Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
2DbzKHhgOH

Overview

General Information

Sample Name:2DbzKHhgOH
Analysis ID:680657
MD5:91e1ba2317dac69005bd8f5494297730
SHA1:314ac7afbe482e1a412632950bc03f5d00bd6e0a
SHA256:7610f435e009a531631ad480f342b21b87e56c05ac55d66ad99a1a3e5523fad2
Tags:32elfmiraisparc
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Yara signature match
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:680657
Start date and time: 08/08/202223:35:592022-08-08 23:35:59 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 36s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:2DbzKHhgOH
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.troj.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/2DbzKHhgOH
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
2DbzKHhgOHJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    2DbzKHhgOHLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x10310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1034c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1039c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x103b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x103c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x103d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x103ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1043c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x10478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1048c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x104a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    2DbzKHhgOHLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0x10870:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      6223.1.00007f4910011000.00007f4910023000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6223.1.00007f4910011000.00007f4910023000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0x10310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1034c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1039c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x103b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x103c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x103d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x103ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1043c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x10478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x1048c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0x104a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        6223.1.00007f4910011000.00007f4910023000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
        • 0x10870:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
        6242.1.00007f4910011000.00007f4910023000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
          6242.1.00007f4910011000.00007f4910023000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
          • 0x10310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1034c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1039c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x103b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x103c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x103d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x103ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1043c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x10478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x1048c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          • 0x104a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
          Click to see the 33 entries

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 2DbzKHhgOHVirustotal: Detection: 56%Perma Link
          Source: 2DbzKHhgOHReversingLabs: Detection: 53%

          Networking

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54828
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39698
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39834
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55020
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39992
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55224
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40170
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55448
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40338
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55666
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40516
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40672
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55858
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40822
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56052
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40984
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56248
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41152
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56440
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56628
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57026
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57174
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57320
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57462
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57602
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57758
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57912
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58058
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58194
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58346
          Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
          Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
          Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
          Source: global trafficTCP traffic: 192.168.2.23:35686 -> 208.67.106.33:1312
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::0
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::23
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::53413
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::80
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::52869
          Source: /tmp/2DbzKHhgOH (PID: 6226)Socket: 0.0.0.0::37215
          Source: /tmp/2DbzKHhgOH (PID: 6232)Socket: 0.0.0.0::0
          Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
          Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
          Source: unknownTCP traffic detected without corresponding DNS query: 103.192.46.127
          Source: unknownTCP traffic detected without corresponding DNS query: 34.201.192.127
          Source: unknownTCP traffic detected without corresponding DNS query: 37.34.203.231
          Source: unknownTCP traffic detected without corresponding DNS query: 59.155.217.82
          Source: unknownTCP traffic detected without corresponding DNS query: 79.0.81.169
          Source: unknownTCP traffic detected without corresponding DNS query: 187.127.228.76
          Source: unknownTCP traffic detected without corresponding DNS query: 47.195.84.144
          Source: unknownTCP traffic detected without corresponding DNS query: 59.4.192.49
          Source: unknownTCP traffic detected without corresponding DNS query: 20.96.18.204
          Source: unknownTCP traffic detected without corresponding DNS query: 84.144.162.32
          Source: unknownTCP traffic detected without corresponding DNS query: 19.37.51.49
          Source: unknownTCP traffic detected without corresponding DNS query: 208.233.144.26
          Source: unknownTCP traffic detected without corresponding DNS query: 54.41.170.171
          Source: unknownTCP traffic detected without corresponding DNS query: 217.171.83.43
          Source: unknownTCP traffic detected without corresponding DNS query: 179.26.154.158
          Source: unknownTCP traffic detected without corresponding DNS query: 98.60.144.40
          Source: unknownTCP traffic detected without corresponding DNS query: 181.156.238.221
          Source: unknownTCP traffic detected without corresponding DNS query: 13.46.186.171
          Source: unknownTCP traffic detected without corresponding DNS query: 27.77.33.53
          Source: unknownTCP traffic detected without corresponding DNS query: 186.197.181.157
          Source: unknownTCP traffic detected without corresponding DNS query: 221.253.219.9
          Source: unknownTCP traffic detected without corresponding DNS query: 86.23.243.141
          Source: unknownTCP traffic detected without corresponding DNS query: 217.134.208.149
          Source: unknownTCP traffic detected without corresponding DNS query: 112.1.0.103
          Source: unknownTCP traffic detected without corresponding DNS query: 176.25.19.129
          Source: unknownTCP traffic detected without corresponding DNS query: 203.64.177.206
          Source: unknownTCP traffic detected without corresponding DNS query: 89.62.238.247
          Source: unknownTCP traffic detected without corresponding DNS query: 38.46.34.49
          Source: unknownTCP traffic detected without corresponding DNS query: 193.195.180.86
          Source: unknownTCP traffic detected without corresponding DNS query: 172.69.227.236
          Source: unknownTCP traffic detected without corresponding DNS query: 85.253.53.57
          Source: unknownTCP traffic detected without corresponding DNS query: 108.31.39.77
          Source: unknownTCP traffic detected without corresponding DNS query: 203.231.234.124
          Source: unknownTCP traffic detected without corresponding DNS query: 169.201.242.166
          Source: unknownTCP traffic detected without corresponding DNS query: 5.104.148.237
          Source: unknownTCP traffic detected without corresponding DNS query: 165.76.161.13
          Source: unknownTCP traffic detected without corresponding DNS query: 31.37.123.68
          Source: unknownTCP traffic detected without corresponding DNS query: 211.128.4.190
          Source: unknownTCP traffic detected without corresponding DNS query: 253.49.98.164
          Source: unknownTCP traffic detected without corresponding DNS query: 145.149.166.190
          Source: unknownTCP traffic detected without corresponding DNS query: 105.246.16.77
          Source: unknownTCP traffic detected without corresponding DNS query: 122.34.230.107
          Source: unknownTCP traffic detected without corresponding DNS query: 83.113.136.199
          Source: unknownTCP traffic detected without corresponding DNS query: 74.141.227.216
          Source: unknownTCP traffic detected without corresponding DNS query: 191.241.145.50
          Source: unknownTCP traffic detected without corresponding DNS query: 143.31.39.206
          Source: unknownTCP traffic detected without corresponding DNS query: 172.42.75.157
          Source: unknownTCP traffic detected without corresponding DNS query: 250.49.180.16
          Source: unknownTCP traffic detected without corresponding DNS query: 254.6.5.190

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2DbzKHhgOH, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 2DbzKHhgOH, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
          Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
          Source: 2DbzKHhgOH, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 2DbzKHhgOH, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6223, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6234, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6242, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6256, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
          Source: Process Memory Space: 2DbzKHhgOH PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
          Source: ELF static info symbol of initial sample.symtab present: no
          Source: /tmp/2DbzKHhgOH (PID: 6226)SIGKILL sent: pid: 936, result: successful
          Source: /tmp/2DbzKHhgOH (PID: 6232)SIGKILL sent: pid: 936, result: successful
          Source: classification engineClassification label: mal76.troj.lin@0/0@0/0
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/491/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/793/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/772/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/796/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/774/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/797/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/777/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/799/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/658/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/912/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/759/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/936/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/918/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/1/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/761/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/785/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/884/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/720/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/721/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/788/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/789/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/800/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/801/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/847/fd
          Source: /tmp/2DbzKHhgOH (PID: 6232)File opened: /proc/904/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/491/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/793/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/772/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/796/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/774/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/797/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/777/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/799/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/658/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/912/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/759/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/936/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/918/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/1/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/761/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/785/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/884/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/720/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/721/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/788/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/789/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/800/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/801/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/847/fd
          Source: /tmp/2DbzKHhgOH (PID: 6226)File opened: /proc/904/fd

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 54828
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39698
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39834
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55020
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39992
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55224
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40170
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55448
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40338
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55666
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40516
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40672
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55858
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40822
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56052
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 40984
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56248
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41152
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56440
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56628
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57026
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57174
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57320
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57462
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57602
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57758
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 57912
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58058
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58194
          Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58346
          Source: /tmp/2DbzKHhgOH (PID: 6223)Queries kernel information via 'uname':
          Source: 2DbzKHhgOH, 6223.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00005636a8392000.00005636a8417000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
          Source: 2DbzKHhgOH, 6223.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00005636a8392000.00005636a8417000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00005636a8392000.00005636a8417000.rw-.sdmpBinary or memory string: 6V!/etc/qemu-binfmt/sparc
          Source: 2DbzKHhgOH, 6223.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc
          Source: 2DbzKHhgOH, 6223.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6226.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6242.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6256.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6251.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6227.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6260.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmp, 2DbzKHhgOH, 6234.1.00007ffdbfea2000.00007ffdbfec3000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/2DbzKHhgOHSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/2DbzKHhgOH

          Stealing of Sensitive Information

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 2DbzKHhgOH, type: SAMPLE
          Source: Yara matchFile source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Mirai
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 2DbzKHhgOH, type: SAMPLE
          Source: Yara matchFile source: 6223.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6242.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6256.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6226.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6260.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6227.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6234.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY
          Source: Yara matchFile source: 6251.1.00007f4910011000.00007f4910023000.r-x.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
          OS Credential Dumping          		11
          Security Software Discovery          		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
          Non-Standard Port          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
          Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

          Malware Configuration

          No configs have been found

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Number of created Files
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680657 Sample: 2DbzKHhgOH Startdate: 08/08/2022 Architecture: LINUX Score: 76 42 122.102.168.192 ZAQJupiterTelecommunicationsCoLtdJP Japan 2->42 44 216.217.214.98 WINDSTREAMUS United States 2->44 46 98 other IPs or domains 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 Uses known network protocols on non-standard ports 2->54 10 2DbzKHhgOH 2->10         started        signatures3 process4 process5 12 2DbzKHhgOH 10->12         started        14 2DbzKHhgOH 10->14         started        16 2DbzKHhgOH 10->16         started        process6 18 2DbzKHhgOH 12->18         started        20 2DbzKHhgOH 12->20         started        22 2DbzKHhgOH 14->22         started        24 2DbzKHhgOH 14->24         started        26 2DbzKHhgOH 14->26         started        process7 28 2DbzKHhgOH 18->28         started        30 2DbzKHhgOH 18->30         started        32 2DbzKHhgOH 18->32         started        34 2DbzKHhgOH 22->34         started        36 2DbzKHhgOH 22->36         started        process8 38 2DbzKHhgOH 28->38         started        40 2DbzKHhgOH 28->40         started       

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          2DbzKHhgOH56%VirustotalBrowse
          2DbzKHhgOH54%ReversingLabsLinux.Trojan.Mirai

          Dropped Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          168.232.195.12
          		unknownBrazil
          		264947LUIZLIMAECIALTDA-MEBRfalse
          172.242.149.102
          		unknownUnited States
          		7155VIASAT-SP-BACKBONEUSfalse
          244.20.66.52
          		unknownReserved
          		unknownunknownfalse
          171.113.147.143
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          19.169.88.87
          		unknownUnited States
          		3MIT-GATEWAYSUSfalse
          63.89.37.172
          		unknownUnited States
          		701UUNETUSfalse
          57.250.79.115
          		unknownBelgium
          		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
          17.187.225.236
          		unknownUnited States
          		714APPLE-ENGINEERINGUSfalse
          179.178.200.39
          		unknownBrazil
          		18881TELEFONICABRASILSABRfalse
          212.236.166.35
          		unknownAustria
          		8245VIDEOBROADCAST-ASATfalse
          156.111.211.80
          		unknownUnited States
          		395139NYP-INTERNETUSfalse
          172.249.237.250
          		unknownUnited States
          		20001TWC-20001-PACWESTUSfalse
          154.141.21.12
          		unknownEgypt
          		37069MOBINILEGfalse
          172.78.20.231
          		unknownUnited States
          		5650FRONTIER-FRTRUSfalse
          242.114.167.34
          		unknownReserved
          		unknownunknownfalse
          250.72.175.183
          		unknownReserved
          		unknownunknownfalse
          12.33.245.124
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          92.100.198.12
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          148.183.118.63
          		unknownUnited States
          		11529NGUS-ASUSfalse
          74.164.154.157
          		unknownUnited States
          		6389BELLSOUTH-NET-BLKUSfalse
          187.0.44.224
          		unknownunknown
          		270589MarcioHenriqueMalaquiasJuniorBRfalse
          101.91.3.194
          		unknownChina
          		4812CHINANET-SH-APChinaTelecomGroupCNfalse
          162.41.243.8
          		unknownUnited States
          		53984AS-WELLSTARUSfalse
          76.251.40.142
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          9.234.214.193
          		unknownUnited States
          		3356LEVEL3USfalse
          210.55.200.75
          		unknownNew Zealand
          		4648SPARK-NZGlobal-GatewayInternetNZfalse
          210.151.57.163
          		unknownJapan4725ODNSoftBankMobileCorpJPfalse
          146.35.171.49
          		unknownUnited States
          		197938TRAVIANGAMESDEfalse
          130.1.17.5
          		unknownUnited States
          		6908DATAHOPDatahop-SixDegreesGBfalse
          242.60.251.65
          		unknownReserved
          		unknownunknownfalse
          193.215.94.85
          		unknownNorway
          		2119TELENOR-NEXTELTelenorNorgeASNOfalse
          69.241.251.91
          		unknownUnited States
          		7922COMCAST-7922USfalse
          5.248.220.111
          		unknownUkraine
          		15895KSNET-ASUAfalse
          53.70.141.206
          		unknownGermany
          		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
          145.161.131.179
          		unknownNetherlands
          		59524KPN-IAASNLfalse
          255.235.153.74
          		unknownReserved
          		unknownunknownfalse
          124.168.11.239
          		unknownAustralia
          		7545TPG-INTERNET-APTPGTelecomLimitedAUfalse
          12.238.112.74
          		unknownUnited States
          		11085PDI-HQ-INETUSfalse
          81.156.178.92
          		unknownUnited Kingdom
          		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
          112.58.214.171
          		unknownChina
          		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
          16.122.9.243
          		unknownUnited States
          		unknownunknownfalse
          142.148.79.137
          		unknownCanada
          		808GONET-ASN-1CAfalse
          171.117.63.31
          		unknownChina
          		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
          105.237.204.73
          		unknownSouth Africa
          		16637MTNNS-ASZAfalse
          84.228.172.237
          		unknownIsrael
          		9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
          41.143.104.16
          		unknownMorocco
          		36903MT-MPLSMAfalse
          255.108.118.255
          		unknownReserved
          		unknownunknownfalse
          91.220.198.112
          		unknownUkraine
          		50304BLIXNOfalse
          57.184.201.154
          		unknownBelgium
          		2686ATGS-MMD-ASUSfalse
          212.225.90.64
          		unknownUnited Kingdom
          		2529DEMON-INTERNETNowmaintainedbyCableWirelessWorldwidefalse
          14.251.158.152
          		unknownViet Nam
          		45899VNPT-AS-VNVNPTCorpVNfalse
          167.185.27.193
          		unknownUnited States
          		15071BAX-BGPUSfalse
          70.46.78.210
          		unknownUnited States
          		7029WINDSTREAMUSfalse
          188.201.177.170
          		unknownNetherlands
          		1136KPNKPNNationalEUfalse
          129.6.93.246
          		unknownUnited States
          		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
          44.80.25.38
          		unknownUnited States
          		7377UCSDUSfalse
          190.14.82.129
          		unknownBolivia
          		22541MegaLinkBOfalse
          91.118.21.149
          		unknownAustria
          		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
          246.114.251.206
          		unknownReserved
          		unknownunknownfalse
          98.33.199.221
          		unknownUnited States
          		7922COMCAST-7922USfalse
          76.240.155.100
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          175.227.77.55
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          216.217.214.98
          		unknownUnited States
          		7029WINDSTREAMUSfalse
          154.40.28.102
          		unknownUnited States
          		174COGENT-174USfalse
          210.77.15.166
          		unknownChina
          		7497CSTNET-AS-APComputerNetworkInformationCenterCNfalse
          207.218.72.98
          		unknownUnited States
          		3549LVLT-3549USfalse
          244.239.113.71
          		unknownReserved
          		unknownunknownfalse
          199.55.108.184
          		unknownUnited States
          		398192ARDOT-NET-01USfalse
          219.111.80.29
          		unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
          109.35.142.232
          		unknownNetherlands
          		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
          240.58.79.8
          		unknownReserved
          		unknownunknownfalse
          218.19.201.2
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          161.210.39.255
          		unknownUnited States
          		14513DMACCUSfalse
          223.30.216.212
          		unknownIndia
          		9583SIFY-AS-INSifyLimitedINfalse
          14.88.182.111
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          177.67.65.0
          		unknownBrazil
          		53011KARCHERINDECOMLTDABRfalse
          85.144.20.7
          		unknownNetherlands
          		50266TMOBILE-THUISNLfalse
          220.53.144.208
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          2.64.113.156
          		unknownSweden
          		44034HI3GSEfalse
          202.153.150.34
          		unknownIndonesia
          		10208THENET-AS-ID-APPTMilleniumInternetindoIDfalse
          42.42.63.189
          		unknownKorea Republic of
          		9644SKTELECOM-NET-ASSKTelecomKRfalse
          65.195.47.35
          		unknownUnited States
          		701UUNETUSfalse
          57.62.64.150
          		unknownBelgium
          		2686ATGS-MMD-ASUSfalse
          165.176.234.90
          		unknownUnited States
          		7046RFC2270-UUNET-CUSTOMERUSfalse
          184.178.190.91
          		unknownUnited States
          		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
          91.19.165.16
          		unknownGermany
          		3320DTAGInternetserviceprovideroperationsDEfalse
          122.102.168.192
          		unknownJapan9617ZAQJupiterTelecommunicationsCoLtdJPfalse
          174.92.228.99
          		unknownCanada
          		577BACOMCAfalse
          79.156.170.130
          		unknownSpain
          		3352TELEFONICA_DE_ESPANAESfalse
          204.151.108.241
          		unknownUnited States
          		11303DATARETURNUSfalse
          246.235.249.98
          		unknownReserved
          		unknownunknownfalse
          212.127.114.0
          		unknownTurkey
          		12729HSBC_TR_BANK_INTERNETTRfalse
          176.28.39.79
          		unknownGermany
          		35329GD-EMEA-DC-CGN3DEfalse
          254.151.225.92
          		unknownReserved
          		unknownunknownfalse
          182.133.200.190
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          216.60.3.85
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          173.207.5.161
          		unknownUnited States
          		6407PRIMUS-AS6407CAfalse
          12.15.64.253
          		unknownUnited States
          		32328ALASCOM-IP-MANAGED-NETWORKUSfalse
          198.119.252.109
          		unknownUnited States
          		297AS297USfalse
          253.179.129.161
          		unknownReserved
          		unknownunknownfalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.008811747351218
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:2DbzKHhgOH
          File size:74752
          MD5:91e1ba2317dac69005bd8f5494297730
          SHA1:314ac7afbe482e1a412632950bc03f5d00bd6e0a
          SHA256:7610f435e009a531631ad480f342b21b87e56c05ac55d66ad99a1a3e5523fad2
          SHA512:526e6ae27f06027083d7d0eb5c1b02bd0c5d3aae35769ba19fd15371a5c6b7bc1ce047c071c2b112cd9d0069094f29ca323cd1929ca6510723a7345babc27bec
          SSDEEP:1536:hD/B6f6UD5hAS7mo0DCCAXESKV6v3G78nN9WV:927jqCe8v3GI/W
          TLSH:82732A26B97A1E26C0D4B57E60FB8B11F5E1278E26B4C50A7D720E5EEF147006502EF7
          File Content Preview:.ELF...........................4.."p.....4. ...(.......................0...0.............. ... ... ....0............dt.Q................................@..(....@.@.................#.....b0..`.....!..... ...@.....".........`......$ ... ...@...........`....

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:Sparc
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x101a4
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:74352
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x100940x940x1c0x00x6AX004
          .textPROGBITS0x100b00xb00x102480x00x6AX004
          .finiPROGBITS0x202f80x102f80x140x00x6AX004
          .rodataPROGBITS0x203100x103100x19200x00x2A008
          .ctorsPROGBITS0x320000x120000x80x00x3WA004
          .dtorsPROGBITS0x320080x120080x80x00x3WA004
          .dataPROGBITS0x320180x120180x2180x00x3WA008
          .bssNOBITS0x322300x122300x2880x00x3WA008
          .shstrtabSTRTAB0x00x122300x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x100000x100000x11c300x11c306.07600x5R E0x10000.init .text .fini .rodata
          LOAD0x120000x320000x320000x2300x4b82.93170x6RW 0x10000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 8, 2022 23:36:45.717706919 CEST356861312192.168.2.23208.67.106.33
          Aug 8, 2022 23:36:45.738190889 CEST6347423192.168.2.23103.192.46.127
          Aug 8, 2022 23:36:45.738291979 CEST6347423192.168.2.2334.201.192.127
          Aug 8, 2022 23:36:45.738368988 CEST6347423192.168.2.2337.34.203.231
          Aug 8, 2022 23:36:45.738465071 CEST6347423192.168.2.2359.155.217.82
          Aug 8, 2022 23:36:45.738518000 CEST6347423192.168.2.2379.0.81.169
          Aug 8, 2022 23:36:45.738531113 CEST6347423192.168.2.23187.127.228.76
          Aug 8, 2022 23:36:45.738550901 CEST6347423192.168.2.2347.195.84.144
          Aug 8, 2022 23:36:45.738552094 CEST6347423192.168.2.2359.4.192.49
          Aug 8, 2022 23:36:45.738564014 CEST6347423192.168.2.2320.96.18.204
          Aug 8, 2022 23:36:45.738595009 CEST6347423192.168.2.2384.144.162.32
          Aug 8, 2022 23:36:45.738642931 CEST6347423192.168.2.2319.37.51.49
          Aug 8, 2022 23:36:45.738646030 CEST6347423192.168.2.23208.233.144.26
          Aug 8, 2022 23:36:45.738653898 CEST6347423192.168.2.2354.41.170.171
          Aug 8, 2022 23:36:45.738656044 CEST6347423192.168.2.23217.171.83.43
          Aug 8, 2022 23:36:45.738665104 CEST6347423192.168.2.23179.26.154.158
          Aug 8, 2022 23:36:45.738688946 CEST6347423192.168.2.2398.60.144.40
          Aug 8, 2022 23:36:45.738707066 CEST6347423192.168.2.23181.156.238.221
          Aug 8, 2022 23:36:45.738739014 CEST6347423192.168.2.2313.46.186.171
          Aug 8, 2022 23:36:45.738763094 CEST6347423192.168.2.2327.77.33.53
          Aug 8, 2022 23:36:45.738775015 CEST6347423192.168.2.23186.197.181.157
          Aug 8, 2022 23:36:45.738802910 CEST6347423192.168.2.23221.253.219.9
          Aug 8, 2022 23:36:45.738805056 CEST6347423192.168.2.2386.23.243.141
          Aug 8, 2022 23:36:45.738820076 CEST6347423192.168.2.23217.134.208.149
          Aug 8, 2022 23:36:45.738837957 CEST6347423192.168.2.23112.1.0.103
          Aug 8, 2022 23:36:45.738853931 CEST6347423192.168.2.23176.25.19.129
          Aug 8, 2022 23:36:45.738888025 CEST6347423192.168.2.23203.64.177.206
          Aug 8, 2022 23:36:45.738966942 CEST6347423192.168.2.2389.62.238.247
          Aug 8, 2022 23:36:45.738970041 CEST6347423192.168.2.2338.46.34.49
          Aug 8, 2022 23:36:45.738995075 CEST6347423192.168.2.23193.195.180.86
          Aug 8, 2022 23:36:45.739022970 CEST6347423192.168.2.23172.69.227.236
          Aug 8, 2022 23:36:45.739032984 CEST6347423192.168.2.2385.253.53.57
          Aug 8, 2022 23:36:45.739048004 CEST6347423192.168.2.23181.210.159.110
          Aug 8, 2022 23:36:45.739059925 CEST6347423192.168.2.23108.31.39.77
          Aug 8, 2022 23:36:45.739131927 CEST6347423192.168.2.23203.231.234.124
          Aug 8, 2022 23:36:45.739140987 CEST6347423192.168.2.23169.201.242.166
          Aug 8, 2022 23:36:45.739159107 CEST6347423192.168.2.235.104.148.237
          Aug 8, 2022 23:36:45.739164114 CEST6347423192.168.2.23165.76.161.13
          Aug 8, 2022 23:36:45.739192009 CEST6347423192.168.2.2331.37.123.68
          Aug 8, 2022 23:36:45.739198923 CEST6347423192.168.2.23211.128.4.190
          Aug 8, 2022 23:36:45.739209890 CEST6347423192.168.2.23253.49.98.164
          Aug 8, 2022 23:36:45.739211082 CEST6347423192.168.2.23145.149.166.190
          Aug 8, 2022 23:36:45.739217043 CEST6347423192.168.2.23105.246.16.77
          Aug 8, 2022 23:36:45.739300966 CEST6347423192.168.2.23122.34.230.107
          Aug 8, 2022 23:36:45.739316940 CEST6347423192.168.2.2383.113.136.199
          Aug 8, 2022 23:36:45.739322901 CEST6347423192.168.2.2374.141.227.216
          Aug 8, 2022 23:36:45.739351988 CEST6347423192.168.2.23191.241.145.50
          Aug 8, 2022 23:36:45.739351988 CEST6347423192.168.2.23143.31.39.206
          Aug 8, 2022 23:36:45.739353895 CEST6347423192.168.2.23172.42.75.157
          Aug 8, 2022 23:36:45.739363909 CEST6347423192.168.2.23250.49.180.16
          Aug 8, 2022 23:36:45.739367008 CEST6347423192.168.2.23254.6.5.190
          Aug 8, 2022 23:36:45.739368916 CEST6347423192.168.2.2323.117.180.233
          Aug 8, 2022 23:36:45.739377022 CEST6347423192.168.2.23250.87.178.37
          Aug 8, 2022 23:36:45.739382029 CEST6347423192.168.2.2394.89.8.144
          Aug 8, 2022 23:36:45.739389896 CEST6347423192.168.2.23248.181.33.119
          Aug 8, 2022 23:36:45.739402056 CEST6347423192.168.2.23246.223.89.164
          Aug 8, 2022 23:36:45.739403009 CEST6347423192.168.2.2377.23.19.199
          Aug 8, 2022 23:36:45.739501953 CEST6347423192.168.2.2343.149.121.40
          Aug 8, 2022 23:36:45.739504099 CEST6347423192.168.2.2385.41.14.40
          Aug 8, 2022 23:36:45.739507914 CEST6347423192.168.2.234.252.179.205
          Aug 8, 2022 23:36:45.739517927 CEST6347423192.168.2.23175.85.82.245
          Aug 8, 2022 23:36:45.739528894 CEST6347423192.168.2.23109.154.125.193
          Aug 8, 2022 23:36:45.739535093 CEST6347423192.168.2.23104.136.31.31
          Aug 8, 2022 23:36:45.739540100 CEST6347423192.168.2.2381.197.68.65
          Aug 8, 2022 23:36:45.739551067 CEST6347423192.168.2.23253.113.184.108
          Aug 8, 2022 23:36:45.739557981 CEST6347423192.168.2.23255.152.233.156
          Aug 8, 2022 23:36:45.739557981 CEST6347423192.168.2.2312.151.117.43
          Aug 8, 2022 23:36:45.739566088 CEST6347423192.168.2.2319.28.36.131
          Aug 8, 2022 23:36:45.739604950 CEST6347423192.168.2.2395.147.200.216
          Aug 8, 2022 23:36:45.739620924 CEST6347423192.168.2.2336.72.157.242
          Aug 8, 2022 23:36:45.739639044 CEST6347423192.168.2.2381.5.47.53
          Aug 8, 2022 23:36:45.739690065 CEST6347423192.168.2.23113.189.180.197
          Aug 8, 2022 23:36:45.739691019 CEST6347423192.168.2.2317.160.156.216
          Aug 8, 2022 23:36:45.739701986 CEST6347423192.168.2.2343.9.18.163
          Aug 8, 2022 23:36:45.739702940 CEST6347423192.168.2.23200.110.32.170
          Aug 8, 2022 23:36:45.739707947 CEST6347423192.168.2.23133.55.180.8
          Aug 8, 2022 23:36:45.739713907 CEST6347423192.168.2.2314.246.203.170
          Aug 8, 2022 23:36:45.739725113 CEST6347423192.168.2.2360.189.86.17
          Aug 8, 2022 23:36:45.739726067 CEST6347423192.168.2.2396.63.206.67
          Aug 8, 2022 23:36:45.739851952 CEST6347423192.168.2.23150.98.117.197
          Aug 8, 2022 23:36:45.739859104 CEST6347423192.168.2.2363.177.86.228
          Aug 8, 2022 23:36:45.739866972 CEST6347423192.168.2.2332.95.208.154
          Aug 8, 2022 23:36:45.739869118 CEST6347423192.168.2.23154.248.164.238
          Aug 8, 2022 23:36:45.739870071 CEST6347423192.168.2.234.186.105.36
          Aug 8, 2022 23:36:45.739880085 CEST6347423192.168.2.23186.132.211.102
          Aug 8, 2022 23:36:45.739897013 CEST6347423192.168.2.2394.84.68.159
          Aug 8, 2022 23:36:45.739902973 CEST6347423192.168.2.2331.53.168.253
          Aug 8, 2022 23:36:45.739933968 CEST6347423192.168.2.23209.139.60.227
          Aug 8, 2022 23:36:45.739996910 CEST6347423192.168.2.23123.35.41.96
          Aug 8, 2022 23:36:45.739999056 CEST6347423192.168.2.2374.228.72.155
          Aug 8, 2022 23:36:45.740039110 CEST6347423192.168.2.2386.91.231.147
          Aug 8, 2022 23:36:45.740042925 CEST6347423192.168.2.23108.154.214.252
          Aug 8, 2022 23:36:45.740042925 CEST6347423192.168.2.2312.155.121.220
          Aug 8, 2022 23:36:45.740062952 CEST6347423192.168.2.2367.72.23.129
          Aug 8, 2022 23:36:45.740092039 CEST6347423192.168.2.23147.213.146.100
          Aug 8, 2022 23:36:45.740103006 CEST6347423192.168.2.23142.180.246.14
          Aug 8, 2022 23:36:45.740108013 CEST6347423192.168.2.23191.161.76.41
          Aug 8, 2022 23:36:45.740119934 CEST6347423192.168.2.2340.123.197.38
          Aug 8, 2022 23:36:45.740134001 CEST6347423192.168.2.2360.241.221.183
          Aug 8, 2022 23:36:45.740150928 CEST6347423192.168.2.23106.213.236.64

          System Behavior

          General

          Start time:23:36:44
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:/tmp/2DbzKHhgOH
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:44
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:44
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:44
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:44
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:53
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:45
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

          General

          Start time:23:36:45
          Start date:08/08/2022
          Path:/tmp/2DbzKHhgOH
          Arguments:n/a
          File size:4379400 bytes
          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e