -m ssh (default "all") -no not to save output log -nobr not to Brute password -nopoc not to scan web vul -np not to ping -num int poc rate (default 20) -o string Outputfile (default "result.txt") -p string Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017") -pa string add port base DefaultPorts,-pa 3389 -path string fcgismb romote file path -ping using ping replace icmp -pn string the ports no scan,as: -pn 445 -pocname string use the pocs these contain pocname, -pocname weblogic -pocpath string poc file path -portf string Port File -proxy string set poc proxy, -proxy http://127.0.0.1:8080 -pwd string password -pwda string add a password base DefaultPasses,-pwda password -pwdf string password file -rf string redis file to write sshkey file (as: -rf id_rsa.pub) -rs string redis shell to write cron file (as: -rs 192.168.1.1:6666) -sc string ms17 shellcode,as -sc add -silent silent scan -socks5 string set socks5 proxy, will be used in tcp connection, timeout setting will not work -sshkey string sshkey file (id_rsa) -t int Thread nums (default 600) -time int Set timeout (default 3) -top int show live len top (default 10) -u string url -uf string urlfile -user string username -usera string add a user base DefaultUsers,-usera user -userf string username file -wt int Set web timeout (default 5): |
Source: | Submission file: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Trojan.Multiverze | ||
35% | Virustotal | Browse | ||
100% | Avira | LINUX/Agent.vcttj | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.171.230.55 | Get hash | malicious | Mirai, Okiru | Browse | ||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
109.202.202.202 | Get hash | malicious | Gafgyt | Browse | ||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
91.189.91.43 | Get hash | malicious | Gafgyt | Browse | ||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Gafgyt | Browse | ||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Okiru | Browse |
| |
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Okiru | Browse |
| |
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
AMAZON-02US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Gafgyt | Browse |
| |
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fb4726d465c5f28b84cd6d14cedd13a7 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.922371153938957 |
TrID: |
|
File name: | fsa.elf |
File size: | 5'414'768 bytes |
MD5: | 5e692b7351f3ed9e69629ed39d66a0c5 |
SHA1: | f47809e62dc517133dc7b45bb517fcd23a181673 |
SHA256: | 3f63c1d262a6e900833b2dbd615f72006785c124d4ca7fda01cd621ca615865f |
SHA512: | 9c8f1d779a0288937f16a843dcdf20812f1fb867356385f845cdf15b4b0fb718ae653fab69fbbeef9774f23d814e5698b369b5e3e0b30925227c8203e8e94cbe |
SSDEEP: | 98304:ZTARTHwTVMMX9fvsqX4kJGmMB/MVmaVvpy/0LssQz0mSBMQI:a1HWVMeZvs8pGmiEmvskAmh7 |
TLSH: | 304633F9133B067376F183BE311A5A1867CAA935D0CE9226DBAD159F523FBB016C6403 |
File Content Preview: | .ELF..............>.............@...................@.8...@.......................@.......@.......R.......R......................................................^..............Q.td.....................................................:_.UPX!h.........V...V |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 64 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x529eed | 0x529eed | 7.9224 | 0x5 | R E | 0x1000 | ||
LOAD | 0x0 | 0x92a000 | 0x92a000 | 0x0 | 0x1085ed0 | 0.0000 | 0x6 | RW | 0x1000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 08:13:49.080490112 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:49.334317923 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:50.872239113 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 26, 2024 08:13:51.144279957 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144328117 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144366980 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144402981 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144437075 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144541979 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.144663095 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.145463943 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.396915913 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.903703928 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:51.903928041 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:51.904158115 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:52.153901100 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:52.155816078 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:52.155834913 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:52.155913115 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:52.155913115 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:52.157203913 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:52.403913975 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:52.403979063 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 08:13:52.404021025 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:52.404067993 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 08:13:56.247622967 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 26, 2024 08:13:57.015455008 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 26, 2024 08:14:11.349493027 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 26, 2024 08:14:23.635569096 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 26, 2024 08:14:27.731000900 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 26, 2024 08:14:52.303575993 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 08:13:51.144541979 CEST | 54.171.230.55 | 443 | 192.168.2.23 | 33606 | CN=motd.ubuntu.com CN=R3, O=Let's Encrypt, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | Thu Mar 07 10:27:55 CET 2024 Fri Sep 04 02:00:00 CEST 2020 | Wed Jun 05 11:27:54 CEST 2024 Mon Sep 15 18:00:00 CEST 2025 | 771,4866-4867-4865-49196-49200-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-49195-49199-162-158-49326-49324-49314-49310-49244-49248-49238-49234-49188-49192-107-106-49267-49271-196-195-49187-49191-103-64-49266-49270-190-189-49162-49172-57-56-136-135-49161-49171-51-50-69-68-157-49313-49309-49233-156-49312-49308-49232-61-192-60-186-53-132-47-65-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2 | fb4726d465c5f28b84cd6d14cedd13a7 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 |
System Behavior
Start time (UTC): | 06:13:49 |
Start date (UTC): | 26/04/2024 |
Path: | /tmp/fsa.elf |
Arguments: | /tmp/fsa.elf |
File size: | 5414768 bytes |
MD5 hash: | 5e692b7351f3ed9e69629ed39d66a0c5 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.eaYG9ch38r /tmp/tmp.qhU28QogYd /tmp/tmp.gr2Bn6czuc |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.eaYG9ch38r |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/cat |
Arguments: | cat /tmp/tmp.eaYG9ch38r |
File size: | 43416 bytes |
MD5 hash: | 7e9d213e404ad3bb82e4ebb2e1f2c1b3 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/head |
Arguments: | head -n 10 |
File size: | 47480 bytes |
MD5 hash: | fd96a67145172477dd57131396fc9608 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/tr |
Arguments: | tr -d \\000-\\011\\013\\014\\016-\\037 |
File size: | 51544 bytes |
MD5 hash: | fbd1402dd9f72d8ebfff00ce7c3a7bb5 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/cut |
Arguments: | cut -c -80 |
File size: | 47480 bytes |
MD5 hash: | d8ed0ea8f22c0de0f8692d4d9f1759d3 |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 06:13:51 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.eaYG9ch38r /tmp/tmp.qhU28QogYd /tmp/tmp.gr2Bn6czuc |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |