Linux
Analysis Report
if7G7W6gWn.elf
Overview
General Information
Sample name: | if7G7W6gWn.elfrenamed because original name is a hash value |
Original sample name: | 25916ce134da7ae0ba1be9c9787298f9.elf |
Analysis ID: | 1432070 |
MD5: | 25916ce134da7ae0ba1be9c9787298f9 |
SHA1: | 288f48353bc9357508cbe994786664a5ab5ad233 |
SHA256: | 39772de123a121e00ea070169dbcf06ed40ad267eff0d7385005dc26746a774a |
Tags: | 32elfmirairenesas |
Infos: | |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432070 |
Start date and time: | 2024-04-26 11:21:19 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | if7G7W6gWn.elfrenamed because original name is a hash value |
Original Sample Name: | 25916ce134da7ae0ba1be9c9787298f9.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@0/0 |
- Excluded IPs from analysis (whitelisted): 151.101.2.49, 151.101.66.49, 151.101.130.49, 151.101.194.49
- Excluded domains from analysis (whitelisted): 23.2.168.192.in-addr.arpa, p2.shared.global.fastly.net
Command: | /tmp/if7G7W6gWn.elf |
PID: | 6199 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- system is lnxubuntu20
- if7G7W6gWn.elf New Fork (PID: 6201, Parent: 6199)
- if7G7W6gWn.elf New Fork (PID: 6203, Parent: 6199)
- if7G7W6gWn.elf New Fork (PID: 6205, Parent: 6203)
- dash New Fork (PID: 6247, Parent: 4334)
- dash New Fork (PID: 6248, Parent: 4334)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
Click to see the 1 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Reads CPU info from proc file: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Reads from proc file: | Jump to behavior | ||
Source: | Reads from proc file: | Jump to behavior |
Source: | Reads CPU info from proc file: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
8% | ReversingLabs | Linux.Trojan.Mirai |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.171.230.55 | unknown | United States | 16509 | AMAZON-02US | false | |
45.142.182.80 | unknown | Germany | 207959 | XSSERVERNL | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54.171.230.55 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
AMAZON-02US | Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
XSSERVERNL | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
| ||
Get hash | malicious | Gafgyt | Browse |
|
File type: | |
Entropy (8bit): | 6.712860749886829 |
TrID: |
|
File name: | if7G7W6gWn.elf |
File size: | 73'980 bytes |
MD5: | 25916ce134da7ae0ba1be9c9787298f9 |
SHA1: | 288f48353bc9357508cbe994786664a5ab5ad233 |
SHA256: | 39772de123a121e00ea070169dbcf06ed40ad267eff0d7385005dc26746a774a |
SHA512: | fb60fa775785f87bd769ccfcb0c31d195e654d416756ea3c95601c0e78aa6d62f345e443fd818b000417e09f4556bf34e49803268b1a10dcd5f723a541718b44 |
SSDEEP: | 768:kcliijttdN1oT0uwNxrSEhFR+KwG/UGDTHv10cSjrzNc3D0Kh4yI5BacUW02qBol:LlJt7N1ooucBMGDTH1S6wK0HTA/+xr |
TLSH: | 7F738B22E5615C52C80329F0B2F5C9340702BDF209661C75EDAEFFD55AE39C8B9CA7A1 |
File Content Preview: | .ELF..............*.......@.4...D.......4. ...(...............@...@...........................B...B.<...............Q.td..............................././"O.n......#.*@........#.*@....&O.n.l..................................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 73540 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x2e | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0xfe20 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40ff00 | 0xff00 | 0x22 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40ff24 | 0xff24 | 0x15e4 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x4215e4 | 0x115e4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x4215ec | 0x115ec | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x4215f8 | 0x115f8 | 0x28 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x421620 | 0x11620 | 0x678 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.comment | PROGBITS | 0x0 | 0x11620 | 0x8dc | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x11efc | 0x47 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x11508 | 0x11508 | 6.7279 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x115e4 | 0x4215e4 | 0x4215e4 | 0x3c | 0x6b4 | 1.5933 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:21:58.445750952 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 26, 2024 11:21:58.573648930 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:58.573754072 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:58.832048893 CEST | 5900 | 48668 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:58.832195997 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:58.832601070 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:58.833256006 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:58.833403111 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:58.933007956 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.071501017 CEST | 5900 | 48668 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.174561024 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.174587965 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.176639080 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.176639080 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.418350935 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.418780088 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.419136047 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.671072960 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.671135902 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.671221972 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.671221972 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.672674894 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.742892981 CEST | 5900 | 48668 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.742913008 CEST | 5900 | 48668 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.742989063 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.785593987 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:21:59.914438009 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:21:59.957556963 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:22:00.015350103 CEST | 48668 | 5900 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:22:00.015355110 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:22:00.254595995 CEST | 5900 | 48668 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:22:00.257162094 CEST | 5901 | 51970 | 45.142.182.80 | 192.168.2.23 |
Apr 26, 2024 11:22:00.257210970 CEST | 51970 | 5901 | 192.168.2.23 | 45.142.182.80 |
Apr 26, 2024 11:22:04.076980114 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 26, 2024 11:22:05.612834930 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 26, 2024 11:22:18.666963100 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 26, 2024 11:22:18.666974068 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 11:22:30.953275919 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 26, 2024 11:22:34.480623007 CEST | 33606 | 443 | 192.168.2.23 | 54.171.230.55 |
Apr 26, 2024 11:22:34.723284960 CEST | 443 | 33606 | 54.171.230.55 | 192.168.2.23 |
Apr 26, 2024 11:22:35.048757076 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 26, 2024 11:22:59.621385098 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 11:21:56.614746094 CEST | 53 | 57803 | 8.8.8.8 | 192.168.2.23 |
System Behavior
Start time (UTC): | 09:21:57 |
Start date (UTC): | 26/04/2024 |
Path: | /tmp/if7G7W6gWn.elf |
Arguments: | /tmp/if7G7W6gWn.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 09:21:57 |
Start date (UTC): | 26/04/2024 |
Path: | /tmp/if7G7W6gWn.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 09:21:57 |
Start date (UTC): | 26/04/2024 |
Path: | /tmp/if7G7W6gWn.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 09:21:57 |
Start date (UTC): | 26/04/2024 |
Path: | /tmp/if7G7W6gWn.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 09:22:33 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:22:33 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.QFi1oBeZ2Z /tmp/tmp.wQRko5GF2s /tmp/tmp.5w8KPCe39U |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 09:22:33 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:22:33 |
Start date (UTC): | 26/04/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.QFi1oBeZ2Z /tmp/tmp.wQRko5GF2s /tmp/tmp.5w8KPCe39U |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |