Edit tour

Linux Analysis Report
morte.sh4.elf

Overview

General Information

Sample name:	morte.sh4.elf
Analysis ID:	1635833
MD5:	3986d65e580873829f87ec7e1d161733
SHA1:	e8402bd5f0e9e0874794e9491692e9f1eb8c1216
SHA256:	6c3a059b488d6dff0097a9e41acc5a6e0560d8f76f0516c4a372a3fbad7022fe
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1635833
Start date and time:	2025-03-12 02:37:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	morte.sh4.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/morte.sh4.elf
PID:	5493
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

morte.sh4.elf (PID: 5493, Parent: 5412, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/morte.sh4.elf

morte.sh4.elf New Fork (PID: 5495, Parent: 5493)

morte.sh4.elf New Fork (PID: 5497, Parent: 5495)

morte.sh4.elf New Fork (PID: 5529, Parent: 5495)

morte.sh4.elf New Fork (PID: 5531, Parent: 5529)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: morte.sh4.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: morte.sh4.elf	Virustotal: Detection: 37%			Perma Link
Source: morte.sh4.elf	ReversingLabs: Detection: 39%

Source: global traffic

TCP traffic: 192.168.2.14:56666 -> 176.65.134.62:7777

Source: /tmp/morte.sh4.elf (PID: 5495)

Socket: 127.0.0.1:65407

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62
Source: unknown	TCP traffic detected without corresponding DNS query: 176.65.134.62

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/morte.sh4.elf (PID: 5531)

SIGKILL sent: pid: 5529, result: successful

Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/morte.sh4.elf (PID: 5493)

Queries kernel information via 'uname':

Jump to behavior

Source: morte.sh4.elf, 5493.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5497.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5529.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5531.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: morte.sh4.elf, 5493.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5497.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5529.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp, morte.sh4.elf, 5531.1.00007ffcddb36000.00007ffcddb57000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/morte.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/morte.sh4.elf
Source: morte.sh4.elf, 5493.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5497.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5529.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5531.1.000056500a85b000.000056500a8be000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: morte.sh4.elf, 5493.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5497.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5529.1.000056500a85b000.000056500a8be000.rw-.sdmp, morte.sh4.elf, 5531.1.000056500a85b000.000056500a8be000.rw-.sdmp	Binary or memory string: PV5!/etc/qemu-binfmt/sh4

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
morte.sh4.elf	38%	Virustotal		Browse
morte.sh4.elf	39%	ReversingLabs	Linux.Exploit.Mirai
morte.sh4.elf	100%	Avira	EXP/ELF.Mirai.N

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.65.134.62	unknown	Germany		56325	DIOGELO-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
176.65.134.62	morte.mpsl.elf	Get hash	malicious	Unknown	Browse
	morte.ppc.elf	Get hash	malicious	Unknown	Browse
	morte.arm.elf	Get hash	malicious	Unknown	Browse
	morte.mips.elf	Get hash	malicious	Unknown	Browse
	morte.mpsl.elf	Get hash	malicious	Unknown	Browse
	morte.x86.elf	Get hash	malicious	Unknown	Browse
	morte.sh4.elf	Get hash	malicious	Unknown	Browse
	morte.m68k.elf	Get hash	malicious	Unknown	Browse
	morte.arm7.elf	Get hash	malicious	Unknown	Browse
	morte.arm7.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DIOGELO-ASGB	morte.mpsl.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.ppc.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.arm.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.mips.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.mpsl.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.x86.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.sh4.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.m68k.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.arm7.elf	Get hash	malicious	Unknown	Browse	176.65.134.62
	morte.arm7.elf	Get hash	malicious	Mirai	Browse	176.65.134.62

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.066658118043394
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	morte.sh4.elf
File size:	105'060 bytes
MD5:	3986d65e580873829f87ec7e1d161733
SHA1:	e8402bd5f0e9e0874794e9491692e9f1eb8c1216
SHA256:	6c3a059b488d6dff0097a9e41acc5a6e0560d8f76f0516c4a372a3fbad7022fe
SHA512:	aa2326371099309ae63a2e8a1654c5b213cc309b676ac7c2b8af3919138ab4772613a99e9e15e7962b308f88a544889e9a297de040df6f710dafe97d61f48977
SSDEEP:	1536:1aOlFpIg5z9sLxeAFrCJdKU4KC7wK86xMqUW4WfDc2g8:1plnIOzeL4AFr4EUjK8L/W1fD0
TLSH:	24A33973C8266E9CD664E5B4B0B09F7D1B53A91592470FBE1566C3B88043D8DFA0A3F8
File Content Preview:	.ELF.....................@.4...........4. ...(...............@...@.@I..@I...............P...PB..PB.hH..............Q.td............................././"O.n........#.@........#.*@.,...o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	104620
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x12c20	0x0	0x6	AX	32
.fini	PROGBITS	0x412d00	0x12d00	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x412d24	0x12d24	0x1c1c	0x0	0x2	A	4
.ctors	PROGBITS	0x425000	0x15000	0xc	0x0	0x3	WA	4
.dtors	PROGBITS	0x42500c	0x1500c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x425020	0x15020	0x4834	0x0	0x3	WA	32
.got	PROGBITS	0x429854	0x19854	0x14	0x4	0x3	WA	4
.bss	NOBITS	0x429868	0x19868	0x46b4	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x19868	0x43	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x14940	0x14940	6.9153	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x15000	0x425000	0x425000	0x4868	0x8f1c	0.3210	0x6	RW	0x10000	.ctors .dtors .data .got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 12, 2025 02:38:23.682094097 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:23.686892986 CET	7777	56666	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:23.686944008 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:23.698554993 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:23.703310966 CET	7777	56666	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:23.703361988 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:23.708091021 CET	7777	56666	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:24.367404938 CET	7777	56666	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:24.367501974 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.367683887 CET	56666	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.368408918 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.373159885 CET	7777	56668	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:24.373245001 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.374257088 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.378946066 CET	7777	56668	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:24.379065990 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:24.383727074 CET	7777	56668	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.053634882 CET	7777	56668	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.053761959 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.053797960 CET	56668	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.054255962 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.059721947 CET	7777	56670	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.059799910 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.060585022 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.065916061 CET	7777	56670	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.065967083 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.071664095 CET	7777	56670	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.747963905 CET	7777	56670	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.748203039 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.748203039 CET	56670	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.748594999 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.753496885 CET	7777	56672	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.753552914 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.754106998 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.759021044 CET	7777	56672	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:25.759069920 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:25.764141083 CET	7777	56672	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:26.431878090 CET	7777	56672	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:26.432082891 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.432082891 CET	56672	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.432457924 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.437175035 CET	7777	56674	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:26.437222958 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.437838078 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.442581892 CET	7777	56674	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:26.442636967 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:26.447386026 CET	7777	56674	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:27.131231070 CET	7777	56674	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:27.131443024 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.131443024 CET	56674	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.131814003 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.136549950 CET	7777	56676	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:27.136600971 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.137217045 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.300931931 CET	7777	56676	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:27.301011086 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:27.306013107 CET	7777	56676	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.028800964 CET	7777	56676	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.029027939 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.029027939 CET	56676	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.029408932 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.034176111 CET	7777	56678	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.034234047 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.034842014 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.039531946 CET	7777	56678	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.039593935 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.044363022 CET	7777	56678	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.717067957 CET	7777	56678	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.717385054 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.717385054 CET	56678	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.717848063 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.722563982 CET	7777	56680	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.722626925 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.723301888 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.728028059 CET	7777	56680	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:28.728085041 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:28.732831955 CET	7777	56680	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:29.437378883 CET	7777	56680	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:29.437587023 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.437587023 CET	56680	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.438080072 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.442877054 CET	7777	56682	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:29.442936897 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.443662882 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.448417902 CET	7777	56682	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:29.448472023 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:29.453191042 CET	7777	56682	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.130105972 CET	7777	56682	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.130327940 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.130423069 CET	56682	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.130968094 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.135741949 CET	7777	56684	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.135797024 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.136461020 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.141160011 CET	7777	56684	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.141210079 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.145873070 CET	7777	56684	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.830874920 CET	7777	56684	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.831068993 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.831139088 CET	56684	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.831624985 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.836388111 CET	7777	56686	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.836451054 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.837074041 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.841803074 CET	7777	56686	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:30.841887951 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:30.846602917 CET	7777	56686	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:31.523809910 CET	7777	56686	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:31.524032116 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.524032116 CET	56686	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.524599075 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.529418945 CET	7777	56688	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:31.529478073 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.530141115 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.534867048 CET	7777	56688	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:31.534923077 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:31.539655924 CET	7777	56688	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.217199087 CET	7777	56688	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.217426062 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.217426062 CET	56688	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.217818022 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.222565889 CET	7777	56690	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.222625971 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.223242998 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.227947950 CET	7777	56690	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.227997065 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.232665062 CET	7777	56690	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.922682047 CET	7777	56690	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.922961950 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.922961950 CET	56690	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.923409939 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.928132057 CET	7777	56692	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.928193092 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.928788900 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.933484077 CET	7777	56692	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:32.933549881 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:32.938203096 CET	7777	56692	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:33.612196922 CET	7777	56692	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:33.612390995 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.612390995 CET	56692	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.612812996 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.617599010 CET	7777	56694	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:33.617655993 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.618302107 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.623017073 CET	7777	56694	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:33.623071909 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:33.627870083 CET	7777	56694	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:34.344254017 CET	7777	56694	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:34.344444036 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.344472885 CET	56694	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.345000982 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.349785089 CET	7777	56696	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:34.349872112 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.350647926 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.355362892 CET	7777	56696	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:34.355494976 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:34.360212088 CET	7777	56696	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.039397955 CET	7777	56696	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.039845943 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.039845943 CET	56696	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.040656090 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.045300961 CET	7777	56698	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.045393944 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.046350956 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.051043987 CET	7777	56698	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.051114082 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.056952953 CET	7777	56698	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.732856989 CET	7777	56698	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.733071089 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.733130932 CET	56698	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.733722925 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.738440990 CET	7777	56700	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.738524914 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.739250898 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.743948936 CET	7777	56700	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:35.744024038 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:35.748953104 CET	7777	56700	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:36.422403097 CET	7777	56700	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:36.422676086 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.422676086 CET	56700	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.423216105 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.428586960 CET	7777	56702	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:36.428647041 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.429450989 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.435007095 CET	7777	56702	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:36.435077906 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:36.440237999 CET	7777	56702	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.126564980 CET	7777	56702	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.126820087 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.126820087 CET	56702	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.127492905 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.132237911 CET	7777	56704	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.132322073 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.133133888 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.137830973 CET	7777	56704	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.137944937 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.142630100 CET	7777	56704	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.836920023 CET	7777	56704	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.837191105 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.837191105 CET	56704	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.837702036 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.842431068 CET	7777	56706	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.842494011 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.843297005 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.847990036 CET	7777	56706	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:37.848082066 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:37.852823019 CET	7777	56706	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:38.520953894 CET	7777	56706	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:38.521121025 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.521204948 CET	56706	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.521823883 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.526559114 CET	7777	56708	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:38.526716948 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.527424097 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.532177925 CET	7777	56708	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:38.532248020 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:38.536993027 CET	7777	56708	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.200551033 CET	7777	56708	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.200793028 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.200843096 CET	56708	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.201405048 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.206199884 CET	7777	56710	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.206267118 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.207061052 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.211852074 CET	7777	56710	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.211935043 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.216672897 CET	7777	56710	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.886960030 CET	7777	56710	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.887203932 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.887274981 CET	56710	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.887875080 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.892703056 CET	7777	56712	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.892762899 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.893685102 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.898401022 CET	7777	56712	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:39.898457050 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:39.903151989 CET	7777	56712	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:40.587949991 CET	7777	56712	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:40.588191986 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.588248014 CET	56712	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.588829041 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.593553066 CET	7777	56714	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:40.593605042 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.594492912 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.599217892 CET	7777	56714	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:40.599272966 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:40.604029894 CET	7777	56714	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.293287039 CET	7777	56714	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.293416023 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.293493032 CET	56714	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.294013977 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.298748970 CET	7777	56716	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.298851013 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.299837112 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.304570913 CET	7777	56716	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.304626942 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.309324026 CET	7777	56716	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.996133089 CET	7777	56716	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:41.996257067 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.996324062 CET	56716	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:41.996782064 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.001512051 CET	7777	56718	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.001563072 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.002166033 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.007143974 CET	7777	56718	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.007196903 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.011959076 CET	7777	56718	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.763951063 CET	7777	56718	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.764103889 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.764136076 CET	56718	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.764585018 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.770044088 CET	7777	56720	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.770092010 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.770855904 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.775552034 CET	7777	56720	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:42.775594950 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:42.780299902 CET	7777	56720	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:43.455048084 CET	7777	56720	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:43.455204964 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.455250025 CET	56720	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.455661058 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.460428953 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:43.460481882 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.461190939 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.465913057 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:43.465960026 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:43.470680952 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:53.471371889 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:38:53.476073980 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:53.683902979 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:38:53.684072018 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:39:11.068897963 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:39:11.069169044 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:40:01.113404036 CET	56722	7777	192.168.2.14	176.65.134.62
Mar 12, 2025 02:40:01.118190050 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:40:01.326212883 CET	7777	56722	176.65.134.62	192.168.2.14
Mar 12, 2025 02:40:01.326333046 CET	56722	7777	192.168.2.14	176.65.134.62

System Behavior

Analysis Process: morte.sh4.elf PID: 5493, Parent PID: 5412

General

Start time (UTC):	01:38:22
Start date (UTC):	12/03/2025
Path:	/tmp/morte.sh4.elf
Arguments:	/tmp/morte.sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5495, Parent PID: 5493

General

Start time (UTC):	01:38:22
Start date (UTC):	12/03/2025
Path:	/tmp/morte.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5497, Parent PID: 5495

General

Start time (UTC):	01:38:22
Start date (UTC):	12/03/2025
Path:	/tmp/morte.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5529, Parent PID: 5495

General

Start time (UTC):	01:39:10
Start date (UTC):	12/03/2025
Path:	/tmp/morte.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5531, Parent PID: 5529

General

Start time (UTC):	01:39:10
Start date (UTC):	12/03/2025
Path:	/tmp/morte.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report morte.sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: morte.sh4.elf PID: 5493, Parent PID: 5412

General

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5495, Parent PID: 5493

General

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5497, Parent PID: 5495

General

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5529, Parent PID: 5495

General

Chronological Activities

Analysis Process: morte.sh4.elf PID: 5531, Parent PID: 5529

General

Chronological Activities

Linux Analysis Report
morte.sh4.elf