Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
QuSDT8cmP0

Overview

General Information

Sample Name:QuSDT8cmP0
Analysis ID:557419
MD5:d60f2b0aded8eb8614c30b43b6944fd9
SHA1:8afb2e9490ca96238e6be2abd660da2350a220a5
SHA256:478df6827563def2d75e26b35c3444f10474ebbe970766127f941f66a2e391da
Tags:32elfmiraisparc
Infos:

Detection

Mirai
Score:68
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill multiple processes (SIGKILL)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:557419
Start date:21.01.2022
Start time:04:22:24
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 48s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:QuSDT8cmP0
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal68.spre.troj.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/QuSDT8cmP0
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
DaddyL33T Infected Your Shit
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: QuSDT8cmP0Virustotal: Detection: 47%Perma Link
    Source: QuSDT8cmP0ReversingLabs: Detection: 51%

    Networking

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 110.153.191.117:23 -> 192.168.2.23:35126
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60212
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60212
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60242
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60242
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:56976
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.82.200.167:23 -> 192.168.2.23:48122
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60278
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60278
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:56982
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:56990
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:56992
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57000
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38602
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38602
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60298
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60298
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57004
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57016
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57040
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57070
    Source: TrafficSnort IDS: 716 INFO TELNET access 94.247.94.179:23 -> 192.168.2.23:57086
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50338
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60376
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60376
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50338
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38680
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38680
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50362
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50362
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50366
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50366
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60426
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60426
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.82.200.167:23 -> 192.168.2.23:48274
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50372
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38736
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38736
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38736 -> 59.120.86.239:23
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50372
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50400
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.178.58.54:23 -> 192.168.2.23:55726
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.178.58.54:23 -> 192.168.2.23:55726
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50400
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60468
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60468
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50438
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50438
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38800
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38800
    Source: TrafficSnort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38800 -> 59.120.86.239:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50466
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50466
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50498
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50498
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60542
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60542
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.178.58.54:23 -> 192.168.2.23:55824
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.178.58.54:23 -> 192.168.2.23:55824
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50508
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50508
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38870
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38870
    Source: TrafficSnort IDS: 716 INFO TELNET access 177.215.137.50:23 -> 192.168.2.23:50518
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57610
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 177.215.137.50:23 -> 192.168.2.23:50518
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57628
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57634
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57638
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57640
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57642
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60582
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60582
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57644
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57652
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57656
    Source: TrafficSnort IDS: 716 INFO TELNET access 114.227.112.195:23 -> 192.168.2.23:57672
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.82.200.167:23 -> 192.168.2.23:48472
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.178.58.54:23 -> 192.168.2.23:55878
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 5.178.58.54:23 -> 192.168.2.23:55878
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:38938
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:38938
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 88.114.10.172:23 -> 192.168.2.23:60676
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 88.114.10.172:23 -> 192.168.2.23:60676
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 14.207.137.202:23 -> 192.168.2.23:39970
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 59.120.86.239:23 -> 192.168.2.23:39028
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 59.120.86.239:23 -> 192.168.2.23:39028
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:59584 -> 45.88.181.48:420
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::0
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::23
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::53413
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::80
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::52869
    Source: /tmp/QuSDT8cmP0 (PID: 5225)Socket: 0.0.0.0::37215
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::0
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::23
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::53413
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::80
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::52869
    Source: /tmp/QuSDT8cmP0 (PID: 5231)Socket: 0.0.0.0::37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 45.88.181.48
    Source: unknownTCP traffic detected without corresponding DNS query: 141.125.3.54
    Source: unknownTCP traffic detected without corresponding DNS query: 153.40.115.48
    Source: unknownTCP traffic detected without corresponding DNS query: 84.134.226.91
    Source: unknownTCP traffic detected without corresponding DNS query: 245.242.1.54
    Source: unknownTCP traffic detected without corresponding DNS query: 5.136.91.12
    Source: unknownTCP traffic detected without corresponding DNS query: 116.103.97.227
    Source: unknownTCP traffic detected without corresponding DNS query: 75.102.46.41
    Source: unknownTCP traffic detected without corresponding DNS query: 81.239.37.249
    Source: unknownTCP traffic detected without corresponding DNS query: 5.114.134.164
    Source: unknownTCP traffic detected without corresponding DNS query: 128.240.199.133
    Source: unknownTCP traffic detected without corresponding DNS query: 98.164.47.236
    Source: unknownTCP traffic detected without corresponding DNS query: 97.109.215.24
    Source: unknownTCP traffic detected without corresponding DNS query: 160.251.243.155
    Source: unknownTCP traffic detected without corresponding DNS query: 9.186.54.198
    Source: unknownTCP traffic detected without corresponding DNS query: 68.46.253.162
    Source: unknownTCP traffic detected without corresponding DNS query: 121.239.203.229
    Source: unknownTCP traffic detected without corresponding DNS query: 247.91.209.130
    Source: unknownTCP traffic detected without corresponding DNS query: 44.173.125.59
    Source: unknownTCP traffic detected without corresponding DNS query: 78.170.134.38
    Source: unknownTCP traffic detected without corresponding DNS query: 221.74.104.126
    Source: unknownTCP traffic detected without corresponding DNS query: 144.31.80.252
    Source: unknownTCP traffic detected without corresponding DNS query: 191.37.160.9
    Source: unknownTCP traffic detected without corresponding DNS query: 14.80.215.34
    Source: unknownTCP traffic detected without corresponding DNS query: 8.66.43.10
    Source: unknownTCP traffic detected without corresponding DNS query: 35.24.192.247
    Source: unknownTCP traffic detected without corresponding DNS query: 181.250.230.213
    Source: unknownTCP traffic detected without corresponding DNS query: 249.227.28.54
    Source: unknownTCP traffic detected without corresponding DNS query: 204.41.51.63
    Source: unknownTCP traffic detected without corresponding DNS query: 218.81.93.81
    Source: unknownTCP traffic detected without corresponding DNS query: 159.176.79.175
    Source: unknownTCP traffic detected without corresponding DNS query: 247.199.71.220
    Source: unknownTCP traffic detected without corresponding DNS query: 216.66.208.186
    Source: unknownTCP traffic detected without corresponding DNS query: 148.65.255.115
    Source: unknownTCP traffic detected without corresponding DNS query: 4.57.104.164
    Source: unknownTCP traffic detected without corresponding DNS query: 118.2.124.42
    Source: unknownTCP traffic detected without corresponding DNS query: 182.68.131.181
    Source: unknownTCP traffic detected without corresponding DNS query: 79.199.36.207
    Source: unknownTCP traffic detected without corresponding DNS query: 76.241.77.134
    Source: unknownTCP traffic detected without corresponding DNS query: 12.23.61.55
    Source: unknownTCP traffic detected without corresponding DNS query: 34.3.254.99
    Source: unknownTCP traffic detected without corresponding DNS query: 255.55.130.73
    Source: unknownTCP traffic detected without corresponding DNS query: 197.204.95.210
    Source: unknownTCP traffic detected without corresponding DNS query: 182.89.100.230
    Source: unknownTCP traffic detected without corresponding DNS query: 221.178.168.238
    Source: unknownTCP traffic detected without corresponding DNS query: 34.139.149.153
    Source: unknownTCP traffic detected without corresponding DNS query: 4.197.41.27
    Source: unknownTCP traffic detected without corresponding DNS query: 195.175.181.181
    Source: unknownTCP traffic detected without corresponding DNS query: 190.63.92.82
    Source: unknownTCP traffic detected without corresponding DNS query: 194.214.238.184

    System Summary

    barindex
    Sample tries to kill multiple processes (SIGKILL)
    Source: /tmp/QuSDT8cmP0 (PID: 5225)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5244, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2102, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5234, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5247, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5251, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5253, result: successful
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/QuSDT8cmP0 (PID: 5225)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5244, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2096, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2097, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2102, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5234, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5247, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5251, result: successful
    Source: /tmp/QuSDT8cmP0 (PID: 5231)SIGKILL sent: pid: 5253, result: successful
    Source: classification engineClassification label: mal68.spre.troj.lin@0/0@0/0
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2033/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2033/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1582/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1582/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2275/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2275/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/3088/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1612/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1612/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1579/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1579/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1699/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1699/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1335/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1335/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1698/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1698/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2028/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2028/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1334/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1334/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1576/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1576/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2302/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2302/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/3236/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/3236/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2025/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2025/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2146/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2146/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/910/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/912/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/912/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/912/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/912/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/759/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/759/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/759/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/759/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/517/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2307/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2307/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/918/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/918/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/918/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/918/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/5030/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/5030/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/5152/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1594/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1594/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2285/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2285/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2281/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2281/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1349/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1349/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1623/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1623/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/761/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/761/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/761/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/761/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1622/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1622/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/884/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/884/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/884/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/884/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1983/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1983/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2038/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2038/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1586/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1586/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1465/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1465/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1344/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1344/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1860/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1860/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1463/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1463/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2156/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/2156/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/800/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/800/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/800/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/800/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/801/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/801/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/801/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/801/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/4456/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/4457/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1629/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1629/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/4458/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/4459/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1627/fd
    Source: /tmp/QuSDT8cmP0 (PID: 5231)File opened: /proc/1627/exe
    Source: /tmp/QuSDT8cmP0 (PID: 5223)Queries kernel information via 'uname':
    Source: QuSDT8cmP0, 5223.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5225.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5243.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5244.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5247.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5250.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5253.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5248.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5251.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5226.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5261.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5232.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5234.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
    Source: QuSDT8cmP0, 5223.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5225.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5243.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5244.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5247.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5250.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5253.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5248.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5251.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5226.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5261.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5232.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmp, QuSDT8cmP0, 5234.1.00000000681f4d7f.00000000c8b9fbc2.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/sparc
    Source: QuSDT8cmP0, 5261.1.00000000c8b9fbc2.00000000c0e52249.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: QuSDT8cmP0, 5261.1.00000000c8b9fbc2.00000000c0e52249.rw-.sdmpBinary or memory string: V/sparc/10 /proc/2080/fd/50!/proc/2025/fd/11/usr/bin/vmtoolsdparc/10!/proc/2080/fd/40!/proc/2025/fd/21
    Source: QuSDT8cmP0, 5261.1.00000000c8b9fbc2.00000000c0e52249.rw-.sdmpBinary or memory string: V/sparc/10 /usr/bin/qemu-sparc!/proc/5244/fd/.1P\
    Source: QuSDT8cmP0, 5223.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5225.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5243.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5244.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5247.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5250.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5253.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5248.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5251.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5226.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5261.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5232.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5234.1.00000000d7eee3ac.000000002d26f599.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/QuSDT8cmP0SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/QuSDT8cmP0
    Source: QuSDT8cmP0, 5223.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5225.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5243.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5244.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5247.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5250.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5253.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5248.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5251.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5226.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5261.1.00000000c8b9fbc2.00000000c0e52249.rw-.sdmp, QuSDT8cmP0, 5261.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5232.1.00000000d7eee3ac.000000002d26f599.rw-.sdmp, QuSDT8cmP0, 5234.1.00000000d7eee3ac.000000002d26f599.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 557419 Sample: QuSDT8cmP0 Startdate: 21/01/2022 Architecture: LINUX Score: 68 44 41.244.86.103, 23 VIETTEL-CM-ASCM Cameroon 2->44 46 207.24.202.205 UUNETUS United States 2->46 48 98 other IPs or domains 2->48 50 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 Yara detected Mirai 2->54 10 QuSDT8cmP0 2->10         started        signatures3 process4 process5 12 QuSDT8cmP0 10->12         started        15 QuSDT8cmP0 10->15         started        17 QuSDT8cmP0 10->17         started        signatures6 58 Sample tries to kill multiple processes (SIGKILL) 12->58 19 QuSDT8cmP0 12->19         started        21 QuSDT8cmP0 12->21         started        23 QuSDT8cmP0 15->23         started        26 QuSDT8cmP0 15->26         started        28 QuSDT8cmP0 15->28         started        process7 signatures8 30 QuSDT8cmP0 19->30         started        32 QuSDT8cmP0 19->32         started        34 QuSDT8cmP0 19->34         started        56 Sample tries to kill multiple processes (SIGKILL) 23->56 36 QuSDT8cmP0 23->36         started        38 QuSDT8cmP0 23->38         started        process9 process10 40 QuSDT8cmP0 30->40         started        42 QuSDT8cmP0 30->42         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    QuSDT8cmP048%VirustotalBrowse
    QuSDT8cmP051%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    168.199.202.201
    		unknownUnited States
    		264757GALLOVICENTEARfalse
    150.44.183.19
    		unknownJapan9991SHUDO-UHiroshimaShudoUniversityJPfalse
    18.13.159.86
    		unknownUnited States
    		3MIT-GATEWAYSUSfalse
    77.173.178.44
    		unknownNetherlands
    		1136KPNKPNNationalEUfalse
    126.24.142.249
    		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
    72.54.152.63
    		unknownUnited States
    		17184ATL-CBEYONDUSfalse
    4.78.135.156
    		unknownUnited States
    		3356LEVEL3USfalse
    253.204.211.94
    		unknownReserved
    		unknownunknownfalse
    53.110.115.41
    		unknownGermany
    		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
    79.181.131.77
    		unknownIsrael
    		8551BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneILfalse
    142.31.146.148
    		unknownCanada
    		3633PROVINCE-OF-BRITISH-COLUMBIACAfalse
    167.159.138.239
    		unknownUnited States
    		16988IPAPERUSfalse
    222.120.81.51
    		unknownKorea Republic of
    		4766KIXS-AS-KRKoreaTelecomKRfalse
    245.152.136.82
    		unknownReserved
    		unknownunknownfalse
    242.80.56.190
    		unknownReserved
    		unknownunknownfalse
    223.126.250.170
    		unknownChina
    		58453CMI-INT-HKLevel30Tower1HKfalse
    166.230.146.159
    		unknownUnited States
    		29946UNION-CELLUSfalse
    120.197.138.66
    		unknownChina
    		56040CMNET-GUANGDONG-APChinaMobilecommunicationscorporationfalse
    207.62.134.92
    		unknownUnited States
    		2152CSUNET-NWUSfalse
    47.38.202.110
    		unknownUnited States
    		20115CHARTER-20115USfalse
    123.75.94.21
    		unknownChina
    		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
    190.178.224.253
    		unknownArgentina
    		22927TelefonicadeArgentinaARfalse
    36.211.134.114
    		unknownChina
    		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
    44.245.91.182
    		unknownUnited States
    		16509AMAZON-02USfalse
    73.122.251.194
    		unknownUnited States
    		7922COMCAST-7922USfalse
    20.92.53.11
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    198.223.111.113
    		unknownUnited States
    		6167CELLCO-PARTUSfalse
    43.36.199.156
    		unknownJapan4249LILLY-ASUSfalse
    112.155.118.62
    		unknownKorea Republic of
    		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
    171.188.4.158
    		unknownUnited States
    		9874STARHUB-MOBILEStarHubLtdSGfalse
    172.126.83.5
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    114.203.165.12
    		unknownKorea Republic of
    		9318SKB-ASSKBroadbandCoLtdKRfalse
    195.180.36.66
    		unknownGermany
    		4589EASYNETEasynetGlobalServicesEUfalse
    135.123.1.243
    		unknownUnited States
    		18676AVAYAUSfalse
    179.82.200.112
    		unknownBrazil
    		26599TELEFONICABRASILSABRfalse
    119.147.192.68
    		unknownChina
    		4816CHINANET-IDC-GDChinaTelecomGroupCNfalse
    204.107.47.96
    		unknownUnited States
    		36092CENTENEUSfalse
    212.159.237.202
    		unknownEuropean Union
    		29063ATOS-NL-ASEindhovenNLfalse
    69.158.136.31
    		unknownCanada
    		577BACOMCAfalse
    167.107.163.97
    		unknownUnited States
    		14799EXP-EC2000USfalse
    155.111.161.22
    		unknownUnited States
    		61153PROCTERGAMBLENCSCDEfalse
    39.134.230.0
    		unknownChina
    		24445CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCNfalse
    145.24.212.10
    		unknownNetherlands
    		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
    160.180.17.139
    		unknownItaly
    		36903MT-MPLSMAfalse
    54.135.223.195
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    198.197.59.205
    		unknownUnited States
    		292ESNET-WESTUSfalse
    174.230.185.67
    		unknownUnited States
    		22394CELLCOUSfalse
    168.206.172.110
    		unknownSouth Africa
    		137951CLAYERLIMITED-AS-APClayerLimitedHKfalse
    19.174.112.247
    		unknownUnited States
    		3MIT-GATEWAYSUSfalse
    76.228.30.240
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    167.58.180.37
    		unknownUruguay
    		6057AdministracionNacionaldeTelecomunicacionesUYfalse
    133.29.224.39
    		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
    88.238.39.231
    		unknownTurkey
    		9121TTNETTRfalse
    79.244.123.100
    		unknownGermany
    		3320DTAGInternetserviceprovideroperationsDEfalse
    108.130.186.163
    		unknownUnited States
    		16509AMAZON-02USfalse
    91.33.106.70
    		unknownGermany
    		3320DTAGInternetserviceprovideroperationsDEfalse
    250.107.140.6
    		unknownReserved
    		unknownunknownfalse
    194.245.81.249
    		unknownGermany
    		5517CSLDEfalse
    177.59.108.172
    		unknownBrazil
    		22085ClaroSABRfalse
    147.19.211.229
    		unknownUnited States
    		10796TWC-10796-MIDWESTUSfalse
    18.234.211.50
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    165.77.133.140
    		unknownUnited States
    		4725ODNSoftBankMobileCorpJPfalse
    165.38.170.201
    		unknownUnited States
    		37053RSAWEB-ASZAfalse
    136.241.186.233
    		unknownUnited States
    		22174NET-SUC-TECH-ALFUSfalse
    83.252.133.11
    		unknownSweden
    		39651COMHEM-SWEDENSEfalse
    2.106.70.230
    		unknownDenmark
    		3292TDCTDCASDKfalse
    254.10.165.210
    		unknownReserved
    		unknownunknownfalse
    207.24.202.205
    		unknownUnited States
    		701UUNETUSfalse
    168.215.97.191
    		unknownUnited States
    		10753LVLT-10753USfalse
    27.206.90.28
    		unknownChina
    		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
    103.91.192.164
    		unknownAustralia
    		136521TAFENSW-AS1-APTAFENSWAUfalse
    39.203.152.169
    		unknownIndonesia
    		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
    77.136.223.94
    		unknownFrance
    		15557LDCOMNETFRfalse
    97.69.69.6
    		unknownUnited States
    		33363BHN-33363USfalse
    210.38.58.248
    		unknownChina
    		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
    16.135.247.4
    		unknownUnited States
    		33383HPESUSfalse
    102.119.201.157
    		unknownMauritius
    		23889MauritiusTelecomMUfalse
    242.184.238.84
    		unknownReserved
    		unknownunknownfalse
    13.151.161.248
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    36.9.94.93
    		unknownJapan2516KDDIKDDICORPORATIONJPfalse
    221.230.6.111
    		unknownChina
    		23650CHINANET-JS-AS-APASNumberforCHINANETjiangsuprovincebafalse
    45.161.107.22
    		unknownBrazil
    		268451MINASTELECOMUNICACOESEPORTAISDEPROVEDORESLTDBRfalse
    104.178.245.211
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    248.139.233.80
    		unknownReserved
    		unknownunknownfalse
    133.213.96.112
    		unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
    112.70.64.95
    		unknownJapan17511OPTAGEOPTAGEIncJPfalse
    4.211.149.36
    		unknownUnited States
    		3356LEVEL3USfalse
    197.169.124.226
    		unknownSouth Africa
    		37168CELL-CZAfalse
    159.198.170.204
    		unknownUnited States
    		21595BAXTERUSfalse
    19.215.98.23
    		unknownUnited States
    		3MIT-GATEWAYSUSfalse
    133.178.151.58
    		unknownJapan385AFCONC-BLOCK1-ASUSfalse
    176.28.40.73
    		unknownGermany
    		8972GD-EMEA-DC-SXB1DEfalse
    158.57.112.25
    		unknownUnited States
    		1932CONEDUSfalse
    59.153.53.52
    		unknownHong Kong
    		38478SUNNYVISION-AS-APSunnyVisionLimitedHKfalse
    76.20.122.181
    		unknownUnited States
    		7922COMCAST-7922USfalse
    74.110.216.199
    		unknownUnited States
    		701UUNETUSfalse
    66.194.62.13
    		unknownUnited States
    		40455MAPCOEXPRESSUSfalse
    171.57.98.135
    		unknownIndia
    		9874STARHUB-MOBILEStarHubLtdSGfalse
    250.213.10.215
    		unknownReserved
    		unknownunknownfalse
    41.244.86.103
    		unknownCameroon
    		37620VIETTEL-CM-ASCMfalse

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
    Entropy (8bit):6.034603716214055
    TrID:
    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
    File name:QuSDT8cmP0
    File size:60196
    MD5:d60f2b0aded8eb8614c30b43b6944fd9
    SHA1:8afb2e9490ca96238e6be2abd660da2350a220a5
    SHA256:478df6827563def2d75e26b35c3444f10474ebbe970766127f941f66a2e391da
    SHA512:d69875bbf39af8288d17710bf71b72a2225e4842353662a9535721807d1bfff472554d5bcebada949db61275da4ee7f63af93fe4dc18f893f5a9daccf0ef09c3
    SSDEEP:768:02oW+YBq9esj3ld89S6h/KpADsB06WslGiChXd//qxTxcO+hI7Q:02B+YBSesj3ld8wm/KeDsB06vlwKm7
    File Content Preview:.ELF...........................4.........4. ...(.......................................................x............dt.Q................................@..(....@.86................#.....aX..`.....!.....#...@.....".........`......$#...#...@...........`....

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, big endian
    Version:1 (current)
    Machine:Sparc
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x101a4
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:59796
    Section Header Size:40
    Number of Section Headers:10
    Header String Table Index:9

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .initPROGBITS0x100940x940x1c0x00x6AX004
    .textPROGBITS0x100b00xb00xe1100x00x6AX004
    .finiPROGBITS0x1e1c00xe1c00x140x00x6AX004
    .rodataPROGBITS0x1e1d80xe1d80x6000x00x2A008
    .ctorsPROGBITS0x2e7dc0xe7dc0x80x00x3WA004
    .dtorsPROGBITS0x2e7e40xe7e40x80x00x3WA004
    .dataPROGBITS0x2e7f00xe7f00x1640x00x3WA008
    .bssNOBITS0x2e9580xe9540x2880x00x3WA008
    .shstrtabSTRTAB0x00xe9540x3e0x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00x100000x100000xe7d80xe7d83.37620x5R E0x10000.init .text .fini .rodata
    LOAD0xe7dc0x2e7dc0x2e7dc0x1780x4040.34110x6RW 0x10000.ctors .dtors .data .bss
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 21, 2022 04:23:08.238199949 CET59584420192.168.2.2345.88.181.48
    Jan 21, 2022 04:23:08.257910013 CET1187123192.168.2.23141.125.3.54
    Jan 21, 2022 04:23:08.258104086 CET1187123192.168.2.23153.40.115.48
    Jan 21, 2022 04:23:08.258110046 CET1187123192.168.2.2384.134.226.91
    Jan 21, 2022 04:23:08.258121014 CET1187123192.168.2.23245.242.1.54
    Jan 21, 2022 04:23:08.258176088 CET1187123192.168.2.235.136.91.12
    Jan 21, 2022 04:23:08.258224010 CET1187123192.168.2.23210.170.190.83
    Jan 21, 2022 04:23:08.258238077 CET1187123192.168.2.23116.103.97.227
    Jan 21, 2022 04:23:08.258269072 CET1187123192.168.2.2375.102.46.41
    Jan 21, 2022 04:23:08.258280039 CET1187123192.168.2.2381.239.37.249
    Jan 21, 2022 04:23:08.258322001 CET1187123192.168.2.235.114.134.164
    Jan 21, 2022 04:23:08.258326054 CET1187123192.168.2.23128.240.199.133
    Jan 21, 2022 04:23:08.258371115 CET1187123192.168.2.2398.164.47.236
    Jan 21, 2022 04:23:08.258373976 CET1187123192.168.2.2397.109.215.24
    Jan 21, 2022 04:23:08.258577108 CET1187123192.168.2.23160.251.243.155
    Jan 21, 2022 04:23:08.258586884 CET1187123192.168.2.239.186.54.198
    Jan 21, 2022 04:23:08.258594990 CET1187123192.168.2.2368.46.253.162
    Jan 21, 2022 04:23:08.258627892 CET1187123192.168.2.23121.239.203.229
    Jan 21, 2022 04:23:08.258693933 CET1187123192.168.2.23247.91.209.130
    Jan 21, 2022 04:23:08.258699894 CET1187123192.168.2.239.10.79.127
    Jan 21, 2022 04:23:08.258702040 CET1187123192.168.2.2344.173.125.59
    Jan 21, 2022 04:23:08.258714914 CET1187123192.168.2.23250.238.210.198
    Jan 21, 2022 04:23:08.258760929 CET1187123192.168.2.2378.170.134.38
    Jan 21, 2022 04:23:08.258774996 CET1187123192.168.2.23221.74.104.126
    Jan 21, 2022 04:23:08.258821964 CET1187123192.168.2.23144.31.80.252
    Jan 21, 2022 04:23:08.258836985 CET1187123192.168.2.23191.37.160.9
    Jan 21, 2022 04:23:08.258860111 CET1187123192.168.2.2314.80.215.34
    Jan 21, 2022 04:23:08.258876085 CET1187123192.168.2.238.66.43.10
    Jan 21, 2022 04:23:08.258912086 CET1187123192.168.2.2335.24.192.247
    Jan 21, 2022 04:23:08.258929014 CET1187123192.168.2.23181.250.230.213
    Jan 21, 2022 04:23:08.258936882 CET1187123192.168.2.23249.227.28.54
    Jan 21, 2022 04:23:08.258981943 CET1187123192.168.2.23204.41.51.63
    Jan 21, 2022 04:23:08.259011030 CET1187123192.168.2.23218.81.93.81
    Jan 21, 2022 04:23:08.259063959 CET1187123192.168.2.23159.176.79.175
    Jan 21, 2022 04:23:08.259071112 CET1187123192.168.2.23247.199.71.220
    Jan 21, 2022 04:23:08.259124994 CET1187123192.168.2.23216.66.208.186
    Jan 21, 2022 04:23:08.259125948 CET1187123192.168.2.23148.65.255.115
    Jan 21, 2022 04:23:08.259146929 CET1187123192.168.2.234.57.104.164
    Jan 21, 2022 04:23:08.259205103 CET1187123192.168.2.23118.2.124.42
    Jan 21, 2022 04:23:08.259243965 CET1187123192.168.2.23182.68.131.181
    Jan 21, 2022 04:23:08.259270906 CET1187123192.168.2.2379.199.36.207
    Jan 21, 2022 04:23:08.259299040 CET1187123192.168.2.2376.241.77.134
    Jan 21, 2022 04:23:08.259346962 CET1187123192.168.2.2312.23.61.55
    Jan 21, 2022 04:23:08.259351015 CET1187123192.168.2.2334.3.254.99
    Jan 21, 2022 04:23:08.259394884 CET1187123192.168.2.23255.55.130.73
    Jan 21, 2022 04:23:08.259406090 CET1187123192.168.2.23197.204.95.210
    Jan 21, 2022 04:23:08.259418964 CET1187123192.168.2.23182.89.100.230
    Jan 21, 2022 04:23:08.259423018 CET1187123192.168.2.23221.178.168.238
    Jan 21, 2022 04:23:08.259437084 CET1187123192.168.2.2334.139.149.153
    Jan 21, 2022 04:23:08.259447098 CET1187123192.168.2.234.197.41.27
    Jan 21, 2022 04:23:08.259460926 CET1187123192.168.2.23195.175.181.181
    Jan 21, 2022 04:23:08.259469032 CET1187123192.168.2.23190.63.92.82
    Jan 21, 2022 04:23:08.259478092 CET1187123192.168.2.23194.214.238.184
    Jan 21, 2022 04:23:08.259500027 CET1187123192.168.2.2317.44.15.59
    Jan 21, 2022 04:23:08.259516954 CET1187123192.168.2.23201.90.200.182
    Jan 21, 2022 04:23:08.259593010 CET1187123192.168.2.2313.192.116.34
    Jan 21, 2022 04:23:08.259603977 CET1187123192.168.2.2385.128.164.186
    Jan 21, 2022 04:23:08.259649038 CET1187123192.168.2.23136.73.70.26
    Jan 21, 2022 04:23:08.259664059 CET1187123192.168.2.2353.192.169.188
    Jan 21, 2022 04:23:08.259670019 CET1187123192.168.2.2368.25.32.190
    Jan 21, 2022 04:23:08.259681940 CET1187123192.168.2.23189.205.152.230
    Jan 21, 2022 04:23:08.259697914 CET1187123192.168.2.23242.135.133.198
    Jan 21, 2022 04:23:08.259706020 CET1187123192.168.2.23101.239.10.222
    Jan 21, 2022 04:23:08.259722948 CET1187123192.168.2.23111.217.134.32
    Jan 21, 2022 04:23:08.259725094 CET1187123192.168.2.23110.124.236.108
    Jan 21, 2022 04:23:08.259748936 CET1187123192.168.2.23106.65.80.79
    Jan 21, 2022 04:23:08.259865999 CET1187123192.168.2.23146.104.219.38
    Jan 21, 2022 04:23:08.259974957 CET1187123192.168.2.23185.113.75.224
    Jan 21, 2022 04:23:08.259984970 CET1187123192.168.2.23103.195.21.159
    Jan 21, 2022 04:23:08.259995937 CET1187123192.168.2.2314.145.191.113
    Jan 21, 2022 04:23:08.260010004 CET1187123192.168.2.23144.29.54.166
    Jan 21, 2022 04:23:08.260010958 CET1187123192.168.2.23184.21.29.37
    Jan 21, 2022 04:23:08.260014057 CET1187123192.168.2.23218.239.41.246
    Jan 21, 2022 04:23:08.260029078 CET1187123192.168.2.2320.252.21.243
    Jan 21, 2022 04:23:08.260073900 CET1187123192.168.2.23152.86.30.52
    Jan 21, 2022 04:23:08.260101080 CET1187123192.168.2.2327.111.111.209
    Jan 21, 2022 04:23:08.260130882 CET1187123192.168.2.23172.70.36.76
    Jan 21, 2022 04:23:08.260149002 CET1187123192.168.2.23144.21.214.131
    Jan 21, 2022 04:23:08.260153055 CET1187123192.168.2.23126.28.65.104
    Jan 21, 2022 04:23:08.260168076 CET1187123192.168.2.23106.163.252.47
    Jan 21, 2022 04:23:08.260215044 CET1187123192.168.2.23153.169.100.124
    Jan 21, 2022 04:23:08.260236979 CET1187123192.168.2.23206.184.142.125
    Jan 21, 2022 04:23:08.260255098 CET1187123192.168.2.23151.56.142.182
    Jan 21, 2022 04:23:08.260293961 CET1187123192.168.2.23101.47.112.12
    Jan 21, 2022 04:23:08.260301113 CET1187123192.168.2.23159.144.114.223
    Jan 21, 2022 04:23:08.260313988 CET1187123192.168.2.23166.68.58.211
    Jan 21, 2022 04:23:08.260327101 CET1187123192.168.2.23125.20.86.122
    Jan 21, 2022 04:23:08.260340929 CET1187123192.168.2.2381.146.248.146
    Jan 21, 2022 04:23:08.260341883 CET1187123192.168.2.2390.169.140.96
    Jan 21, 2022 04:23:08.260360003 CET1187123192.168.2.23253.60.149.247
    Jan 21, 2022 04:23:08.260411024 CET1187123192.168.2.23157.54.76.134
    Jan 21, 2022 04:23:08.260428905 CET1187123192.168.2.2365.105.205.235
    Jan 21, 2022 04:23:08.260431051 CET1187123192.168.2.2378.27.2.231
    Jan 21, 2022 04:23:08.260437012 CET1187123192.168.2.23251.216.109.206
    Jan 21, 2022 04:23:08.260468960 CET1187123192.168.2.23146.183.118.68
    Jan 21, 2022 04:23:08.260473013 CET1187123192.168.2.231.75.177.251
    Jan 21, 2022 04:23:08.260488987 CET1187123192.168.2.2385.156.100.106
    Jan 21, 2022 04:23:08.260499001 CET1187123192.168.2.23149.75.151.159
    Jan 21, 2022 04:23:08.260569096 CET1187123192.168.2.2367.29.228.5
    Jan 21, 2022 04:23:08.260597944 CET1187123192.168.2.23220.240.119.2

    System Behavior

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:/tmp/QuSDT8cmP0
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:16
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:21
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:21
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

    General

    Start time:04:23:07
    Start date:21/01/2022
    Path:/tmp/QuSDT8cmP0
    Arguments:n/a
    File size:4379400 bytes
    MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e