Loading ...

Play interactive tourEdit tour

Linux Analysis Report z0FwvGSnDF

Overview

General Information

Sample Name:z0FwvGSnDF
Analysis ID:452439
MD5:dafbf75b66b11d7d3b2dcd284c8ac302
SHA1:d1736cc4d7efab8522907550ae0ad5c2e52b296e
SHA256:a524c003fb6dda1f77eda693accef4fff0a0d9fbe7bb0dcfeaa319e526367258
Tags:32elfmiraimotorola
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Exit code information suggests that the sample terminated abnormally, try to lookup the sample's target architecture
Non-zero exit code suggests an error during the execution. Lookup the error code for hints.
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:452439
Start date:22.07.2021
Start time:11:03:45
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 8s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:z0FwvGSnDF
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Detection:MAL
Classification:mal48.lin@0/2@0/0

Process Tree

  • system is lnxubuntu1
  • z0FwvGSnDF (PID: 4573, Parent: 4498, MD5: dafbf75b66b11d7d3b2dcd284c8ac302) Arguments: /usr/bin/qemu-m68k /tmp/z0FwvGSnDF
  • upstart New Fork (PID: 4587, Parent: 3310)
  • sh (PID: 4587, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4588, Parent: 4587)
    • date (PID: 4588, Parent: 4587, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4605, Parent: 4587)
    • apport-checkreports (PID: 4605, Parent: 4587, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 4614, Parent: 3310)
  • sh (PID: 4614, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4615, Parent: 4614)
    • date (PID: 4615, Parent: 4614, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4618, Parent: 4614)
    • apport-gtk (PID: 4618, Parent: 4614, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 4641, Parent: 3310)
  • sh (PID: 4641, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 4642, Parent: 4641)
    • date (PID: 4642, Parent: 4641, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 4645, Parent: 4641)
    • apport-gtk (PID: 4645, Parent: 4641, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: z0FwvGSnDFVirustotal: Detection: 52%Perma Link
Source: z0FwvGSnDFReversingLabs: Detection: 54%
Source: unknownTCP traffic detected without corresponding DNS query: 62.101.96.107
Source: unknownTCP traffic detected without corresponding DNS query: 89.108.182.73
Source: unknownTCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 212.64.174.180
Source: unknownTCP traffic detected without corresponding DNS query: 193.204.194.25
Source: unknownTCP traffic detected without corresponding DNS query: 218.3.209.122
Source: unknownTCP traffic detected without corresponding DNS query: 116.234.228.208
Source: unknownTCP traffic detected without corresponding DNS query: 121.134.140.247
Source: unknownTCP traffic detected without corresponding DNS query: 121.134.140.247
Source: unknownTCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 112.95.114.170
Source: unknownTCP traffic detected without corresponding DNS query: 27.207.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: unknownTCP traffic detected without corresponding DNS query: 69.162.158.5
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.lin@0/2@0/0
Source: /tmp/z0FwvGSnDF (PID: 4573)Queries kernel information via 'uname':
Source: /usr/share/apport/apport-gtk (PID: 4618)Queries kernel information via 'uname':
Source: /usr/share/apport/apport-gtk (PID: 4645)Queries kernel information via 'uname':

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSecurity Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 452439 Sample: z0FwvGSnDF Startdate: 22/07/2021 Architecture: LINUX Score: 48 27 69.162.158.5, 23, 36608 STEADFASTUS United States 2->27 29 89.108.182.73, 23, 59070 SODETEL-ASLB Lebanon 2->29 31 8 other IPs or domains 2->31 33 Multi AV Scanner detection for submitted file 2->33 7 upstart sh 2->7         started        9 upstart sh 2->9         started        11 upstart sh 2->11         started        13 z0FwvGSnDF 2->13         started        signatures3 process4 process5 15 sh date 7->15         started        17 sh apport-checkreports 7->17         started        19 sh date 9->19         started        21 sh apport-gtk 9->21         started        23 sh date 11->23         started        25 sh apport-gtk 11->25         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
z0FwvGSnDF52%VirustotalBrowse
z0FwvGSnDF54%ReversingLabsLinux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public

IPDomainCountryFlagASNASN NameMalicious
27.207.129.233
unknownChina
4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
112.95.114.170
unknownChina
17623CNCGROUP-SZChinaUnicomShenzennetworkCNfalse
121.134.140.247
unknownKorea Republic of
4766KIXS-AS-KRKoreaTelecomKRfalse
62.101.96.107
unknownItaly
12874FASTWEBITfalse
89.108.182.73
unknownLebanon
31126SODETEL-ASLBfalse
212.64.174.180
unknownSpain
12540IDECNET-ASESfalse
218.3.209.122
unknownChina
4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
193.204.194.25
unknownItaly
137ASGARRConsortiumGARREUfalse
116.234.228.208
unknownChina
4812CHINANET-SH-APChinaTelecomGroupCNfalse
69.162.158.5
unknownUnited States
32748STEADFASTUSfalse


Runtime Messages

Command:/tmp/z0FwvGSnDF
Exit Code:132
Exit Code Info:SIGILL (4) Illegal Instruction
Killed:False
Standard Output:

Standard Error:qemu: uncaught target signal 4 (Illegal instruction) - core dumped

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
CHINA169-BACKBONECHINAUNICOMChina169BackboneCND1dU3jQ1IIGet hashmaliciousBrowse
  • 183.188.114.224
sDwNKSpuhBGet hashmaliciousBrowse
  • 118.80.35.209
A7X93JRxhpGet hashmaliciousBrowse
  • 112.252.160.31
8ZJ0cPowTyGet hashmaliciousBrowse
  • 42.233.218.60
92CRMNlBq8Get hashmaliciousBrowse
  • 112.252.19.82
XuQRPW44hiGet hashmaliciousBrowse
  • 119.115.153.116
Taf5zLti30Get hashmaliciousBrowse
  • 171.38.232.41
LyxN1ckWTWGet hashmaliciousBrowse
  • 171.124.229.89
U1R7Ed7940Get hashmaliciousBrowse
  • 112.87.49.6
dMTlC3Kf9lGet hashmaliciousBrowse
  • 27.203.225.122
GEso3CniSkGet hashmaliciousBrowse
  • 122.140.177.221
bPAMfuy9oaGet hashmaliciousBrowse
  • 222.139.186.139
U4r9W64doyGet hashmaliciousBrowse
  • 113.6.132.80
kb5IbEJU8cGet hashmaliciousBrowse
  • 58.245.48.175
CefN2XNyFiGet hashmaliciousBrowse
  • 1.26.211.73
7OAzOUL9cdGet hashmaliciousBrowse
  • 123.131.65.248
g516PzRL2ZGet hashmaliciousBrowse
  • 175.163.76.171
MD5OxTSc6iGet hashmaliciousBrowse
  • 110.7.174.181
Qka3fi8NpLGet hashmaliciousBrowse
  • 119.27.114.19
Xr3hmBQcmwGet hashmaliciousBrowse
  • 175.170.137.64
KIXS-AS-KRKoreaTelecomKRD1dU3jQ1IIGet hashmaliciousBrowse
  • 218.158.241.237
RsEvjI1iTt.exeGet hashmaliciousBrowse
  • 121.136.102.4
A7X93JRxhpGet hashmaliciousBrowse
  • 125.137.150.28
8ZJ0cPowTyGet hashmaliciousBrowse
  • 119.215.188.3
92CRMNlBq8Get hashmaliciousBrowse
  • 183.126.251.85
XuQRPW44hiGet hashmaliciousBrowse
  • 121.170.47.64
Taf5zLti30Get hashmaliciousBrowse
  • 175.198.110.50
5qpsqg7U0GGet hashmaliciousBrowse
  • 175.239.252.125
U5q75RGCmQGet hashmaliciousBrowse
  • 222.96.223.234
oEF7GAiRIgGet hashmaliciousBrowse
  • 121.145.187.107
GEso3CniSkGet hashmaliciousBrowse
  • 121.177.185.16
BTNNG17tlhGet hashmaliciousBrowse
  • 121.152.147.6
bPAMfuy9oaGet hashmaliciousBrowse
  • 121.177.185.53
apep.mipsGet hashmaliciousBrowse
  • 121.170.84.41
CefN2XNyFiGet hashmaliciousBrowse
  • 119.193.74.164
7OAzOUL9cdGet hashmaliciousBrowse
  • 118.41.209.66
MD5OxTSc6iGet hashmaliciousBrowse
  • 61.85.109.214
c51w5YSYdOGet hashmaliciousBrowse
  • 125.153.59.17
Xr3hmBQcmwGet hashmaliciousBrowse
  • 112.174.230.242
xjYvqOne1tGet hashmaliciousBrowse
  • 183.126.2.191
CNCGROUP-SZChinaUnicomShenzennetworkCNCGjf615z6vGet hashmaliciousBrowse
  • 27.38.50.188
yZEHOt8K7XGet hashmaliciousBrowse
  • 120.87.46.204
mssecsvr.exeGet hashmaliciousBrowse
  • 58.251.111.21
http://www.car388.comGet hashmaliciousBrowse
  • 58.251.100.24
https://u2867613.ct.sendgrid.net/ls/click?upn=xIoWet-2BTMg-2BVfl4m7Gz858a6bYE3yZGH61RmRbvDHYhDUUyAr1Khjkxjj-2BCUfZyREJKkLWm9kXM9xf2kpkPym7RRw-2FwPrffbBsg-2F9xfKVDnOmgo93gbmBWdQlqyAyP6o2T8m_UI-2Fa1HdcsOvWi0gT08Rm2AqxEWew-2BvQc9v-2FOJ0CFs-2Fqmzwsz0zZu1Q-2BhEiFDm76OxMI40TkUvAXI0PiE1M2-2FS3oBYErkDgrtvY8yQsueuZcmX1DOoK-2FGmjPfEq0WBdYkjBYItiWl4s0ifjNMViDKhI9pbY0wredclLKDY7HERPktB19FV8A6-2BUXfbzMfngXRV255yqgwGHIOt9NkZc15pe89ff-2FrtjvpWWMIjahF0XA-3DGet hashmaliciousBrowse
  • 123.58.36.176
JWZztRr04.exeGet hashmaliciousBrowse
  • 163.177.90.125
QQ_9.0.1.23161_setup.exeGet hashmaliciousBrowse
  • 163.177.93.156
N6T1bWei3a.apkGet hashmaliciousBrowse
  • 112.90.78.173
qq9.0.0.exeGet hashmaliciousBrowse
  • 163.177.93.156
www.777pan.cc/file-111542.htmlGet hashmaliciousBrowse
  • 58.251.100.24

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/var/crash/_usr_share_apport_apport-checkreports.1000.crash
Process:/usr/share/apport/apport-checkreports
File Type:ASCII text
Category:dropped
Size (bytes):14916
Entropy (8bit):4.684276917760678
Encrypted:false
SSDEEP:192:FbsJrszJG+PFNL0aM3AhWAFRAWHzEimaKPIihbM:A6FNLBzEie2
MD5:C822B83B52268F71E07FEBF2368BA15A
SHA1:A845FE0FC7EC37F3662169C187E224D5F38D34A6
SHA-256:8541268C17C8D1B3DDABA809D1973D305AD7C9112FB35C81964116C974514C39
SHA-512:CE35DB6B750C0FA8BEA8215803AEB39E077973912C21DD9AFA9BE1260783407048417FF1DEE9F4DADD2A207927B7C968EFA0B83BFA7A8ABBBCA132E4D26C0D5F
Malicious:false
Reputation:low
Preview: ProblemType: Crash.Date: Thu Jul 22 13:04:20 2021.ExecutablePath: /usr/share/apport/apport-checkreports.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-checkreports --system.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 0177c000-01ad4000 rw-p 00000000 00:00 0 [heap]. 7f4414cad000-7f4414e2e000 rw-p 00000000 00:00 0 . 7f4414e2e000-7f4414e45000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7f4414e45000-7f4415044000 ---p 00017000 fc:0
/var/crash/_usr_share_apport_apport-gtk.1000.crash
Process:/usr/share/apport/apport-gtk
File Type:ASCII text
Category:dropped
Size (bytes):47094
Entropy (8bit):4.499763637776248
Encrypted:false
SSDEEP:768:Jj/w9/Z///f/QNgrZaqGqdL/k7NA3GcA3l:JjC/Z///f/3aqGqdL/k7NA3GcA3l
MD5:DB4D1B1AEF13086C174248ACC2C16F6F
SHA1:F0F004B5AAC395755FF748005007C3B7F8091A67
SHA-256:3C4F544F4DF6EC6356934C0B8FBE69922068624C67839A5393D656350D809F1C
SHA-512:ACD9926D82775610EF381219F3933830F169E9DD8BE60F738A9A77FEEB8668A1957A24AC1715B01CC0A7B775EC591A426CF3369F826E7F89A267430EB3F0D39D
Malicious:false
Reputation:low
Preview: ProblemType: Crash.Date: Thu Jul 22 13:04:20 2021.ExecutablePath: /usr/share/apport/apport-gtk.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-gtk.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 01018000-0153c000 rw-p 00000000 00:00 0 [heap]. 7fb2b3f7e000-7fb2b407e000 rw-p 00000000 00:00 0 . 7fb2b407e000-7fb2b4095000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7fb2b4095000-7fb2b4294000 ---p 00017000 fc:00 2382

Static File Info

General

File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):6.212564047873712
TrID:
  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:z0FwvGSnDF
File size:53056
MD5:dafbf75b66b11d7d3b2dcd284c8ac302
SHA1:d1736cc4d7efab8522907550ae0ad5c2e52b296e
SHA256:a524c003fb6dda1f77eda693accef4fff0a0d9fbe7bb0dcfeaa319e526367258
SHA512:808496017ae6c062911902ca70339272371723cdb979f7039cf13e46869557b33e3a9017f9738f7aaa6b35147eb09622195c564d599816be4e34848c7daf4022
SSDEEP:768:mLGOe2kf9e9X9nbermI7vc59QPQs5gFHviPuzWeHXpi2UJTpDnH638gZ:mL/4f8F1ef0YgFvimzpZi2UJJnHY8w
File Content Preview:.ELF.......................D...4.........4. ...(.................................. ....................p.......... .dt.Q............................NV..a....da.....N^NuNV..J9...pf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........pN^NuNV..N^NuN

Static ELF Info

ELF header

Class:ELF32
Data:2's complement, big endian
Version:1 (current)
Machine:MC68000
Version Number:0x1
Type:EXEC (Executable file)
OS/ABI:UNIX - System V
ABI Version:0
Entry Point Address:0x80000144
Flags:0x0
ELF Header Size:52
Program Header Offset:52
Program Header Size:32
Number of Program Headers:3
Section Header Offset:52656
Section Header Size:40
Number of Section Headers:10
Header String Table Index:9

Sections

NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
NULL0x00x00x00x00x0000
.initPROGBITS0x800000940x940x140x00x6AX002
.textPROGBITS0x800000a80xa80xc5d60x00x6AX004
.finiPROGBITS0x8000c67e0xc67e0xe0x00x6AX002
.rodataPROGBITS0x8000c68c0xc68c0x56e0x00x2A002
.ctorsPROGBITS0x8000ec000xcc000x80x00x3WA004
.dtorsPROGBITS0x8000ec080xcc080x80x00x3WA004
.dataPROGBITS0x8000ec140xcc140x15c0x00x3WA004
.bssNOBITS0x8000ed700xcd700x23c0x00x3WA004
.shstrtabSTRTAB0x00xcd700x3e0x00x0001

Program Segments

TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
LOAD0x00x800000000x800000000xcbfa0xcbfa4.23230x5R E0x2000.init .text .fini .rodata
LOAD0xcc000x8000ec000x8000ec000x1700x3ac0.27750x6RW 0x2000.ctors .dtors .data .bss
GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

Network Behavior

Snort IDS Alerts

TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
07/22/21-11:04:21.807137ICMP399ICMP Destination Unreachable Host Unreachable192.12.76.3192.168.2.20

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Jul 22, 2021 11:04:21.918428898 CEST235393462.101.96.107192.168.2.20
Jul 22, 2021 11:04:21.918591022 CEST5393423192.168.2.2062.101.96.107
Jul 22, 2021 11:04:23.844746113 CEST235907089.108.182.73192.168.2.20
Jul 22, 2021 11:04:23.844914913 CEST5907023192.168.2.2089.108.182.73
Jul 22, 2021 11:04:27.151252985 CEST234562627.207.129.233192.168.2.20
Jul 22, 2021 11:04:27.151485920 CEST4562623192.168.2.2027.207.129.233
Jul 22, 2021 11:04:27.955425024 CEST2335218198.190.101.173192.168.2.20
Jul 22, 2021 11:04:28.814352989 CEST2353506212.64.174.180192.168.2.20
Jul 22, 2021 11:04:28.814585924 CEST5350623192.168.2.20212.64.174.180
Jul 22, 2021 11:04:32.992007017 CEST2348178193.204.194.25192.168.2.20
Jul 22, 2021 11:04:32.992197037 CEST4817823192.168.2.20193.204.194.25
Jul 22, 2021 11:04:36.741559029 CEST2342870218.3.209.122192.168.2.20
Jul 22, 2021 11:04:36.741900921 CEST4287023192.168.2.20218.3.209.122
Jul 22, 2021 11:04:40.168905020 CEST2348698116.234.228.208192.168.2.20
Jul 22, 2021 11:04:40.169090986 CEST4869823192.168.2.20116.234.228.208
Jul 22, 2021 11:04:42.846307993 CEST2348694121.134.140.247192.168.2.20
Jul 22, 2021 11:04:42.846462011 CEST4869423192.168.2.20121.134.140.247
Jul 22, 2021 11:04:42.846641064 CEST2348694121.134.140.247192.168.2.20
Jul 22, 2021 11:04:42.846719027 CEST4869423192.168.2.20121.134.140.247
Jul 22, 2021 11:04:57.154316902 CEST234562627.207.129.233192.168.2.20
Jul 22, 2021 11:04:57.154469013 CEST4562623192.168.2.2027.207.129.233
Jul 22, 2021 11:05:15.710688114 CEST2337848112.95.114.170192.168.2.20
Jul 22, 2021 11:05:15.711007118 CEST3784823192.168.2.20112.95.114.170
Jul 22, 2021 11:05:27.145962000 CEST234562627.207.129.233192.168.2.20
Jul 22, 2021 11:05:27.146151066 CEST4562623192.168.2.2027.207.129.233
Jul 22, 2021 11:05:34.696278095 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.696587086 CEST3660823192.168.2.2069.162.158.5
Jul 22, 2021 11:05:34.697474003 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.697561979 CEST3660823192.168.2.2069.162.158.5
Jul 22, 2021 11:05:34.698805094 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.698834896 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.699078083 CEST3660823192.168.2.2069.162.158.5
Jul 22, 2021 11:05:34.699122906 CEST3660823192.168.2.2069.162.158.5
Jul 22, 2021 11:05:34.701443911 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.701536894 CEST3660823192.168.2.2069.162.158.5
Jul 22, 2021 11:05:34.702779055 CEST233660869.162.158.5192.168.2.20
Jul 22, 2021 11:05:34.702989101 CEST3660823192.168.2.2069.162.158.5

ICMP Packets

TimestampSource IPDest IPChecksumCodeType
Jul 22, 2021 11:04:21.807137012 CEST192.12.76.3192.168.2.206c6a(Host unreachable)Destination Unreachable

System Behavior

General

Start time:11:04:19
Start date:22/07/2021
Path:/tmp/z0FwvGSnDF
Arguments:/usr/bin/qemu-m68k /tmp/z0FwvGSnDF
File size:53056 bytes
MD5 hash:dafbf75b66b11d7d3b2dcd284c8ac302

General

Start time:11:04:20
Start date:22/07/2021
Path:/sbin/upstart
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:/bin/sh -e /proc/self/fd/9
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/date
Arguments:date
File size:68464 bytes
MD5 hash:54903b613f9019bfca9f5d28a4fff34e

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/usr/share/apport/apport-checkreports
Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
File size:1269 bytes
MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

General

Start time:11:04:20
Start date:22/07/2021
Path:/sbin/upstart
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:/bin/sh -e /proc/self/fd/9
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/date
Arguments:date
File size:68464 bytes
MD5 hash:54903b613f9019bfca9f5d28a4fff34e

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/usr/share/apport/apport-gtk
Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
File size:23806 bytes
MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

General

Start time:11:04:20
Start date:22/07/2021
Path:/sbin/upstart
Arguments:n/a
File size:0 bytes
MD5 hash:00000000000000000000000000000000

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:/bin/sh -e /proc/self/fd/9
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/date
Arguments:date
File size:68464 bytes
MD5 hash:54903b613f9019bfca9f5d28a4fff34e

General

Start time:11:04:20
Start date:22/07/2021
Path:/bin/sh
Arguments:n/a
File size:4 bytes
MD5 hash:e02ea3c3450d44126c46d658fa9e654c

General

Start time:11:04:20
Start date:22/07/2021
Path:/usr/share/apport/apport-gtk
Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
File size:23806 bytes
MD5 hash:ec58a49a30ef6a29406a204f28cc7d87