Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
YbuW0MHZo0

Overview

General Information

Sample Name:YbuW0MHZo0
Analysis ID:680649
MD5:dcdd462eaf76769b9a0b79640b98065b
SHA1:df86c4b2b98e4f540d31ff8bba0c2d5beda8b9e6
SHA256:12bcdc291270a3506825c13eaa2efb0f6f4a4304a504db2ed3a427414adca191
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara signature match
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:680649
Start date and time: 08/08/202223:22:332022-08-08 23:22:33 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 50s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:YbuW0MHZo0
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.troj.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: YbuW0MHZo0

Runtime Messages

Command:/tmp/YbuW0MHZo0
PID:6225
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
YbuW0MHZo0JoeSecurity_Mirai_8Yara detected MiraiJoe Security
    YbuW0MHZo0Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xe858:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe86c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe880:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe894:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe8a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe8bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe8d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe8e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe8f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe90c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe920:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe934:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe948:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe95c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe970:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe984:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe998:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe9ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe9c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe9d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe9e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    YbuW0MHZo0Linux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xeda9:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6338.1.00007fc900001000.00007fc900011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6338.1.00007fc900001000.00007fc900011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xe858:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe86c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe880:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe894:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe8f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe90c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe920:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe934:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe948:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe95c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe970:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe984:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe998:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe9e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        6338.1.00007fc900001000.00007fc900011000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0xeda9:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        6228.1.00007fc900001000.00007fc900011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6228.1.00007fc900001000.00007fc900011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0xe858:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe86c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe880:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe894:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe8a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe8bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe8d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe8e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe8f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe90c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe920:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe934:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe948:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe95c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe970:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe984:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe998:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe9ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe9c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe9d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0xe9e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          Click to see the 32 entries

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: YbuW0MHZo0ReversingLabs: Detection: 58%

          Networking

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37552
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37554
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37560
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37562
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37564
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37580
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37588
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37590
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37594
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37596
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50454
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50464
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50468
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50478
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50492
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50500
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50508
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50512
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50520
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50526
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:35686 -> 208.67.106.33:1312
          Source: /tmp/YbuW0MHZo0 (PID: 6227)Socket: 0.0.0.0::0
          Source: /tmp/YbuW0MHZo0 (PID: 6233)Socket: 0.0.0.0::0
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
          Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
          Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
          Source: unknownTCP traffic detected without corresponding DNS query: 196.170.136.68
          Source: unknownTCP traffic detected without corresponding DNS query: 245.132.102.68
          Source: unknownTCP traffic detected without corresponding DNS query: 112.83.63.71
          Source: unknownTCP traffic detected without corresponding DNS query: 4.167.50.63
          Source: unknownTCP traffic detected without corresponding DNS query: 67.36.87.188
          Source: unknownTCP traffic detected without corresponding DNS query: 169.85.79.120
          Source: unknownTCP traffic detected without corresponding DNS query: 1.239.196.71
          Source: unknownTCP traffic detected without corresponding DNS query: 83.117.153.224
          Source: unknownTCP traffic detected without corresponding DNS query: 197.185.41.215
          Source: unknownTCP traffic detected without corresponding DNS query: 124.157.138.126
          Source: unknownTCP traffic detected without corresponding DNS query: 190.66.148.224
          Source: unknownTCP traffic detected without corresponding DNS query: 126.22.206.196
          Source: unknownTCP traffic detected without corresponding DNS query: 99.156.169.200
          Source: unknownTCP traffic detected without corresponding DNS query: 18.53.233.110
          Source: unknownTCP traffic detected without corresponding DNS query: 188.108.138.201
          Source: unknownTCP traffic detected without corresponding DNS query: 34.234.169.82
          Source: unknownTCP traffic detected without corresponding DNS query: 221.120.38.74
          Source: unknownTCP traffic detected without corresponding DNS query: 97.2.90.224
          Source: unknownTCP traffic detected without corresponding DNS query: 171.202.187.251
          Source: unknownTCP traffic detected without corresponding DNS query: 47.165.49.88
          Source: unknownTCP traffic detected without corresponding DNS query: 68.217.223.13
          Source: unknownTCP traffic detected without corresponding DNS query: 152.177.235.87
          Source: unknownTCP traffic detected without corresponding DNS query: 147.190.44.36
          Source: unknownTCP traffic detected without corresponding DNS query: 54.61.26.60
          Source: unknownTCP traffic detected without corresponding DNS query: 240.47.184.158
          Source: unknownTCP traffic detected without corresponding DNS query: 181.41.39.58
          Source: unknownTCP traffic detected without corresponding DNS query: 166.248.45.146
          Source: unknownTCP traffic detected without corresponding DNS query: 51.6.115.216
          Source: unknownTCP traffic detected without corresponding DNS query: 57.8.108.210
          Source: unknownTCP traffic detected without corresponding DNS query: 192.21.18.123
          Source: unknownTCP traffic detected without corresponding DNS query: 19.78.235.43
          Source: unknownTCP traffic detected without corresponding DNS query: 158.201.76.226
          Source: unknownTCP traffic detected without corresponding DNS query: 78.194.127.69
          Source: unknownTCP traffic detected without corresponding DNS query: 147.136.242.170
          Source: unknownTCP traffic detected without corresponding DNS query: 36.153.170.0
          Source: unknownTCP traffic detected without corresponding DNS query: 2.140.111.138
          Source: unknownTCP traffic detected without corresponding DNS query: 244.219.122.145
          Source: unknownTCP traffic detected without corresponding DNS query: 115.98.28.224
          Source: unknownTCP traffic detected without corresponding DNS query: 133.23.127.158
          Source: unknownTCP traffic detected without corresponding DNS query: 173.8.125.55
          Source: unknownTCP traffic detected without corresponding DNS query: 254.244.172.213
          Source: unknownTCP traffic detected without corresponding DNS query: 63.107.217.24
          Source: unknownTCP traffic detected without corresponding DNS query: 247.160.16.17
          Source: unknownTCP traffic detected without corresponding DNS query: 48.20.227.50
          Source: unknownTCP traffic detected without corresponding DNS query: 57.36.66.79
          Source: unknownTCP traffic detected without corresponding DNS query: 91.58.184.30
          Source: unknownTCP traffic detected without corresponding DNS query: 208.115.222.147

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: YbuW0MHZo0, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: YbuW0MHZo0, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6338, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6338, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: YbuW0MHZo0 PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: YbuW0MHZo0, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: YbuW0MHZo0, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6225, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6338, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6338, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: YbuW0MHZo0 PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: /tmp/YbuW0MHZo0 (PID: 6227)SIGKILL sent: pid: 936, result: successful
          Source: /tmp/YbuW0MHZo0 (PID: 6233)SIGKILL sent: pid: 936, result: successful
          Source: classification engineClassification label: mal76.troj.lin@0/0@0/0
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/491/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/793/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/772/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/796/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/774/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/797/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/777/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/799/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/658/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/912/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/759/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/936/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/918/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/1/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/761/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/785/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/884/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/720/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/721/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/788/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/789/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/800/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/801/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/847/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6233)File opened: /proc/904/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/491/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/793/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/772/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/796/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/774/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/797/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/777/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/799/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/658/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/912/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/759/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/936/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/918/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/1/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/761/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/785/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/884/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/720/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/721/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/788/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/789/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/800/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/801/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/847/fd
          Source: /tmp/YbuW0MHZo0 (PID: 6227)File opened: /proc/904/fd

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37552
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37554
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37560
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37562
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37564
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37580
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37588
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37590
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37594
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37596
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50454
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50464
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50468
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50478
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50492
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50500
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50508
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50512
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50520
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 50526
          Source: /tmp/YbuW0MHZo0 (PID: 6225)Queries kernel information via 'uname':
          Source: YbuW0MHZo0, 6225.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6227.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6328.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6345.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6338.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6228.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6327.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6234.1.00007ffdff644000.00007ffdff665000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
          Source: YbuW0MHZo0, 6225.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6227.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6328.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6345.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6338.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6228.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6327.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6234.1.00005605851c1000.0000560585246000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
          Source: YbuW0MHZo0, 6225.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6227.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6328.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6345.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6338.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6228.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6327.1.00005605851c1000.0000560585246000.rw-.sdmp, YbuW0MHZo0, 6234.1.00005605851c1000.0000560585246000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/m68k
          Source: YbuW0MHZo0, 6225.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6227.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6328.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6345.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6338.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6228.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6327.1.00007ffdff644000.00007ffdff665000.rw-.sdmp, YbuW0MHZo0, 6234.1.00007ffdff644000.00007ffdff665000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/YbuW0MHZo0SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/YbuW0MHZo0

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: YbuW0MHZo0, type: SAMPLE
          Source: Yara matchFile source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: YbuW0MHZo0, type: SAMPLE
          Source: Yara matchFile source: 6338.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6228.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6227.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6225.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6234.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6345.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6328.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6327.1.00007fc900001000.00007fc900011000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
          OS Credential Dumping          		11
          Security Software Discovery          		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
          Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680649 Sample: YbuW0MHZo0 Startdate: 08/08/2022 Architecture: LINUX Score: 76 42 13.10.208.192 XEROX-WVUS United States 2->42 44 97.67.48.156 WINDSTREAMUS United States 2->44 46 98 other IPs or domains 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 Uses known network protocols on non-standard ports 2->54 10 YbuW0MHZo0 2->10         started        signatures3 process4 process5 12 YbuW0MHZo0 10->12         started        14 YbuW0MHZo0 10->14         started        16 YbuW0MHZo0 10->16         started        process6 18 YbuW0MHZo0 12->18         started        20 YbuW0MHZo0 12->20         started        22 YbuW0MHZo0 14->22         started        24 YbuW0MHZo0 14->24         started        26 YbuW0MHZo0 14->26         started        process7 28 YbuW0MHZo0 18->28         started        30 YbuW0MHZo0 18->30         started        32 YbuW0MHZo0 18->32         started        34 YbuW0MHZo0 22->34         started        36 YbuW0MHZo0 22->36         started        process8 38 YbuW0MHZo0 28->38         started        40 YbuW0MHZo0 28->40         started       

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          YbuW0MHZo059%ReversingLabsLinux.Trojan.Mirai

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          139.169.35.31
          		unknownUnited States
          		270AS270USfalse
          218.191.217.214
          		unknownHong Kong
          		9304HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHKfalse
          91.103.53.121
          		unknownSpain
          		31262EDICOMESfalse
          246.132.183.69
          		unknownReserved
          		unknownunknownfalse
          115.143.117.94
          		unknownKorea Republic of
          		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
          221.157.77.15
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          69.44.220.229
          		unknownUnited States
          		13767DATABANK-DFWUSfalse
          219.191.176.119
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          66.186.44.1
          		unknownUnited States
          		40891SDI-MEDIA-GROUPUSfalse
          191.149.218.193
          		unknownColombia
          		26611COMCELSACOfalse
          178.228.58.237
          		unknownNetherlands
          		31615TMO-NL-ASNLfalse
          248.133.158.76
          		unknownReserved
          		unknownunknownfalse
          180.23.142.196
          		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
          162.52.78.41
          		unknownUnited States
          		35893ACPCAfalse
          69.37.49.65
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          58.137.134.246
          		unknownThailand
          		18408MITSUBISHIFA-CSLOXINFO-THCSLOXINFOTHfalse
          210.145.102.97
          		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
          9.94.32.203
          		unknownUnited States
          		3356LEVEL3USfalse
          47.136.192.234
          		unknownUnited States
          		5650FRONTIER-FRTRUSfalse
          89.233.66.133
          		unknownGermany
          		9145EWETELCloppenburgerStrasse310DEfalse
          4.150.249.64
          		unknownUnited States
          		3356LEVEL3USfalse
          248.111.220.143
          		unknownReserved
          		unknownunknownfalse
          66.139.105.234
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          212.58.250.97
          		unknownUnited Kingdom
          		2818BBCBBCInternetServicesUKGBfalse
          185.191.89.31
          		unknownSpain
          		205512WIFILAVALLESfalse
          89.109.12.129
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          43.152.14.154
          		unknownJapan4249LILLY-ASUSfalse
          4.54.18.92
          		unknownUnited States
          		3356LEVEL3USfalse
          187.59.106.55
          		unknownBrazil
          		18881TELEFONICABRASILSABRfalse
          156.41.209.244
          		unknownUnited States
          		1226CTA-42-AS1226USfalse
          166.127.141.57
          		unknownUnited States
          		4604HOUSTON-ISDUSfalse
          181.230.242.157
          		unknownArgentina
          		10481TelecomArgentinaSAARfalse
          61.9.25.51
          		unknownPhilippines
          		17970SKYBB-AS-APSKYBroadbandSKYCableCorporationPHfalse
          211.175.131.86
          		unknownKorea Republic of
          		9457DREAMX-ASDREAMLINECOKRfalse
          62.0.77.79
          		unknownIsrael
          		1680NV-ASNCELLCOMltdILfalse
          168.189.78.57
          		unknownUnited States
          		53526THECLO-ASNUSfalse
          168.92.42.22
          		unknownUnited States
          		16399FIRSTCOMM-AS2USfalse
          200.121.65.160
          		unknownPeru
          		6147TelefonicadelPeruSAAPEfalse
          108.23.239.123
          		unknownUnited States
          		5650FRONTIER-FRTRUSfalse
          193.107.224.153
          		unknownUkraine
          		44041UNICOMLAB-ASRUfalse
          32.41.122.209
          		unknownUnited States
          		2686ATGS-MMD-ASUSfalse
          42.207.180.116
          		unknownChina
          		7641CHINABTNChinaBroadcastingTVNetCNfalse
          255.74.31.12
          		unknownReserved
          		unknownunknownfalse
          121.9.180.68
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          17.42.161.130
          		unknownUnited States
          		714APPLE-ENGINEERINGUSfalse
          45.149.76.249
          		unknownIran (ISLAMIC Republic Of)
          		60631PARVASYSTEMIRfalse
          61.202.226.226
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          57.64.2.157
          		unknownBelgium
          		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
          76.91.218.114
          		unknownUnited States
          		20001TWC-20001-PACWESTUSfalse
          67.80.199.42
          		unknownUnited States
          		6128CABLE-NET-1USfalse
          85.21.130.23
          		unknownRussian Federation
          		8402CORBINA-ASOJSCVimpelcomRUfalse
          221.205.8.113
          		unknownChina
          		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
          12.125.39.68
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          206.121.134.66
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          244.39.195.2
          		unknownReserved
          		unknownunknownfalse
          252.194.182.128
          		unknownReserved
          		unknownunknownfalse
          220.147.154.54
          		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
          200.98.155.81
          		unknownBrazil
          		7162UniversoOnlineSABRfalse
          202.126.194.6
          		unknownNew Zealand
          		17492VECTOR-COMMUNICATIONS-ASVectorCommunicationsLTDNZfalse
          209.114.155.235
          		unknownUnited States
          		17054AS17054USfalse
          247.188.164.180
          		unknownReserved
          		unknownunknownfalse
          179.10.161.252
          		unknownBrazil
          		26615TIMSABRfalse
          165.77.133.145
          		unknownUnited States
          		4725ODNSoftBankMobileCorpJPfalse
          73.236.36.102
          		unknownUnited States
          		7922COMCAST-7922USfalse
          216.135.68.192
          		unknownUnited States
          		4261BLUEGRASSNETUSfalse
          207.147.233.222
          		unknownUnited States
          		2711SPIRITTEL-ASUSfalse
          13.10.208.192
          		unknownUnited States
          		26662XEROX-WVUSfalse
          54.56.255.200
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          150.145.85.46
          		unknownItaly
          		137ASGARRConsortiumGARREUfalse
          47.33.229.16
          		unknownUnited States
          		20115CHARTER-20115USfalse
          48.156.130.0
          		unknownUnited States
          		2686ATGS-MMD-ASUSfalse
          14.86.131.117
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          4.15.188.253
          		unknownUnited States
          		3356LEVEL3USfalse
          191.196.232.124
          		unknownBrazil
          		26599TELEFONICABRASILSABRfalse
          17.98.106.237
          		unknownUnited States
          		714APPLE-ENGINEERINGUSfalse
          111.214.188.218
          		unknownChina
          		9812CNNIC-CN-COLNETOrientalCableNetworkCoLtdCNfalse
          177.8.210.235
          		unknownBrazil
          		262819LINKMAISPROVEDORDEACESSOASREDESDECOMLTDABRfalse
          195.248.34.203
          		unknownAustria
          		8437UTA-ASATfalse
          136.140.138.103
          		unknownUnited States
          		60311ONEFMCHfalse
          62.210.152.239
          		unknownFrance
          		12876OnlineSASFRfalse
          47.114.18.29
          		unknownChina
          		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
          104.1.204.81
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          223.113.238.121
          		unknownChina
          		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
          141.135.42.36
          		unknownBelgium
          		6848TELENET-ASBEfalse
          207.68.157.241
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          180.156.74.127
          		unknownChina
          		4812CHINANET-SH-APChinaTelecomGroupCNfalse
          187.51.205.116
          		unknownBrazil
          		10429TELEFONICABRASILSABRfalse
          118.242.64.239
          		unknownChina
          		4812CHINANET-SH-APChinaTelecomGroupCNfalse
          93.231.80.206
          		unknownGermany
          		3320DTAGInternetserviceprovideroperationsDEfalse
          149.99.65.7
          		unknownCanada
          		3602AS3602-ROGERS-COMCAfalse
          155.197.111.86
          		unknownUnited States
          		37197SUDRENSDfalse
          84.56.216.101
          		unknownGermany
          		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
          122.121.155.169
          		unknownTaiwan; Republic of China (ROC)
          		3462HINETDataCommunicationBusinessGroupTWfalse
          104.170.219.173
          		unknownUnited States
          		36352AS-COLOCROSSINGUSfalse
          159.62.185.241
          		unknownUnited States
          		7834L3HARRIS-TECHNOLOGIESUSfalse
          1.19.209.35
          		unknownKorea Republic of
          		45996GNJ-AS-KRDAOUTECHNOLOGYKRfalse
          86.99.44.125
          		unknownUnited Arab Emirates
          		5384EMIRATES-INTERNETEmiratesInternetAEfalse
          99.210.200.183
          		unknownCanada
          		812ROGERS-COMMUNICATIONSCAfalse
          97.67.48.156
          		unknownUnited States
          		7029WINDSTREAMUSfalse
          209.148.121.224
          		unknownUnited States
          		7065SONOMAUSfalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.290380807981935
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:YbuW0MHZo0
          File size:65100
          MD5:dcdd462eaf76769b9a0b79640b98065b
          SHA1:df86c4b2b98e4f540d31ff8bba0c2d5beda8b9e6
          SHA256:12bcdc291270a3506825c13eaa2efb0f6f4a4304a504db2ed3a427414adca191
          SHA512:e5736231dc5c0d552c9437827830a509b02a3cc9de4d948acca5f98dcc6c4fd34073bb4a585cc51537299f32e84f0f5e66b49dcf77b05c9c1248ee0eecb2fe07
          SSDEEP:768:me4gpsM204GEkRbjveXl/nQi122EQtBSv3gFHn1eu48B8vB6J7EzNfXQuJpozfyE:mo3EkRbDSoiz6IFn1X48B2SEzNfAuJ3E
          TLSH:DE533B99F4029E3DF88FE9BA84160E05B93023D112931B2767ABFDE37D331659D12E45
          File Content Preview:.ELF.......................D...4.........4. ...(.......................R...R...... ........X...X...X...$...`...... .dt.Q............................NV..a....da....xN^NuNV..J9...|f>"y...p QJ.g.X.#....pN."y...p QJ.f.A.....J.g.Hy...TN.X........|N^NuNV..N^NuN

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:MC68000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x80000144
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:64700
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x800000940x940x140x00x6AX002
          .textPROGBITS0x800000a80xa80xe7a20x00x6AX004
          .finiPROGBITS0x8000e84a0xe84a0xe0x00x6AX002
          .rodataPROGBITS0x8000e8580xe8580x11fa0x00x2A002
          .ctorsPROGBITS0x80011a580xfa580x80x00x3WA004
          .dtorsPROGBITS0x80011a600xfa600x80x00x3WA004
          .dataPROGBITS0x80011a6c0xfa6c0x2100x00x3WA004
          .bssNOBITS0x80011c7c0xfc7c0x23c0x00x3WA004
          .shstrtabSTRTAB0x00xfc7c0x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x800000000x800000000xfa520xfa526.32090x5R E0x2000.init .text .fini .rodata
          LOAD0xfa580x80011a580x80011a580x2240x4603.03270x6RW 0x2000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 8, 2022 23:23:20.071458101 CEST356861312192.168.2.23208.67.106.33
          Aug 8, 2022 23:23:20.098783970 CEST131235686208.67.106.33192.168.2.23
          Aug 8, 2022 23:23:20.098879099 CEST356861312192.168.2.23208.67.106.33
          Aug 8, 2022 23:23:20.099147081 CEST356861312192.168.2.23208.67.106.33
          Aug 8, 2022 23:23:20.101526022 CEST3386423192.168.2.23196.170.136.68
          Aug 8, 2022 23:23:20.101531029 CEST3386423192.168.2.23110.208.23.239
          Aug 8, 2022 23:23:20.101569891 CEST3386423192.168.2.23245.132.102.68
          Aug 8, 2022 23:23:20.101628065 CEST3386423192.168.2.23112.83.63.71
          Aug 8, 2022 23:23:20.101749897 CEST3386423192.168.2.234.167.50.63
          Aug 8, 2022 23:23:20.101804972 CEST3386423192.168.2.2367.36.87.188
          Aug 8, 2022 23:23:20.101835966 CEST3386423192.168.2.23169.85.79.120
          Aug 8, 2022 23:23:20.101836920 CEST3386423192.168.2.231.239.196.71
          Aug 8, 2022 23:23:20.101852894 CEST3386423192.168.2.2383.117.153.224
          Aug 8, 2022 23:23:20.101851940 CEST3386423192.168.2.23197.185.41.215
          Aug 8, 2022 23:23:20.101859093 CEST3386423192.168.2.23124.157.138.126
          Aug 8, 2022 23:23:20.101860046 CEST3386423192.168.2.23190.66.148.224
          Aug 8, 2022 23:23:20.101871967 CEST3386423192.168.2.23126.22.206.196
          Aug 8, 2022 23:23:20.101877928 CEST3386423192.168.2.2399.156.169.200
          Aug 8, 2022 23:23:20.101886034 CEST3386423192.168.2.2318.53.233.110
          Aug 8, 2022 23:23:20.101897955 CEST3386423192.168.2.23188.108.138.201
          Aug 8, 2022 23:23:20.101902962 CEST3386423192.168.2.2334.234.169.82
          Aug 8, 2022 23:23:20.101913929 CEST3386423192.168.2.23210.10.95.203
          Aug 8, 2022 23:23:20.101912975 CEST3386423192.168.2.23221.120.38.74
          Aug 8, 2022 23:23:20.101914883 CEST3386423192.168.2.2397.2.90.224
          Aug 8, 2022 23:23:20.101917028 CEST3386423192.168.2.23171.202.187.251
          Aug 8, 2022 23:23:20.101923943 CEST3386423192.168.2.2347.165.49.88
          Aug 8, 2022 23:23:20.101926088 CEST3386423192.168.2.2368.217.223.13
          Aug 8, 2022 23:23:20.101928949 CEST3386423192.168.2.23152.177.235.87
          Aug 8, 2022 23:23:20.101933002 CEST3386423192.168.2.23147.190.44.36
          Aug 8, 2022 23:23:20.101949930 CEST3386423192.168.2.2354.61.26.60
          Aug 8, 2022 23:23:20.101949930 CEST3386423192.168.2.23240.47.184.158
          Aug 8, 2022 23:23:20.101950884 CEST3386423192.168.2.23181.41.39.58
          Aug 8, 2022 23:23:20.101957083 CEST3386423192.168.2.23166.248.45.146
          Aug 8, 2022 23:23:20.101965904 CEST3386423192.168.2.2351.6.115.216
          Aug 8, 2022 23:23:20.101969004 CEST3386423192.168.2.2357.8.108.210
          Aug 8, 2022 23:23:20.101969957 CEST3386423192.168.2.23192.21.18.123
          Aug 8, 2022 23:23:20.101974964 CEST3386423192.168.2.2319.78.235.43
          Aug 8, 2022 23:23:20.101974964 CEST3386423192.168.2.23158.201.76.226
          Aug 8, 2022 23:23:20.101979971 CEST3386423192.168.2.2378.194.127.69
          Aug 8, 2022 23:23:20.101980925 CEST3386423192.168.2.23147.136.242.170
          Aug 8, 2022 23:23:20.101984978 CEST3386423192.168.2.2336.153.170.0
          Aug 8, 2022 23:23:20.101986885 CEST3386423192.168.2.232.140.111.138
          Aug 8, 2022 23:23:20.101993084 CEST3386423192.168.2.23244.219.122.145
          Aug 8, 2022 23:23:20.101993084 CEST3386423192.168.2.23115.98.28.224
          Aug 8, 2022 23:23:20.102000952 CEST3386423192.168.2.23133.23.127.158
          Aug 8, 2022 23:23:20.102000952 CEST3386423192.168.2.23173.8.125.55
          Aug 8, 2022 23:23:20.102003098 CEST3386423192.168.2.23254.244.172.213
          Aug 8, 2022 23:23:20.102020025 CEST3386423192.168.2.2363.107.217.24
          Aug 8, 2022 23:23:20.102037907 CEST3386423192.168.2.23247.160.16.17
          Aug 8, 2022 23:23:20.102047920 CEST3386423192.168.2.2348.20.227.50
          Aug 8, 2022 23:23:20.102055073 CEST3386423192.168.2.2357.36.66.79
          Aug 8, 2022 23:23:20.102072954 CEST3386423192.168.2.2391.58.184.30
          Aug 8, 2022 23:23:20.102087021 CEST3386423192.168.2.23208.115.222.147
          Aug 8, 2022 23:23:20.102097034 CEST3386423192.168.2.23148.133.243.199
          Aug 8, 2022 23:23:20.102106094 CEST3386423192.168.2.2394.214.43.58
          Aug 8, 2022 23:23:20.102116108 CEST3386423192.168.2.2324.151.142.147
          Aug 8, 2022 23:23:20.102124929 CEST3386423192.168.2.2395.150.134.16
          Aug 8, 2022 23:23:20.102358103 CEST3386423192.168.2.2338.214.15.49
          Aug 8, 2022 23:23:20.102363110 CEST3386423192.168.2.2313.221.163.91
          Aug 8, 2022 23:23:20.102394104 CEST3386423192.168.2.23135.22.89.103
          Aug 8, 2022 23:23:20.102408886 CEST3386423192.168.2.23216.78.189.251
          Aug 8, 2022 23:23:20.102412939 CEST3386423192.168.2.23126.199.224.12
          Aug 8, 2022 23:23:20.102416992 CEST3386423192.168.2.2336.86.56.226
          Aug 8, 2022 23:23:20.102427006 CEST3386423192.168.2.2338.170.65.222
          Aug 8, 2022 23:23:20.102427959 CEST3386423192.168.2.2363.244.14.47
          Aug 8, 2022 23:23:20.102448940 CEST3386423192.168.2.2317.182.11.224
          Aug 8, 2022 23:23:20.102452040 CEST3386423192.168.2.23248.60.213.78
          Aug 8, 2022 23:23:20.102463961 CEST3386423192.168.2.23250.149.52.108
          Aug 8, 2022 23:23:20.102482080 CEST3386423192.168.2.23210.49.51.81
          Aug 8, 2022 23:23:20.102487087 CEST3386423192.168.2.23162.88.166.201
          Aug 8, 2022 23:23:20.102494955 CEST3386423192.168.2.23196.168.193.93
          Aug 8, 2022 23:23:20.102497101 CEST3386423192.168.2.23196.146.239.158
          Aug 8, 2022 23:23:20.102498055 CEST3386423192.168.2.2399.238.205.185
          Aug 8, 2022 23:23:20.102502108 CEST3386423192.168.2.23202.129.49.87
          Aug 8, 2022 23:23:20.102505922 CEST3386423192.168.2.2364.53.147.80
          Aug 8, 2022 23:23:20.102513075 CEST3386423192.168.2.23144.23.247.34
          Aug 8, 2022 23:23:20.102525949 CEST3386423192.168.2.2371.154.243.138
          Aug 8, 2022 23:23:20.102538109 CEST3386423192.168.2.23170.11.76.118
          Aug 8, 2022 23:23:20.102554083 CEST3386423192.168.2.23173.61.182.54
          Aug 8, 2022 23:23:20.102555990 CEST3386423192.168.2.23221.60.248.65
          Aug 8, 2022 23:23:20.102566004 CEST3386423192.168.2.23255.65.121.46
          Aug 8, 2022 23:23:20.102572918 CEST3386423192.168.2.2340.137.5.102
          Aug 8, 2022 23:23:20.102575064 CEST3386423192.168.2.23252.134.213.121
          Aug 8, 2022 23:23:20.102576971 CEST3386423192.168.2.2363.58.26.25
          Aug 8, 2022 23:23:20.102577925 CEST3386423192.168.2.23122.49.165.72
          Aug 8, 2022 23:23:20.102581024 CEST3386423192.168.2.23176.209.140.157
          Aug 8, 2022 23:23:20.102588892 CEST3386423192.168.2.23118.12.234.118
          Aug 8, 2022 23:23:20.102595091 CEST3386423192.168.2.2375.147.164.171
          Aug 8, 2022 23:23:20.102606058 CEST3386423192.168.2.23207.52.194.69
          Aug 8, 2022 23:23:20.102608919 CEST3386423192.168.2.2374.220.27.108
          Aug 8, 2022 23:23:20.102619886 CEST3386423192.168.2.2397.208.8.12
          Aug 8, 2022 23:23:20.102623940 CEST3386423192.168.2.2393.157.92.58
          Aug 8, 2022 23:23:20.102632046 CEST3386423192.168.2.2395.35.174.77
          Aug 8, 2022 23:23:20.102638960 CEST3386423192.168.2.23182.167.159.155
          Aug 8, 2022 23:23:20.102648020 CEST3386423192.168.2.23172.245.135.69
          Aug 8, 2022 23:23:20.102657080 CEST3386423192.168.2.23203.136.27.114
          Aug 8, 2022 23:23:20.102700949 CEST3386423192.168.2.23255.210.46.51
          Aug 8, 2022 23:23:20.102940083 CEST3386423192.168.2.23171.172.175.38
          Aug 8, 2022 23:23:20.102942944 CEST3386423192.168.2.2373.32.241.20
          Aug 8, 2022 23:23:20.102950096 CEST3386423192.168.2.23208.77.233.21

          System Behavior

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:/tmp/YbuW0MHZo0
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:17
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:17
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:26:12
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          General

          Start time:23:23:19
          Start date:08/08/2022
          Path:/tmp/YbuW0MHZo0
          Arguments:n/a
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc