Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
I95q6K4AMy

Overview

General Information

Sample Name:I95q6K4AMy
Analysis ID:680658
MD5:a1d40f8e8634726af705363d1ce318e3
SHA1:a23ea7dbd1ae980ef1860db2004a64c0c20753c3
SHA256:d80ab5938a57dfbf5db4f294b4c4123320df3aad659c44683438dd4ac2553779
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:680658
Start date and time: 08/08/202223:40:072022-08-08 23:40:07 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 53s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:I95q6K4AMy
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal80.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/I95q6K4AMy
PID:6226
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xfc34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfc48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfc5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfc70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfc84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfc98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfcac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfcc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfcd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfdb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xfdc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0x1018c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xfc34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfc48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfc5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfc70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfc84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfc98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfcac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfcc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfcd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfdb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xfdc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 35 entries

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: I95q6K4AMyVirustotal: Detection: 25%Perma Link
        Source: I95q6K4AMyReversingLabs: Detection: 38%

        Networking

        barindex
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37966
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37972
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37976
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37978
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37982
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37984
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37988
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37994
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37998
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38002
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 61755
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37846
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55059
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56958
        Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
        Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
        Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
        Source: global trafficTCP traffic: 192.168.2.23:35686 -> 208.67.106.33:1312
        Source: /tmp/I95q6K4AMy (PID: 6228)Socket: 0.0.0.0::0
        Source: /tmp/I95q6K4AMy (PID: 6234)Socket: 0.0.0.0::0
        Source: /tmp/I95q6K4AMy (PID: 6234)Socket: 0.0.0.0::53413
        Source: /tmp/I95q6K4AMy (PID: 6234)Socket: 0.0.0.0::80
        Source: /tmp/I95q6K4AMy (PID: 6234)Socket: 0.0.0.0::37215
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 208.67.106.33
        Source: unknownTCP traffic detected without corresponding DNS query: 141.127.218.63
        Source: unknownTCP traffic detected without corresponding DNS query: 94.88.27.251
        Source: unknownTCP traffic detected without corresponding DNS query: 106.203.200.61
        Source: unknownTCP traffic detected without corresponding DNS query: 114.17.203.192
        Source: unknownTCP traffic detected without corresponding DNS query: 38.57.217.229
        Source: unknownTCP traffic detected without corresponding DNS query: 153.78.89.12
        Source: unknownTCP traffic detected without corresponding DNS query: 1.47.32.59
        Source: unknownTCP traffic detected without corresponding DNS query: 179.186.168.152
        Source: unknownTCP traffic detected without corresponding DNS query: 171.78.58.54
        Source: unknownTCP traffic detected without corresponding DNS query: 250.236.223.63
        Source: unknownTCP traffic detected without corresponding DNS query: 17.112.238.246
        Source: unknownTCP traffic detected without corresponding DNS query: 27.59.31.253
        Source: unknownTCP traffic detected without corresponding DNS query: 36.162.42.11
        Source: unknownTCP traffic detected without corresponding DNS query: 179.25.60.109
        Source: unknownTCP traffic detected without corresponding DNS query: 116.212.95.34
        Source: unknownTCP traffic detected without corresponding DNS query: 8.180.102.132
        Source: unknownTCP traffic detected without corresponding DNS query: 185.75.4.33
        Source: unknownTCP traffic detected without corresponding DNS query: 4.33.224.196
        Source: unknownTCP traffic detected without corresponding DNS query: 92.201.31.30
        Source: unknownTCP traffic detected without corresponding DNS query: 101.27.255.246
        Source: unknownTCP traffic detected without corresponding DNS query: 103.87.102.3
        Source: unknownTCP traffic detected without corresponding DNS query: 123.105.11.194
        Source: unknownTCP traffic detected without corresponding DNS query: 105.215.4.48
        Source: unknownTCP traffic detected without corresponding DNS query: 153.199.179.59
        Source: unknownTCP traffic detected without corresponding DNS query: 23.45.181.106
        Source: unknownTCP traffic detected without corresponding DNS query: 161.208.187.67
        Source: unknownTCP traffic detected without corresponding DNS query: 203.187.7.96
        Source: unknownTCP traffic detected without corresponding DNS query: 150.86.27.22
        Source: unknownTCP traffic detected without corresponding DNS query: 119.209.58.85
        Source: unknownTCP traffic detected without corresponding DNS query: 143.34.42.88
        Source: unknownTCP traffic detected without corresponding DNS query: 251.61.108.103
        Source: unknownTCP traffic detected without corresponding DNS query: 99.41.77.21
        Source: unknownTCP traffic detected without corresponding DNS query: 216.92.163.195
        Source: unknownTCP traffic detected without corresponding DNS query: 91.150.149.218
        Source: unknownTCP traffic detected without corresponding DNS query: 109.150.76.180
        Source: unknownTCP traffic detected without corresponding DNS query: 102.111.62.60
        Source: unknownTCP traffic detected without corresponding DNS query: 183.182.176.202
        Source: unknownTCP traffic detected without corresponding DNS query: 135.6.126.193
        Source: unknownTCP traffic detected without corresponding DNS query: 181.50.40.115
        Source: unknownTCP traffic detected without corresponding DNS query: 166.245.177.209
        Source: unknownTCP traffic detected without corresponding DNS query: 151.57.57.176
        Source: unknownTCP traffic detected without corresponding DNS query: 99.122.196.220
        Source: unknownTCP traffic detected without corresponding DNS query: 43.48.62.31
        Source: unknownTCP traffic detected without corresponding DNS query: 73.123.13.47
        Source: unknownTCP traffic detected without corresponding DNS query: 170.187.173.4
        Source: unknownTCP traffic detected without corresponding DNS query: 101.1.71.169
        Source: unknownTCP traffic detected without corresponding DNS query: 249.12.95.5
        Source: unknownTCP traffic detected without corresponding DNS query: 212.47.95.98
        Source: I95q6K4AMyString found in binary or memory: http://upx.sf.net

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6346, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: I95q6K4AMy PID: 6346, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6229, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6235, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6327, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6346, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: I95q6K4AMy PID: 6346, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: /tmp/I95q6K4AMy (PID: 6228)SIGKILL sent: pid: 936, result: successful
        Source: /tmp/I95q6K4AMy (PID: 6234)SIGKILL sent: pid: 936, result: successful
        Source: classification engineClassification label: mal80.troj.evad.lin@0/0@0/0

        Data Obfuscation

        barindex
        Sample is packed with UPX
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/491/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/793/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/772/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/796/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/774/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/797/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/777/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/799/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/658/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/912/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/759/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/936/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/918/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/1/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/761/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/785/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/884/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/720/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/721/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/788/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/789/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/800/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/801/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/847/fd
        Source: /tmp/I95q6K4AMy (PID: 6234)File opened: /proc/904/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/491/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/793/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/772/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/796/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/774/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/797/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/777/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/799/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/658/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/912/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/759/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/936/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/918/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/1/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/761/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/785/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/884/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/720/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/721/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/788/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/789/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/800/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/801/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/847/fd
        Source: /tmp/I95q6K4AMy (PID: 6228)File opened: /proc/904/fd

        Hooking and other Techniques for Hiding and Protection

        barindex
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37966
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37972
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37976
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37978
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37982
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37984
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37988
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37994
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37998
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38002
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 61755
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 37846
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55059
        Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56958
        Source: I95q6K4AMySubmission file: segment LOAD with 7.9459 entropy (max. 8.0)
        Source: /tmp/I95q6K4AMy (PID: 6226)Queries kernel information via 'uname':
        Source: I95q6K4AMy, 6226.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6228.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6328.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6346.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6336.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6229.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6327.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6235.1.00007fffa833c000.00007fffa835d000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/I95q6K4AMySUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/I95q6K4AMy
        Source: I95q6K4AMy, 6226.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6228.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6328.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6346.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6336.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6229.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6327.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6235.1.000055bee51e2000.000055bee5390000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
        Source: I95q6K4AMy, 6226.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6228.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6328.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6346.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6336.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6229.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6327.1.000055bee51e2000.000055bee5390000.rw-.sdmp, I95q6K4AMy, 6235.1.000055bee51e2000.000055bee5390000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: I95q6K4AMy, 6226.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6228.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6328.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6346.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6336.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6229.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6327.1.00007fffa833c000.00007fffa835d000.rw-.sdmp, I95q6K4AMy, 6235.1.00007fffa833c000.00007fffa835d000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: dump.pcap, type: PCAP

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 6336.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6346.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6229.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6228.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6226.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6328.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6327.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6235.1.00007fd0dc017000.00007fd0dc029000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: dump.pcap, type: PCAP

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
        Obfuscated Files or Information        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
        Non-Standard Port        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680658 Sample: I95q6K4AMy Startdate: 08/08/2022 Architecture: LINUX Score: 80 42 118.177.65.107 XEPHIONNTT-MECorporationJP Japan 2->42 44 12.194.48.59 WORLDNET5-10US United States 2->44 46 98 other IPs or domains 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 2 other signatures 2->54 10 I95q6K4AMy 2->10         started        signatures3 process4 process5 12 I95q6K4AMy 10->12         started        14 I95q6K4AMy 10->14         started        16 I95q6K4AMy 10->16         started        process6 18 I95q6K4AMy 12->18         started        20 I95q6K4AMy 12->20         started        22 I95q6K4AMy 14->22         started        24 I95q6K4AMy 14->24         started        26 I95q6K4AMy 14->26         started        process7 28 I95q6K4AMy 18->28         started        30 I95q6K4AMy 18->30         started        32 I95q6K4AMy 18->32         started        34 I95q6K4AMy 22->34         started        36 I95q6K4AMy 22->36         started        process8 38 I95q6K4AMy 28->38         started        40 I95q6K4AMy 28->40         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        I95q6K4AMy26%VirustotalBrowse
        I95q6K4AMy38%ReversingLabsLinux.Trojan.Mirai

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netI95q6K4AMyfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          223.92.221.118
          		unknownChina
          		56041CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationCfalse
          210.139.227.226
          		unknownJapan2527SO-NETSo-netEntertainmentCorporationJPfalse
          100.255.37.94
          		unknownUnited States
          		21928T-MOBILE-AS21928USfalse
          157.84.108.152
          		unknownUnited Kingdom
          		2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
          12.194.48.59
          		unknownUnited States
          		8030WORLDNET5-10USfalse
          243.114.242.49
          		unknownReserved
          		unknownunknownfalse
          18.207.133.64
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          216.47.150.29
          		unknownUnited States
          		29825IIT-NETWORK-ASUSfalse
          205.241.14.240
          		unknownUnited States
          		3364CSDCO-ASUSfalse
          208.1.146.46
          		unknownUnited States
          		1239SPRINTLINKUSfalse
          150.121.57.75
          		unknownChina
          		4152USDA-1USfalse
          198.123.247.37
          		unknownUnited States
          		297AS297USfalse
          126.149.55.110
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          178.40.197.80
          		unknownSlovakia (SLOVAK Republic)
          		6855SK-TELEKOMSKfalse
          124.80.10.191
          		unknownKorea Republic of
          		17849GINAMHANVIT-AS-KRTbroadGinamBroadcatingCoLtdKRfalse
          118.16.102.230
          		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
          102.21.168.170
          		unknownunknown
          		37054Telecom-MalagasyMGfalse
          18.19.210.92
          		unknownUnited States
          		3MIT-GATEWAYSUSfalse
          136.161.34.87
          		unknownUnited States
          		174COGENT-174USfalse
          209.86.96.6
          		unknownUnited States
          		7029WINDSTREAMUSfalse
          76.204.63.38
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          167.246.237.231
          		unknownUnited States
          		22808RESOURCES-22808USfalse
          87.233.230.44
          		unknownNetherlands
          		15703TRUESERVER-ASTrueServerBVASnumberNLfalse
          125.191.73.184
          		unknownKorea Republic of
          		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
          213.196.132.238
          		unknownSwitzerland
          		21040DATAPARKCHfalse
          106.105.86.49
          		unknownTaiwan; Republic of China (ROC)
          		18049TINP-TWTaiwanInfrastructureNetworkTechnologieTWfalse
          61.196.242.205
          		unknownJapan4725ODNSoftBankMobileCorpJPfalse
          53.200.167.39
          		unknownGermany
          		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
          185.105.253.172
          		unknownGermany
          		8648KAMP-DEfalse
          178.92.173.150
          		unknownUkraine
          		6849UKRTELNETUAfalse
          66.135.90.230
          		unknownUnited States
          		18897MONTANA-SKY-NETWORKS-INCUSfalse
          198.250.182.80
          		unknownUnited States
          		5972DNIC-ASBLK-05800-06055USfalse
          121.11.16.205
          		unknownChina
          		58543CHINATELECOM-GUANGDONG-IDCGuangdongCNfalse
          108.17.85.12
          		unknownUnited States
          		701UUNETUSfalse
          218.226.230.161
          		unknownJapan2510INFOWEBFUJITSULIMITEDJPfalse
          95.151.243.73
          		unknownUnited Kingdom
          		12576EELtdGBfalse
          213.52.157.157
          		unknownUnited Kingdom
          		15830EQUINIX-CONNECT-EMEAGBfalse
          71.93.42.159
          		unknownUnited States
          		20115CHARTER-20115USfalse
          12.183.68.128
          		unknownUnited States
          		7018ATT-INTERNET4USfalse
          82.201.225.33
          		unknownEgypt
          		24863LINKdotNET-ASEGfalse
          253.111.226.250
          		unknownReserved
          		unknownunknownfalse
          208.127.35.15
          		unknownUnited States
          		396982GOOGLE-PRIVATE-CLOUDUSfalse
          202.19.217.219
          		unknownJapan7687D-CRUISENETTOYOTADIGITALCRUISEINCORPORATEDJPfalse
          248.111.220.133
          		unknownReserved
          		unknownunknownfalse
          255.187.189.150
          		unknownReserved
          		unknownunknownfalse
          8.120.227.187
          		unknownUnited States
          		3356LEVEL3USfalse
          208.20.200.163
          		unknownUnited States
          		1239SPRINTLINKUSfalse
          252.17.232.26
          		unknownReserved
          		unknownunknownfalse
          255.148.57.201
          		unknownReserved
          		unknownunknownfalse
          211.182.181.20
          		unknownKorea Republic of
          		9706PETISNET-ASBUSANEDUCATIONRESEARCHINFORMATIONCENTERKRfalse
          119.28.5.218
          		unknownChina
          		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
          81.130.63.147
          		unknownUnited Kingdom
          		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
          84.229.162.133
          		unknownIsrael
          		9116GOLDENLINES-ASNPartnerCommunicationsMainAutonomousSystefalse
          44.67.141.103
          		unknownUnited States
          		7377UCSDUSfalse
          124.132.61.141
          		unknownChina
          		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
          92.245.158.205
          		unknownFrance
          		48072ALSATIS-ASalsatiswispnetworkASFRfalse
          101.228.227.52
          		unknownChina
          		4812CHINANET-SH-APChinaTelecomGroupCNfalse
          178.91.19.61
          		unknownKazakhstan
          		9198KAZTELECOM-ASKZfalse
          123.151.171.62
          		unknownChina
          		17638CHINATELECOM-TJ-AS-APASNforTIANJINProvincialNetofCTfalse
          190.4.170.147
          		unknownCuracao
          		11081UnitedTelecommunicationServicesUTSCWfalse
          200.244.158.139
          		unknownBrazil
          		4230CLAROSABRfalse
          173.42.243.212
          		unknownUnited States
          		812ROGERS-COMMUNICATIONSCAfalse
          72.144.232.184
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          196.224.103.42
          		unknownTunisia
          		37492ORANGE-TNfalse
          222.84.82.184
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          27.0.126.86
          		unknownBangladesh
          		10113EFTEL-AS-APEftelLimitedAUfalse
          244.69.9.240
          		unknownReserved
          		unknownunknownfalse
          206.130.80.187
          		unknownCanada
          		5690VIANET-NOCAfalse
          186.81.231.104
          		unknownColombia
          		10620TelmexColombiaSACOfalse
          105.88.195.67
          		unknownEgypt
          		36992ETISALAT-MISREGfalse
          125.129.129.79
          		unknownKorea Republic of
          		4766KIXS-AS-KRKoreaTelecomKRfalse
          167.199.163.161
          		unknownUnited States
          		2897GEORGIA-1USfalse
          60.106.72.186
          		unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
          183.33.114.154
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          178.66.27.22
          		unknownRussian Federation
          		12389ROSTELECOM-ASRUfalse
          78.177.213.154
          		unknownTurkey
          		9121TTNETTRfalse
          151.14.245.144
          		unknownItaly
          		1267ASN-WINDTREIUNETEUfalse
          176.67.118.123
          		unknownPalestinian Territory Occupied
          		51407MADA-ASPSfalse
          125.251.7.45
          		unknownKorea Republic of
          		38394GOESN-AS-KRGyeonggidoSeongnamOfficeofEducationKRfalse
          24.1.63.186
          		unknownUnited States
          		7922COMCAST-7922USfalse
          152.129.212.83
          		unknownUnited States
          		6400CompaniaDominicanadeTelefonosSADOfalse
          192.224.153.94
          		unknownUnited States
          		1659ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationCfalse
          108.229.79.74
          		unknownUnited States
          		36351SOFTLAYERUSfalse
          144.87.113.133
          		unknownUnited Kingdom
          		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
          172.222.135.80
          		unknownUnited States
          		20115CHARTER-20115USfalse
          125.51.29.229
          		unknownJapan2516KDDIKDDICORPORATIONJPfalse
          141.113.207.11
          		unknownGermany
          		31399DAIMLER-ASITIGNGlobalNetworkDEfalse
          222.209.178.155
          		unknownChina
          		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
          150.124.136.6
          		unknownUnited States
          		3955WANG-US-1USfalse
          73.211.142.138
          		unknownUnited States
          		7922COMCAST-7922USfalse
          200.95.68.54
          		unknownMexico
          		8151UninetSAdeCVMXfalse
          185.50.154.101
          		unknownUnited Kingdom
          		50203UK-REYNOLDS-ASNGBfalse
          181.166.184.202
          		unknownArgentina
          		10318TelecomArgentinaSAARfalse
          17.230.241.199
          		unknownUnited States
          		714APPLE-ENGINEERINGUSfalse
          181.163.84.100
          		unknownChile
          		7418TELEFONICACHILESACLfalse
          118.177.65.107
          		unknownJapan9595XEPHIONNTT-MECorporationJPfalse
          202.210.131.217
          		unknownJapan4686BEKKOAMEBEKKOAMEINTERNETINCJPfalse
          76.108.80.243
          		unknownUnited States
          		7922COMCAST-7922USfalse
          59.255.163.36
          		unknownChina
          		37937CNNIC-EGOVNET-APChinaeGovNetInformationCenterCNfalse
          39.231.53.6
          		unknownIndonesia
          		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
          Entropy (8bit):7.942575235501028
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:I95q6K4AMy
          File size:27336
          MD5:a1d40f8e8634726af705363d1ce318e3
          SHA1:a23ea7dbd1ae980ef1860db2004a64c0c20753c3
          SHA256:d80ab5938a57dfbf5db4f294b4c4123320df3aad659c44683438dd4ac2553779
          SHA512:bf8a8a6a879fef0c193409f066d30e89377a79e626257aa0145d7b2334af84f673113fe7fe69a58585972ae9374a8650d24da6693af3bd6b57d037c07f650529
          SSDEEP:768:e1qDK6vmLcPO7av6T7qY+U1iL5+4UYLqKs3Uozy:/JF9CT7vniL5jUigzy
          TLSH:33C2D032B4636DF4C6B0193A7FDDC5C47D2FD2B1E6BA36B2271809E86C46442A1B174B
          File Content Preview:.ELF...a..........(.....0...4...........4. ...(......................i...i..............x...x...x...................Q.td............................s.y.UPX!....................S..........?.E.h;.}...^..........e.l..DU[j..........2d..d3.....l5.9\.wa.Q..E.&.

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:ARM
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:ARM - ABI
          ABI Version:0
          Entry Point Address:0xd830
          Flags:0x202
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:0
          Section Header Size:40
          Number of Section Headers:0
          Header String Table Index:0

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x80000x80000x69df0x69df7.94590x5R E0x8000
          LOAD0x15780x215780x215780x00x00.00000x6RW 0x8000
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 8, 2022 23:40:54.326080084 CEST42836443192.168.2.2391.189.91.43
          Aug 8, 2022 23:40:54.735745907 CEST356861312192.168.2.23208.67.106.33
          Aug 8, 2022 23:40:54.750746965 CEST4780623192.168.2.23110.194.38.61
          Aug 8, 2022 23:40:54.750838041 CEST4780623192.168.2.23141.127.218.63
          Aug 8, 2022 23:40:54.750863075 CEST4780623192.168.2.2394.88.27.251
          Aug 8, 2022 23:40:54.750869036 CEST4780623192.168.2.23106.203.200.61
          Aug 8, 2022 23:40:54.750869989 CEST4780623192.168.2.23114.17.203.192
          Aug 8, 2022 23:40:54.750904083 CEST4780623192.168.2.2338.57.217.229
          Aug 8, 2022 23:40:54.750921011 CEST4780623192.168.2.23153.78.89.12
          Aug 8, 2022 23:40:54.750962019 CEST4780623192.168.2.231.47.32.59
          Aug 8, 2022 23:40:54.750974894 CEST4780623192.168.2.23179.186.168.152
          Aug 8, 2022 23:40:54.750986099 CEST4780623192.168.2.23171.78.58.54
          Aug 8, 2022 23:40:54.750998020 CEST4780623192.168.2.23250.236.223.63
          Aug 8, 2022 23:40:54.751008034 CEST4780623192.168.2.2317.112.238.246
          Aug 8, 2022 23:40:54.751008987 CEST4780623192.168.2.2327.59.31.253
          Aug 8, 2022 23:40:54.751032114 CEST4780623192.168.2.2336.162.42.11
          Aug 8, 2022 23:40:54.751032114 CEST4780623192.168.2.23179.25.60.109
          Aug 8, 2022 23:40:54.751038074 CEST4780623192.168.2.23116.212.95.34
          Aug 8, 2022 23:40:54.751053095 CEST4780623192.168.2.238.180.102.132
          Aug 8, 2022 23:40:54.751055002 CEST4780623192.168.2.23185.75.4.33
          Aug 8, 2022 23:40:54.751061916 CEST4780623192.168.2.234.33.224.196
          Aug 8, 2022 23:40:54.751084089 CEST4780623192.168.2.2392.201.31.30
          Aug 8, 2022 23:40:54.751091003 CEST4780623192.168.2.23101.27.255.246
          Aug 8, 2022 23:40:54.751118898 CEST4780623192.168.2.23103.87.102.3
          Aug 8, 2022 23:40:54.751228094 CEST4780623192.168.2.2359.110.7.186
          Aug 8, 2022 23:40:54.751230001 CEST4780623192.168.2.23123.105.11.194
          Aug 8, 2022 23:40:54.751230955 CEST4780623192.168.2.23105.215.4.48
          Aug 8, 2022 23:40:54.751231909 CEST4780623192.168.2.23153.199.179.59
          Aug 8, 2022 23:40:54.751231909 CEST4780623192.168.2.2323.45.181.106
          Aug 8, 2022 23:40:54.751244068 CEST4780623192.168.2.23161.208.187.67
          Aug 8, 2022 23:40:54.751254082 CEST4780623192.168.2.23203.187.7.96
          Aug 8, 2022 23:40:54.751256943 CEST4780623192.168.2.23150.86.27.22
          Aug 8, 2022 23:40:54.751260996 CEST4780623192.168.2.23119.209.58.85
          Aug 8, 2022 23:40:54.751266956 CEST4780623192.168.2.23143.34.42.88
          Aug 8, 2022 23:40:54.751271009 CEST4780623192.168.2.23251.61.108.103
          Aug 8, 2022 23:40:54.751271963 CEST4780623192.168.2.2399.41.77.21
          Aug 8, 2022 23:40:54.751274109 CEST4780623192.168.2.23216.92.163.195
          Aug 8, 2022 23:40:54.751277924 CEST4780623192.168.2.2391.150.149.218
          Aug 8, 2022 23:40:54.751279116 CEST4780623192.168.2.23109.150.76.180
          Aug 8, 2022 23:40:54.751282930 CEST4780623192.168.2.23102.111.62.60
          Aug 8, 2022 23:40:54.751285076 CEST4780623192.168.2.23183.182.176.202
          Aug 8, 2022 23:40:54.751287937 CEST4780623192.168.2.23135.6.126.193
          Aug 8, 2022 23:40:54.751298904 CEST4780623192.168.2.23181.50.40.115
          Aug 8, 2022 23:40:54.751302004 CEST4780623192.168.2.23166.245.177.209
          Aug 8, 2022 23:40:54.751310110 CEST4780623192.168.2.23151.57.57.176
          Aug 8, 2022 23:40:54.751316071 CEST4780623192.168.2.2399.122.196.220
          Aug 8, 2022 23:40:54.751321077 CEST4780623192.168.2.2343.48.62.31
          Aug 8, 2022 23:40:54.751324892 CEST4780623192.168.2.2373.123.13.47
          Aug 8, 2022 23:40:54.751326084 CEST4780623192.168.2.23170.187.173.4
          Aug 8, 2022 23:40:54.751332998 CEST4780623192.168.2.23101.1.71.169
          Aug 8, 2022 23:40:54.751338005 CEST4780623192.168.2.23249.12.95.5
          Aug 8, 2022 23:40:54.751343966 CEST4780623192.168.2.23212.47.95.98
          Aug 8, 2022 23:40:54.751368046 CEST4780623192.168.2.2377.141.96.140
          Aug 8, 2022 23:40:54.751384020 CEST4780623192.168.2.23150.242.141.15
          Aug 8, 2022 23:40:54.751385927 CEST4780623192.168.2.23220.155.217.24
          Aug 8, 2022 23:40:54.751388073 CEST4780623192.168.2.23217.243.229.147
          Aug 8, 2022 23:40:54.751409054 CEST4780623192.168.2.23223.199.183.212
          Aug 8, 2022 23:40:54.751413107 CEST4780623192.168.2.2338.211.101.194
          Aug 8, 2022 23:40:54.751415968 CEST4780623192.168.2.23181.14.160.98
          Aug 8, 2022 23:40:54.751425982 CEST4780623192.168.2.2382.235.164.174
          Aug 8, 2022 23:40:54.751440048 CEST4780623192.168.2.2367.102.29.117
          Aug 8, 2022 23:40:54.751441956 CEST4780623192.168.2.23170.130.252.2
          Aug 8, 2022 23:40:54.751445055 CEST4780623192.168.2.2381.253.40.174
          Aug 8, 2022 23:40:54.751463890 CEST4780623192.168.2.2384.195.74.163
          Aug 8, 2022 23:40:54.751467943 CEST4780623192.168.2.23110.91.164.184
          Aug 8, 2022 23:40:54.751471043 CEST4780623192.168.2.2335.48.210.105
          Aug 8, 2022 23:40:54.751476049 CEST4780623192.168.2.2399.13.67.22
          Aug 8, 2022 23:40:54.751492023 CEST4780623192.168.2.23143.40.91.44
          Aug 8, 2022 23:40:54.751493931 CEST4780623192.168.2.23142.53.29.35
          Aug 8, 2022 23:40:54.751504898 CEST4780623192.168.2.23155.111.115.229
          Aug 8, 2022 23:40:54.751517057 CEST4780623192.168.2.23193.231.74.57
          Aug 8, 2022 23:40:54.751522064 CEST4780623192.168.2.23251.161.4.19
          Aug 8, 2022 23:40:54.751549006 CEST4780623192.168.2.23191.233.22.91
          Aug 8, 2022 23:40:54.751549959 CEST4780623192.168.2.23199.116.187.18
          Aug 8, 2022 23:40:54.751597881 CEST4780623192.168.2.2314.184.176.160
          Aug 8, 2022 23:40:54.751601934 CEST4780623192.168.2.23245.16.210.246
          Aug 8, 2022 23:40:54.751610994 CEST4780623192.168.2.23204.208.188.203
          Aug 8, 2022 23:40:54.751621962 CEST4780623192.168.2.2368.218.90.225
          Aug 8, 2022 23:40:54.751652956 CEST4780623192.168.2.23207.153.17.58
          Aug 8, 2022 23:40:54.751661062 CEST4780623192.168.2.2375.164.255.212
          Aug 8, 2022 23:40:54.751671076 CEST4780623192.168.2.2343.173.202.69
          Aug 8, 2022 23:40:54.751694918 CEST4780623192.168.2.2379.71.240.131
          Aug 8, 2022 23:40:54.751698017 CEST4780623192.168.2.23252.254.19.3
          Aug 8, 2022 23:40:54.751698017 CEST4780623192.168.2.23149.108.240.81
          Aug 8, 2022 23:40:54.751702070 CEST4780623192.168.2.2358.74.135.10
          Aug 8, 2022 23:40:54.751705885 CEST4780623192.168.2.2398.35.81.60
          Aug 8, 2022 23:40:54.751729965 CEST4780623192.168.2.23142.39.192.205
          Aug 8, 2022 23:40:54.751735926 CEST4780623192.168.2.2334.175.12.47
          Aug 8, 2022 23:40:54.751746893 CEST4780623192.168.2.2373.23.159.99
          Aug 8, 2022 23:40:54.751753092 CEST4780623192.168.2.23151.28.195.147
          Aug 8, 2022 23:40:54.751753092 CEST4780623192.168.2.2331.23.116.40
          Aug 8, 2022 23:40:54.751761913 CEST4780623192.168.2.23188.191.26.115
          Aug 8, 2022 23:40:54.751764059 CEST4780623192.168.2.23216.151.65.156
          Aug 8, 2022 23:40:54.751766920 CEST4780623192.168.2.23101.9.95.17
          Aug 8, 2022 23:40:54.751771927 CEST4780623192.168.2.2370.12.192.177
          Aug 8, 2022 23:40:54.751791000 CEST4780623192.168.2.2398.187.52.148
          Aug 8, 2022 23:40:54.751810074 CEST4780623192.168.2.2365.67.27.185
          Aug 8, 2022 23:40:54.751816034 CEST4780623192.168.2.2380.189.49.185
          Aug 8, 2022 23:40:54.751844883 CEST4780623192.168.2.2319.75.4.152
          Aug 8, 2022 23:40:54.751858950 CEST4780623192.168.2.2344.0.205.152

          System Behavior

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:/tmp/I95q6K4AMy
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:49
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:49
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:43:44
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

          General

          Start time:23:40:53
          Start date:08/08/2022
          Path:/tmp/I95q6K4AMy
          Arguments:n/a
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1