Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
CLqMCUCXCO

Overview

General Information

Sample Name:CLqMCUCXCO
Analysis ID:680646
MD5:0d9bef8f8f3122657c1861adf01c3eab
SHA1:1f9e60bbbbf572cd3fb8f79004bacd0cdb624fc8
SHA256:a0ef9bb1cde6cc4d41a0a4a594c631763bbfa93ee76879b372fd61a466f85590
Tags:32elfintelmirai
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:680646
Start date and time: 08/08/202223:11:372022-08-08 23:11:37 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 40s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:CLqMCUCXCO
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal80.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/CLqMCUCXCO
PID:6225
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6320.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6320.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xd2a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd304:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd318:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd32c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd340:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd354:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd368:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd37c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd390:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd408:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd41c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd430:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6320.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xd7f8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      6320.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x5710:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      6320.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0xa482:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      Click to see the 67 entries

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: CLqMCUCXCOVirustotal: Detection: 39%Perma Link
      Source: CLqMCUCXCOReversingLabs: Detection: 56%

      Networking

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34898
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34902
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34904
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34906
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34908
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34910
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34914
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34920
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34922
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34924
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47468
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33356
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47476
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33364
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47490
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33382
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47510
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33398
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47526
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33416
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47544
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33434
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47558
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33452
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47576
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47610
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33468
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:35686 -> 208.67.106.33:1312
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
      Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
      Source: unknownTCP traffic detected without corresponding DNS query: 216.238.6.157
      Source: unknownTCP traffic detected without corresponding DNS query: 193.222.225.203
      Source: unknownTCP traffic detected without corresponding DNS query: 173.93.243.238
      Source: unknownTCP traffic detected without corresponding DNS query: 14.142.27.238
      Source: unknownTCP traffic detected without corresponding DNS query: 105.113.115.234
      Source: unknownTCP traffic detected without corresponding DNS query: 194.108.126.192
      Source: unknownTCP traffic detected without corresponding DNS query: 192.118.221.238
      Source: unknownTCP traffic detected without corresponding DNS query: 88.194.28.101
      Source: unknownTCP traffic detected without corresponding DNS query: 156.200.46.160
      Source: unknownTCP traffic detected without corresponding DNS query: 182.186.55.42
      Source: unknownTCP traffic detected without corresponding DNS query: 88.102.28.20
      Source: unknownTCP traffic detected without corresponding DNS query: 76.150.75.232
      Source: unknownTCP traffic detected without corresponding DNS query: 157.236.197.17
      Source: unknownTCP traffic detected without corresponding DNS query: 242.62.26.3
      Source: unknownTCP traffic detected without corresponding DNS query: 151.82.111.200
      Source: unknownTCP traffic detected without corresponding DNS query: 255.93.218.27
      Source: unknownTCP traffic detected without corresponding DNS query: 212.200.151.190
      Source: unknownTCP traffic detected without corresponding DNS query: 85.45.75.175
      Source: unknownTCP traffic detected without corresponding DNS query: 178.73.49.128
      Source: unknownTCP traffic detected without corresponding DNS query: 73.227.125.113
      Source: unknownTCP traffic detected without corresponding DNS query: 60.128.75.231
      Source: unknownTCP traffic detected without corresponding DNS query: 4.50.213.103
      Source: unknownTCP traffic detected without corresponding DNS query: 191.25.124.91
      Source: unknownTCP traffic detected without corresponding DNS query: 5.187.160.20
      Source: unknownTCP traffic detected without corresponding DNS query: 62.90.144.79
      Source: unknownTCP traffic detected without corresponding DNS query: 241.15.202.109
      Source: unknownTCP traffic detected without corresponding DNS query: 142.198.249.105
      Source: unknownTCP traffic detected without corresponding DNS query: 182.144.241.148
      Source: unknownTCP traffic detected without corresponding DNS query: 212.24.89.19
      Source: unknownTCP traffic detected without corresponding DNS query: 193.163.154.242
      Source: unknownTCP traffic detected without corresponding DNS query: 70.196.63.223
      Source: unknownTCP traffic detected without corresponding DNS query: 19.98.196.122
      Source: unknownTCP traffic detected without corresponding DNS query: 97.27.119.128
      Source: unknownTCP traffic detected without corresponding DNS query: 97.209.93.176
      Source: unknownTCP traffic detected without corresponding DNS query: 199.41.101.235
      Source: unknownTCP traffic detected without corresponding DNS query: 60.0.192.116
      Source: unknownTCP traffic detected without corresponding DNS query: 76.137.213.110
      Source: unknownTCP traffic detected without corresponding DNS query: 8.254.207.131
      Source: unknownTCP traffic detected without corresponding DNS query: 18.169.146.139
      Source: unknownTCP traffic detected without corresponding DNS query: 72.234.45.186
      Source: unknownTCP traffic detected without corresponding DNS query: 24.24.124.11
      Source: unknownTCP traffic detected without corresponding DNS query: 4.223.42.138
      Source: unknownTCP traffic detected without corresponding DNS query: 61.129.55.206
      Source: unknownTCP traffic detected without corresponding DNS query: 109.107.180.59
      Source: unknownTCP traffic detected without corresponding DNS query: 189.85.92.8
      Source: unknownTCP traffic detected without corresponding DNS query: 12.92.82.171
      Source: unknownTCP traffic detected without corresponding DNS query: 197.199.123.254
      Source: unknownTCP traffic detected without corresponding DNS query: 35.206.96.107
      Source: CLqMCUCXCOString found in binary or memory: http://upx.sf.net

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: LOAD without section mappingsProgram segment: 0xc01000
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: /tmp/CLqMCUCXCO (PID: 6226)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/CLqMCUCXCO (PID: 6229)SIGKILL sent: pid: 936, result: successful
      Source: classification engineClassification label: mal80.troj.evad.lin@0/0@0/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/491/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/793/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/772/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/796/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/774/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/797/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/777/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/799/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/658/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/6226/exe
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/912/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/759/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/936/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/918/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/1/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/761/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/785/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/884/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/720/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/721/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/788/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/789/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/800/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/801/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/847/fd
      Source: /tmp/CLqMCUCXCO (PID: 6226)File opened: /proc/904/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/491/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/793/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/772/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/796/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/774/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/797/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/777/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/799/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/658/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/6229/exe
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/912/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/759/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/936/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/918/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/1/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/761/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/785/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/884/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/720/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/721/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/788/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/789/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/800/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/801/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/847/fd
      Source: /tmp/CLqMCUCXCO (PID: 6229)File opened: /proc/904/fd

      Hooking and other Techniques for Hiding and Protection

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34898
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34902
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34904
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34906
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34908
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34910
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34914
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34920
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34922
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 34924
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47468
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33356
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47476
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33364
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47490
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33382
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47510
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33398
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47526
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33416
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47544
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33434
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47558
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33452
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47576
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47610
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 33468
      Source: CLqMCUCXCOSubmission file: segment LOAD with 7.8712 entropy (max. 8.0)

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: dump.pcap, type: PCAP

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6320.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6322.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6230.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6327.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6226.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6227.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: dump.pcap, type: PCAP

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
      Non-Standard Port      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
      Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680646 Sample: CLqMCUCXCO Startdate: 08/08/2022 Architecture: LINUX Score: 80 42 162.40.95.242, 23 WINDSTREAMUS United States 2->42 44 27.72.190.215 VIETEL-AS-APViettelGroupVN Viet Nam 2->44 46 98 other IPs or domains 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 2 other signatures 2->54 10 CLqMCUCXCO 2->10         started        signatures3 process4 process5 12 CLqMCUCXCO 10->12         started        14 CLqMCUCXCO 10->14         started        16 CLqMCUCXCO 10->16         started        process6 18 CLqMCUCXCO 12->18         started        20 CLqMCUCXCO 12->20         started        22 CLqMCUCXCO 14->22         started        24 CLqMCUCXCO 14->24         started        26 CLqMCUCXCO 14->26         started        process7 28 CLqMCUCXCO 18->28         started        30 CLqMCUCXCO 18->30         started        32 CLqMCUCXCO 18->32         started        34 CLqMCUCXCO 22->34         started        36 CLqMCUCXCO 22->36         started        process8 38 CLqMCUCXCO 28->38         started        40 CLqMCUCXCO 28->40         started       

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      CLqMCUCXCO39%VirustotalBrowse
      CLqMCUCXCO56%ReversingLabsLinux.Trojan.Mirai

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netCLqMCUCXCOfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        42.69.171.161
        		unknownTaiwan; Republic of China (ROC)
        		4249LILLY-ASUSfalse
        172.38.84.30
        		unknownUnited States
        		21928T-MOBILE-AS21928USfalse
        34.59.214.73
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        209.27.25.134
        		unknownUnited States
        		3561CENTURYLINK-LEGACY-SAVVISUSfalse
        114.3.148.80
        		unknownIndonesia
        		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
        4.69.47.238
        		unknownUnited States
        		3356LEVEL3USfalse
        177.153.108.0
        		unknownBrazil
        		27715LocawebServicosdeInternetSABRfalse
        73.12.240.93
        		unknownUnited States
        		7922COMCAST-7922USfalse
        111.18.78.21
        		unknownChina
        		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
        145.149.36.228
        		unknownNetherlands
        		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
        174.146.78.98
        		unknownUnited States
        		10507SPCSUSfalse
        219.56.55.60
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        119.167.80.219
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        162.40.95.242
        		unknownUnited States
        		7029WINDSTREAMUSfalse
        67.114.131.14
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        42.63.8.28
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        179.187.164.239
        		unknownBrazil
        		18881TELEFONICABRASILSABRfalse
        199.15.84.104
        		unknownCanada
        		21775AS-AFILIAS-REGISTRY-SERVICESCAfalse
        104.126.211.58
        		unknownUnited States
        		16625AKAMAI-ASUSfalse
        44.11.16.27
        		unknownUnited States
        		7377UCSDUSfalse
        20.220.220.209
        		unknownUnited States
        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        24.226.21.21
        		unknownCanada
        		7992COGECOWAVECAfalse
        252.235.157.209
        		unknownReserved
        		unknownunknownfalse
        185.119.218.28
        		unknownCzech Republic
        		198167APPTOCLOUDAppToCloudserversvpsCZfalse
        116.188.238.145
        		unknownChina
        		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
        196.24.228.7
        		unknownSouth Africa
        		36982UCTZAfalse
        169.9.204.201
        		unknownUnited States
        		203CENTURYLINK-LEGACY-LVLT-203USfalse
        185.110.97.136
        		unknownFrance
        		21212SIGFOXFRfalse
        126.73.1.19
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        112.236.34.178
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        255.15.2.172
        		unknownReserved
        		unknownunknownfalse
        161.79.55.185
        		unknownBrazil
        		2715FundacaoCarlosChagasFilhodeAmparoaPesquisaBRfalse
        44.155.182.240
        		unknownUnited States
        		1213HEANETIEfalse
        153.74.2.118
        		unknownUnited States
        		14962NCR-252USfalse
        177.227.216.188
        		unknownMexico
        		13999MegaCableSAdeCVMXfalse
        208.240.166.235
        		unknownUnited States
        		4208THE-ISERV-COMPANYUSfalse
        105.219.30.252
        		unknownSouth Africa
        		16637MTNNS-ASZAfalse
        101.161.253.77
        		unknownAustralia
        		1221ASN-TELSTRATelstraCorporationLtdAUfalse
        146.150.30.12
        		unknownUnited States
        		15169GOOGLEUSfalse
        111.75.79.72
        		unknownChina
        		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
        44.135.83.109
        		unknownUnited States
        		7377UCSDUSfalse
        69.1.193.170
        		unknownUnited States
        		26091INDDCUSfalse
        74.218.42.85
        		unknownUnited States
        		10796TWC-10796-MIDWESTUSfalse
        211.106.91.154
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        206.52.224.241
        		unknownUnited States
        		2914NTT-COMMUNICATIONS-2914USfalse
        48.11.106.104
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        46.205.80.66
        		unknownPoland
        		12912TMPLfalse
        107.5.192.223
        		unknownUnited States
        		7922COMCAST-7922USfalse
        45.106.6.110
        		unknownEgypt
        		37069MOBINILEGfalse
        184.193.182.209
        		unknownUnited States
        		10507SPCSUSfalse
        1.17.85.122
        		unknownKorea Republic of
        		45996GNJ-AS-KRDAOUTECHNOLOGYKRfalse
        167.97.21.240
        		unknownUnited States
        		2055LSU-1USfalse
        103.232.214.0
        		unknownChina
        		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKfalse
        105.230.56.164
        		unknownKenya
        		36926CKL1-ASNKEfalse
        96.135.51.166
        		unknownUnited States
        		7922COMCAST-7922USfalse
        180.21.226.128
        		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
        86.55.160.156
        		unknownIran (ISLAMIC Republic Of)
        		197207MCCI-ASIRfalse
        144.28.237.126
        		unknownUnited States
        		58541CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CNfalse
        84.26.62.18
        		unknownNetherlands
        		33915TNF-ASNLfalse
        251.66.133.29
        		unknownReserved
        		unknownunknownfalse
        251.150.175.57
        		unknownReserved
        		unknownunknownfalse
        86.158.230.107
        		unknownUnited Kingdom
        		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
        112.175.44.174
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        120.63.148.81
        		unknownIndia
        		17813MTNL-APMahanagarTelephoneNigamLimitedINfalse
        167.170.59.192
        		unknownUnited States
        		59447SAYFANETTRfalse
        218.159.110.4
        		unknownKorea Republic of
        		4766KIXS-AS-KRKoreaTelecomKRfalse
        172.198.108.117
        		unknownAustralia
        		18747IFX18747USfalse
        209.95.232.103
        		unknownUnited States
        		10676GLOBALECUSfalse
        221.130.31.143
        		unknownChina
        		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
        202.175.229.220
        		unknownPhilippines
        		9658ETPI-IDS-AS-APEasternTelecomsPhilsIncPHfalse
        125.255.115.5
        		unknownJapan1221ASN-TELSTRATelstraCorporationLtdAUfalse
        207.63.247.0
        		unknownUnited States
        		6325ILLINOIS-CENTURYUSfalse
        253.80.95.162
        		unknownReserved
        		unknownunknownfalse
        80.221.104.15
        		unknownFinland
        		1759TSF-IP-CORETeliaFinlandOyjEUfalse
        48.239.46.98
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        102.216.30.96
        		unknownunknown
        		36926CKL1-ASNKEfalse
        71.62.22.214
        		unknownUnited States
        		7922COMCAST-7922USfalse
        187.18.78.229
        		unknownBrazil
        		22689SercomtelParticipacoesSABRfalse
        79.19.93.106
        		unknownItaly
        		3269ASN-IBSNAZITfalse
        158.220.98.173
        		unknownSwitzerland
        		8556LEVANTISCHfalse
        166.177.101.119
        		unknownUnited States
        		20057ATT-MOBILITY-LLC-AS20057USfalse
        123.13.43.130
        		unknownChina
        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
        219.179.242.156
        		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
        249.172.233.233
        		unknownReserved
        		unknownunknownfalse
        212.167.96.87
        		unknownEuropean Union
        		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
        188.23.65.155
        		unknownAustria
        		8447TELEKOM-ATA1TelekomAustriaAGATfalse
        23.33.161.135
        		unknownUnited States
        		16625AKAMAI-ASUSfalse
        118.193.69.175
        		unknownChina
        		4847CNIX-APChinaNetworksInter-ExchangeCNfalse
        205.176.123.6
        		unknownUnited States
        		8103STATE-OF-FLAUSfalse
        27.72.190.215
        		unknownViet Nam
        		7552VIETEL-AS-APViettelGroupVNfalse
        156.14.91.243
        		unknownItaly
        		137ASGARRConsortiumGARREUfalse
        144.91.156.168
        		unknownJapan131952POTATO-NETAsahikawaCableTelevisionCoLtdJPfalse
        245.115.229.77
        		unknownReserved
        		unknownunknownfalse
        71.69.198.211
        		unknownUnited States
        		11426TWC-11426-CAROLINASUSfalse
        42.139.61.221
        		unknownChina
        		4249LILLY-ASUSfalse
        155.25.247.223
        		unknownUnited States
        		1556DNIC-ASBLK-01550-01601USfalse
        203.153.248.73
        		unknownAustralia
        		9822AMNET-AU-APAmnetITServicesPtyLtdAUfalse
        109.173.24.136
        		unknownRussian Federation
        		42610NCNET-ASRUfalse
        115.40.220.193
        		unknownKorea Republic of
        		9845CJCKN-AS-KRLGHelloVisionCorpKRfalse
        5.53.131.174
        		unknownBulgaria
        		13124IBGCBGfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
        Entropy (8bit):7.86648515722169
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:CLqMCUCXCO
        File size:27712
        MD5:0d9bef8f8f3122657c1861adf01c3eab
        SHA1:1f9e60bbbbf572cd3fb8f79004bacd0cdb624fc8
        SHA256:a0ef9bb1cde6cc4d41a0a4a594c631763bbfa93ee76879b372fd61a466f85590
        SHA512:4643472e4ef2edb069bdc7a8fd18528ecf2ecc639a5786c3b9e878039b3faf42fa1b9eb52e70c665d0cc7351df75c80a2619ccb2ac97977fe17e657b51646463
        SSDEEP:768:u5+Kcrb9VDJeS2KTgdTHOBcK5ZCAySapo:hlrb9ve2Tg9QB5VGq
        TLSH:1FC2E1A360F6CD03C4F2837A1E3D59A621606439634DDE2E77AA5BC837460E4657ECCB
        File Content Preview:.ELF....................Hs..4...........4. ...(.....................Ck..Ck...................~...~..................Q.td................................UPX!........P...P......._........?d..ELF.......d.......4....4. (.......k.-.#. ......sw....$..w..\.\..A.

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:Intel 80386
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - Linux
        ABI Version:0
        Entry Point Address:0xc07348
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:0
        Section Header Size:40
        Number of Section Headers:0
        Header String Table Index:0

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00xc010000xc010000x6b430x6b437.87120x5R E0x1000
        LOAD0xe800x8057e800x8057e800x00x00.00000x6RW 0x1000
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Aug 8, 2022 23:12:24.708820105 CEST42836443192.168.2.2391.189.91.43
        Aug 8, 2022 23:12:25.310239077 CEST356861312192.168.2.23208.67.106.33
        Aug 8, 2022 23:12:25.311868906 CEST5003023192.168.2.23216.238.6.157
        Aug 8, 2022 23:12:25.311927080 CEST5003023192.168.2.23193.222.225.203
        Aug 8, 2022 23:12:25.311928034 CEST5003023192.168.2.23173.93.243.238
        Aug 8, 2022 23:12:25.311928034 CEST5003023192.168.2.2314.142.27.238
        Aug 8, 2022 23:12:25.311942101 CEST5003023192.168.2.23105.113.115.234
        Aug 8, 2022 23:12:25.311953068 CEST5003023192.168.2.23194.108.126.192
        Aug 8, 2022 23:12:25.311956882 CEST5003023192.168.2.23192.118.221.238
        Aug 8, 2022 23:12:25.311989069 CEST5003023192.168.2.2388.194.28.101
        Aug 8, 2022 23:12:25.311990976 CEST5003023192.168.2.23156.200.46.160
        Aug 8, 2022 23:12:25.311995983 CEST5003023192.168.2.23182.186.55.42
        Aug 8, 2022 23:12:25.312000990 CEST5003023192.168.2.2388.102.28.20
        Aug 8, 2022 23:12:25.312004089 CEST5003023192.168.2.2376.150.75.232
        Aug 8, 2022 23:12:25.312006950 CEST5003023192.168.2.23157.236.197.17
        Aug 8, 2022 23:12:25.312005997 CEST5003023192.168.2.23242.62.26.3
        Aug 8, 2022 23:12:25.312031984 CEST5003023192.168.2.23151.82.111.200
        Aug 8, 2022 23:12:25.312120914 CEST5003023192.168.2.23255.93.218.27
        Aug 8, 2022 23:12:25.312123060 CEST5003023192.168.2.23212.200.151.190
        Aug 8, 2022 23:12:25.312125921 CEST5003023192.168.2.2385.45.75.175
        Aug 8, 2022 23:12:25.312125921 CEST5003023192.168.2.23178.73.49.128
        Aug 8, 2022 23:12:25.312130928 CEST5003023192.168.2.2373.227.125.113
        Aug 8, 2022 23:12:25.312133074 CEST5003023192.168.2.2360.128.75.231
        Aug 8, 2022 23:12:25.312138081 CEST5003023192.168.2.234.50.213.103
        Aug 8, 2022 23:12:25.312149048 CEST5003023192.168.2.23191.25.124.91
        Aug 8, 2022 23:12:25.312153101 CEST5003023192.168.2.235.187.160.20
        Aug 8, 2022 23:12:25.312155008 CEST5003023192.168.2.2362.90.144.79
        Aug 8, 2022 23:12:25.312165022 CEST5003023192.168.2.23241.15.202.109
        Aug 8, 2022 23:12:25.312167883 CEST5003023192.168.2.23142.198.249.105
        Aug 8, 2022 23:12:25.312172890 CEST5003023192.168.2.23182.144.241.148
        Aug 8, 2022 23:12:25.312179089 CEST5003023192.168.2.23212.24.89.19
        Aug 8, 2022 23:12:25.312180996 CEST5003023192.168.2.23193.163.154.242
        Aug 8, 2022 23:12:25.312191963 CEST5003023192.168.2.2370.196.63.223
        Aug 8, 2022 23:12:25.312196016 CEST5003023192.168.2.2319.98.196.122
        Aug 8, 2022 23:12:25.312196970 CEST5003023192.168.2.2397.27.119.128
        Aug 8, 2022 23:12:25.312199116 CEST5003023192.168.2.2397.209.93.176
        Aug 8, 2022 23:12:25.312196970 CEST5003023192.168.2.23199.41.101.235
        Aug 8, 2022 23:12:25.312215090 CEST5003023192.168.2.2360.0.192.116
        Aug 8, 2022 23:12:25.312217951 CEST5003023192.168.2.2376.137.213.110
        Aug 8, 2022 23:12:25.312221050 CEST5003023192.168.2.238.254.207.131
        Aug 8, 2022 23:12:25.312227964 CEST5003023192.168.2.2318.169.146.139
        Aug 8, 2022 23:12:25.312232971 CEST5003023192.168.2.2372.234.45.186
        Aug 8, 2022 23:12:25.312237978 CEST5003023192.168.2.2324.24.124.11
        Aug 8, 2022 23:12:25.312243938 CEST5003023192.168.2.234.223.42.138
        Aug 8, 2022 23:12:25.312247992 CEST5003023192.168.2.2361.129.55.206
        Aug 8, 2022 23:12:25.312252045 CEST5003023192.168.2.23109.107.180.59
        Aug 8, 2022 23:12:25.312254906 CEST5003023192.168.2.23189.85.92.8
        Aug 8, 2022 23:12:25.312256098 CEST5003023192.168.2.2312.92.82.171
        Aug 8, 2022 23:12:25.312261105 CEST5003023192.168.2.23197.199.123.254
        Aug 8, 2022 23:12:25.312264919 CEST5003023192.168.2.2335.206.96.107
        Aug 8, 2022 23:12:25.312272072 CEST5003023192.168.2.23101.35.146.77
        Aug 8, 2022 23:12:25.312273979 CEST5003023192.168.2.2334.166.201.203
        Aug 8, 2022 23:12:25.312273979 CEST5003023192.168.2.23166.38.143.197
        Aug 8, 2022 23:12:25.312278986 CEST5003023192.168.2.23142.92.55.144
        Aug 8, 2022 23:12:25.312283993 CEST5003023192.168.2.23116.115.164.147
        Aug 8, 2022 23:12:25.312289000 CEST5003023192.168.2.2344.99.139.63
        Aug 8, 2022 23:12:25.312290907 CEST5003023192.168.2.23106.41.121.177
        Aug 8, 2022 23:12:25.312294960 CEST5003023192.168.2.23105.138.13.14
        Aug 8, 2022 23:12:25.312299013 CEST5003023192.168.2.23109.4.197.231
        Aug 8, 2022 23:12:25.312308073 CEST5003023192.168.2.23151.120.246.219
        Aug 8, 2022 23:12:25.312309027 CEST5003023192.168.2.23117.210.163.11
        Aug 8, 2022 23:12:25.312309980 CEST5003023192.168.2.23221.0.154.178
        Aug 8, 2022 23:12:25.312311888 CEST5003023192.168.2.2334.15.59.115
        Aug 8, 2022 23:12:25.312314034 CEST5003023192.168.2.2357.9.123.183
        Aug 8, 2022 23:12:25.312314987 CEST5003023192.168.2.23203.57.214.228
        Aug 8, 2022 23:12:25.312316895 CEST5003023192.168.2.23160.162.243.107
        Aug 8, 2022 23:12:25.312328100 CEST5003023192.168.2.2353.88.154.86
        Aug 8, 2022 23:12:25.312334061 CEST5003023192.168.2.2316.154.79.246
        Aug 8, 2022 23:12:25.312345028 CEST5003023192.168.2.23169.114.217.114
        Aug 8, 2022 23:12:25.312346935 CEST5003023192.168.2.23174.202.99.200
        Aug 8, 2022 23:12:25.312349081 CEST5003023192.168.2.23154.1.239.6
        Aug 8, 2022 23:12:25.312359095 CEST5003023192.168.2.2365.129.72.40
        Aug 8, 2022 23:12:25.312366962 CEST5003023192.168.2.2376.26.211.48
        Aug 8, 2022 23:12:25.312370062 CEST5003023192.168.2.23198.21.106.22
        Aug 8, 2022 23:12:25.312371969 CEST5003023192.168.2.23204.211.155.78
        Aug 8, 2022 23:12:25.312378883 CEST5003023192.168.2.23163.46.125.223
        Aug 8, 2022 23:12:25.312382936 CEST5003023192.168.2.23169.196.220.91
        Aug 8, 2022 23:12:25.312392950 CEST5003023192.168.2.23163.207.244.201
        Aug 8, 2022 23:12:25.312401056 CEST5003023192.168.2.23185.75.29.16
        Aug 8, 2022 23:12:25.312417030 CEST5003023192.168.2.23135.68.0.191
        Aug 8, 2022 23:12:25.312494040 CEST5003023192.168.2.2390.85.208.6
        Aug 8, 2022 23:12:25.312546015 CEST5003023192.168.2.23249.75.207.5
        Aug 8, 2022 23:12:25.312551975 CEST5003023192.168.2.23204.47.246.248
        Aug 8, 2022 23:12:25.312557936 CEST5003023192.168.2.23139.222.73.113
        Aug 8, 2022 23:12:25.312568903 CEST5003023192.168.2.23194.155.71.66
        Aug 8, 2022 23:12:25.312575102 CEST5003023192.168.2.2332.4.61.100
        Aug 8, 2022 23:12:25.312580109 CEST5003023192.168.2.2389.166.23.21
        Aug 8, 2022 23:12:25.312581062 CEST5003023192.168.2.23125.217.251.80
        Aug 8, 2022 23:12:25.312583923 CEST5003023192.168.2.23193.57.36.99
        Aug 8, 2022 23:12:25.312597036 CEST5003023192.168.2.23176.73.18.160
        Aug 8, 2022 23:12:25.312601089 CEST5003023192.168.2.235.206.13.37
        Aug 8, 2022 23:12:25.312603951 CEST5003023192.168.2.2381.164.159.221
        Aug 8, 2022 23:12:25.312606096 CEST5003023192.168.2.2361.149.52.85
        Aug 8, 2022 23:12:25.312607050 CEST5003023192.168.2.2366.31.66.146
        Aug 8, 2022 23:12:25.312617064 CEST5003023192.168.2.2378.109.23.60
        Aug 8, 2022 23:12:25.312624931 CEST5003023192.168.2.23141.45.89.140
        Aug 8, 2022 23:12:25.312633038 CEST5003023192.168.2.2345.102.25.123
        Aug 8, 2022 23:12:25.312686920 CEST5003023192.168.2.23160.104.112.134
        Aug 8, 2022 23:12:25.312700033 CEST5003023192.168.2.23106.208.171.48
        Aug 8, 2022 23:12:25.312714100 CEST5003023192.168.2.23151.0.37.132

        System Behavior

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:/tmp/CLqMCUCXCO
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:21
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:21
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:15:16
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab

        General

        Start time:23:12:24
        Start date:08/08/2022
        Path:/tmp/CLqMCUCXCO
        Arguments:n/a
        File size:27712 bytes
        MD5 hash:0d9bef8f8f3122657c1861adf01c3eab