Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
sora.x86.elf

Overview

General Information

Sample Name:sora.x86.elf
Analysis ID:831207
MD5:ed1472168cdeb8c93dd3f03c3c8fdba8
SHA1:647657a97916d4db8ade0115a6fb5b3de3c02f77
SHA256:17492e1447ec32d450601db269a687e058fab102b0bd35763e93483c755921cd
Tags:elfmirai
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Yara signature match
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:831207
Start date and time:2023-03-21 09:35:09 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 41s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:sora.x86.elf
Detection:MAL
Classification:mal80.troj.evad.linELF@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/sora.x86.elf
PID:6222
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Connected To CNC
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    6316.1.0000000008048000.0000000008057000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6316.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xd2a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd2f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd304:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd318:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd32c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd340:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd354:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd368:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd37c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd390:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd3f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd408:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd41c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xd430:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6316.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xd7f8:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      6316.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x5710:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      6316.1.0000000008048000.0000000008057000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
      • 0xa482:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
      Click to see the 67 entries

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: sora.x86.elfReversingLabs: Detection: 69%
      Source: sora.x86.elfVirustotal: Detection: 58%Perma Link

      Networking

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56422
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56440
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56448
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56450
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56456
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56458
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56460
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56462
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56464
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56462
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56466
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51572
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51588
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51612
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51628
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51632
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51642
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51654
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51662
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51668
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49566
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49570
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49572
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49574
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49578
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49580
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49582
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49586
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49590
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43136
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43150
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43156
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43162
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43232
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43238
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43242
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43258
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43274
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43300
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39466
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39508
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39514
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39524
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39544
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39570
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39584
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39598
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39602
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39622
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:37654 -> 46.3.197.29:1312
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 46.3.197.29
      Source: unknownTCP traffic detected without corresponding DNS query: 24.195.66.43
      Source: unknownTCP traffic detected without corresponding DNS query: 40.9.237.43
      Source: unknownTCP traffic detected without corresponding DNS query: 115.252.171.174
      Source: unknownTCP traffic detected without corresponding DNS query: 200.94.5.160
      Source: unknownTCP traffic detected without corresponding DNS query: 80.246.13.159
      Source: unknownTCP traffic detected without corresponding DNS query: 8.181.119.247
      Source: unknownTCP traffic detected without corresponding DNS query: 71.79.189.121
      Source: unknownTCP traffic detected without corresponding DNS query: 243.120.20.51
      Source: unknownTCP traffic detected without corresponding DNS query: 169.240.26.79
      Source: unknownTCP traffic detected without corresponding DNS query: 74.8.66.172
      Source: unknownTCP traffic detected without corresponding DNS query: 16.44.198.121
      Source: unknownTCP traffic detected without corresponding DNS query: 145.199.66.230
      Source: unknownTCP traffic detected without corresponding DNS query: 194.93.212.255
      Source: unknownTCP traffic detected without corresponding DNS query: 88.32.231.57
      Source: unknownTCP traffic detected without corresponding DNS query: 185.105.174.161
      Source: unknownTCP traffic detected without corresponding DNS query: 5.162.47.93
      Source: unknownTCP traffic detected without corresponding DNS query: 93.85.243.117
      Source: unknownTCP traffic detected without corresponding DNS query: 91.70.231.88
      Source: unknownTCP traffic detected without corresponding DNS query: 221.14.68.227
      Source: unknownTCP traffic detected without corresponding DNS query: 48.179.21.219
      Source: unknownTCP traffic detected without corresponding DNS query: 61.138.53.131
      Source: unknownTCP traffic detected without corresponding DNS query: 159.193.200.64
      Source: unknownTCP traffic detected without corresponding DNS query: 241.134.182.79
      Source: unknownTCP traffic detected without corresponding DNS query: 98.205.95.2
      Source: unknownTCP traffic detected without corresponding DNS query: 47.229.140.94
      Source: unknownTCP traffic detected without corresponding DNS query: 209.195.177.186
      Source: unknownTCP traffic detected without corresponding DNS query: 16.124.55.24
      Source: unknownTCP traffic detected without corresponding DNS query: 117.111.95.152
      Source: unknownTCP traffic detected without corresponding DNS query: 124.81.139.215
      Source: unknownTCP traffic detected without corresponding DNS query: 82.217.39.130
      Source: unknownTCP traffic detected without corresponding DNS query: 5.230.163.179
      Source: unknownTCP traffic detected without corresponding DNS query: 31.30.49.195
      Source: unknownTCP traffic detected without corresponding DNS query: 84.122.220.136
      Source: unknownTCP traffic detected without corresponding DNS query: 167.136.25.35
      Source: unknownTCP traffic detected without corresponding DNS query: 32.195.164.204
      Source: unknownTCP traffic detected without corresponding DNS query: 34.66.15.115
      Source: unknownTCP traffic detected without corresponding DNS query: 106.50.138.199
      Source: unknownTCP traffic detected without corresponding DNS query: 240.221.19.150
      Source: unknownTCP traffic detected without corresponding DNS query: 183.45.22.130
      Source: unknownTCP traffic detected without corresponding DNS query: 174.46.26.37
      Source: unknownTCP traffic detected without corresponding DNS query: 154.21.189.208
      Source: unknownTCP traffic detected without corresponding DNS query: 31.109.96.72
      Source: unknownTCP traffic detected without corresponding DNS query: 104.183.135.60
      Source: unknownTCP traffic detected without corresponding DNS query: 12.89.41.164
      Source: unknownTCP traffic detected without corresponding DNS query: 203.48.122.82
      Source: unknownTCP traffic detected without corresponding DNS query: 250.49.137.203
      Source: unknownTCP traffic detected without corresponding DNS query: 57.174.2.110
      Source: unknownTCP traffic detected without corresponding DNS query: 206.106.47.180
      Source: unknownTCP traffic detected without corresponding DNS query: 53.184.45.203
      Source: sora.x86.elfString found in binary or memory: http://upx.sf.net

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: LOAD without section mappingsProgram segment: 0xc01000
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: /tmp/sora.x86.elf (PID: 6224)SIGKILL sent: pid: 936, result: successful
      Source: /tmp/sora.x86.elf (PID: 6227)SIGKILL sent: pid: 936, result: successful
      Source: classification engineClassification label: mal80.troj.evad.linELF@0/0@0/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/491/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/793/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/772/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/796/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/774/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/797/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/777/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/799/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/658/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/912/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/759/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/936/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/918/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/6224/exe
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/1/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/761/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/785/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/884/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/720/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/721/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/788/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/789/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/800/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/801/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/847/fd
      Source: /tmp/sora.x86.elf (PID: 6224)File opened: /proc/904/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/491/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/793/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/772/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/796/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/774/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/797/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/777/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/799/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/6227/exe
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/658/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/912/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/759/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/936/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/918/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/1/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/761/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/785/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/884/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/720/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/721/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/788/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/789/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/800/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/801/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/847/fd
      Source: /tmp/sora.x86.elf (PID: 6227)File opened: /proc/904/fd

      Hooking and other Techniques for Hiding and Protection

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56422
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56440
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56448
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56450
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56456
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56458
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56460
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56462
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56464
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56462
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56466
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51572
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51588
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51612
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51628
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51632
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51642
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51654
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51662
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51668
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49566
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49570
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49572
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49574
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49578
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49580
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49582
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49586
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49590
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 49592
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43136
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43150
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43156
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43162
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43232
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43238
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43242
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43258
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43274
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 43300
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39466
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39508
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39514
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39524
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39544
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39570
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39584
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39598
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39602
      Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 39622
      Source: sora.x86.elfSubmission file: segment LOAD with 7.874 entropy (max. 8.0)

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: dump.pcap, type: PCAP

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 6316.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6222.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6321.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6317.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6326.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6228.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6224.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6225.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: dump.pcap, type: PCAP

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
      Obfuscated Files or Information      		1
      OS Credential Dumping      		System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
      Non-Standard Port      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
      Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 831207 Sample: sora.x86.elf Startdate: 21/03/2023 Architecture: LINUX Score: 80 42 66.238.202.135 XO-AS15US United States 2->42 44 103.203.129.245 WISTRONWistronCorporationTW China 2->44 46 98 other IPs or domains 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 2 other signatures 2->54 10 sora.x86.elf 2->10         started        signatures3 process4 process5 12 sora.x86.elf 10->12         started        14 sora.x86.elf 10->14         started        16 sora.x86.elf 10->16         started        process6 18 sora.x86.elf 12->18         started        20 sora.x86.elf 12->20         started        22 sora.x86.elf 14->22         started        24 sora.x86.elf 14->24         started        26 sora.x86.elf 14->26         started        process7 28 sora.x86.elf 18->28         started        30 sora.x86.elf 18->30         started        32 sora.x86.elf 18->32         started        34 sora.x86.elf 22->34         started        36 sora.x86.elf 22->36         started        process8 38 sora.x86.elf 28->38         started        40 sora.x86.elf 28->40         started       

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      sora.x86.elf69%ReversingLabsLinux.Trojan.Mirai
      sora.x86.elf58%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netsora.x86.elffalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        178.81.141.6
        		unknownSaudi Arabia
        		35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
        41.163.216.179
        		unknownSouth Africa
        		36937Neotel-ASZAfalse
        176.136.170.99
        		unknownFrance
        		5410BOUYGTEL-ISPFRfalse
        250.135.211.9
        		unknownReserved
        		unknownunknownfalse
        48.10.80.145
        		unknownUnited States
        		2686ATGS-MMD-ASUSfalse
        177.110.72.108
        		unknownBrazil
        		26615TIMSABRfalse
        243.144.74.220
        		unknownReserved
        		unknownunknownfalse
        106.129.53.72
        		unknownJapan2516KDDIKDDICORPORATIONJPfalse
        222.12.163.124
        		unknownJapan2516KDDIKDDICORPORATIONJPfalse
        70.89.111.222
        		unknownUnited States
        		7922COMCAST-7922USfalse
        38.71.40.64
        		unknownUnited States
        		39988INTELLIGENT-TECHNOLOGY-SOLUTIONSUSfalse
        105.217.152.42
        		unknownSouth Africa
        		16637MTNNS-ASZAfalse
        157.15.9.149
        		unknownunknown
        		2512TCP-NETTCPIncJPfalse
        201.43.167.94
        		unknownBrazil
        		27699TELEFONICABRASILSABRfalse
        188.67.250.32
        		unknownFinland
        		16086DNAFIfalse
        151.219.242.165
        		unknownunknown
        		11003PANDGUSfalse
        92.150.193.36
        		unknownFrance
        		3215FranceTelecom-OrangeFRfalse
        23.161.244.109
        		unknownReserved
        		19575ISPNETUSfalse
        38.54.7.61
        		unknownUnited States
        		174COGENT-174USfalse
        142.106.230.185
        		unknownCanada
        		808GONET-ASN-1CAfalse
        5.73.143.151
        		unknownIran (ISLAMIC Republic Of)
        		57218RIGHTELIRfalse
        118.16.75.14
        		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
        247.179.52.153
        		unknownReserved
        		unknownunknownfalse
        194.73.176.86
        		unknownUnited Kingdom
        		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
        8.112.113.215
        		unknownUnited States
        		3356LEVEL3USfalse
        101.201.216.175
        		unknownChina
        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
        57.86.163.61
        		unknownBelgium
        		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
        170.201.22.99
        		unknownUnited States
        		10995PNCBANKUSfalse
        92.111.42.8
        		unknownNetherlands
        		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
        23.1.146.96
        		unknownUnited States
        		6762SEABONE-NETTELECOMITALIASPARKLESpAITfalse
        39.192.61.38
        		unknownIndonesia
        		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
        101.172.43.74
        		unknownAustralia
        		1221ASN-TELSTRATelstraCorporationLtdAUfalse
        38.0.95.145
        		unknownUnited States
        		174COGENT-174USfalse
        34.199.228.243
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        91.178.248.238
        		unknownBelgium
        		5432PROXIMUS-ISP-ASBEfalse
        36.194.65.150
        		unknownChina
        		24138CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
        23.21.46.155
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        116.40.18.47
        		unknownKorea Republic of
        		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
        194.218.130.135
        		unknownSweden
        		3301TELIANET-SWEDENTeliaCompanySEfalse
        24.95.80.235
        		unknownUnited States
        		10796TWC-10796-MIDWESTUSfalse
        110.170.33.208
        		unknownThailand
        		7470TRUEINTERNET-AS-APTRUEINTERNETCoLtdTHfalse
        251.188.124.217
        		unknownReserved
        		unknownunknownfalse
        103.133.113.47
        		unknownIndia
        		138310JUBILANT-ASJubilantFoodworksLimitedINfalse
        44.53.238.50
        		unknownUnited States
        		7377UCSDUSfalse
        114.133.53.33
        		unknownMalaysia
        		56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
        68.54.35.223
        		unknownUnited States
        		7922COMCAST-7922USfalse
        174.140.121.36
        		unknownUnited States
        		11776ATLANTICBB-JOHNSTOWNUSfalse
        223.248.70.160
        		unknownChina
        		9812CNNIC-CN-COLNETOrientalCableNetworkCoLtdCNfalse
        189.86.165.247
        		unknownBrazil
        		4230CLAROSABRfalse
        206.60.118.7
        		unknownUnited States
        		8014BATELNETBSfalse
        19.94.4.107
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        176.65.3.11
        		unknownPalestinian Territory Occupied
        		12975PALTEL-ASPALTELAutonomousSystemPSfalse
        19.1.83.123
        		unknownUnited States
        		3MIT-GATEWAYSUSfalse
        143.39.115.88
        		unknownUnited States
        		11003PANDGUSfalse
        75.9.72.27
        		unknownUnited States
        		7018ATT-INTERNET4USfalse
        150.29.19.108
        		unknownJapan23793AISTNationalInstituteofAdvancedIndustrialScienceandTfalse
        84.188.59.211
        		unknownGermany
        		3320DTAGInternetserviceprovideroperationsDEfalse
        145.197.157.97
        		unknownNetherlands
        		1101IP-EEND-ASIP-EENDBVNLfalse
        78.165.175.187
        		unknownTurkey
        		9121TTNETTRfalse
        103.203.129.245
        		unknownChina
        		131599WISTRONWistronCorporationTWfalse
        155.154.166.84
        		unknownUnited States
        		1488DNIC-ASBLK-01488-01489USfalse
        255.146.64.5
        		unknownReserved
        		unknownunknownfalse
        181.52.29.241
        		unknownColombia
        		10620TelmexColombiaSACOfalse
        58.178.161.35
        		unknownAustralia
        		9443VOCUS-RETAIL-AUVocusRetailAUfalse
        75.146.144.230
        		unknownUnited States
        		7922COMCAST-7922USfalse
        254.14.158.74
        		unknownReserved
        		unknownunknownfalse
        72.152.89.188
        		unknownUnited States
        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        38.89.204.125
        		unknownUnited States
        		174COGENT-174USfalse
        152.248.210.113
        		unknownBrazil
        		26599TELEFONICABRASILSABRfalse
        98.243.159.97
        		unknownUnited States
        		7922COMCAST-7922USfalse
        97.195.200.70
        		unknownUnited States
        		6167CELLCO-PARTUSfalse
        2.203.197.72
        		unknownGermany
        		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
        143.16.24.77
        		unknownUnited States
        		264008LANCAMANTOANISERVICOSDEINFORMATICALTDA-MEBRfalse
        244.239.113.91
        		unknownReserved
        		unknownunknownfalse
        150.108.123.75
        		unknownUnited States
        		32531FORDHAM-UNIVERSITYUSfalse
        147.134.215.195
        		unknownUnited States
        		30569CREIGHTON-ASUSfalse
        168.241.199.152
        		unknownUnited States
        		21943ASN-ITG-072618USfalse
        13.107.141.165
        		unknownUnited States
        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        203.226.15.246
        		unknownKorea Republic of
        		45385DAELIMDAELIMCorporationKRfalse
        70.45.115.227
        		unknownPuerto Rico
        		14638LCPRLUSfalse
        145.240.163.248
        		unknownFrance
        		1101IP-EEND-ASIP-EENDBVNLfalse
        253.45.18.214
        		unknownReserved
        		unknownunknownfalse
        82.127.24.59
        		unknownFrance
        		3215FranceTelecom-OrangeFRfalse
        249.181.214.51
        		unknownReserved
        		unknownunknownfalse
        185.220.10.223
        		unknownSpain
        		205390TECTIQOM-ASDEfalse
        90.126.139.54
        		unknownFrance
        		3215FranceTelecom-OrangeFRfalse
        251.214.54.12
        		unknownReserved
        		unknownunknownfalse
        254.194.255.52
        		unknownReserved
        		unknownunknownfalse
        38.229.203.83
        		unknownUnited States
        		23028TEAM-CYMRUUSfalse
        213.33.211.152
        		unknownRussian Federation
        		3216SOVAM-ASRUfalse
        203.228.150.224
        		unknownKorea Republic of
        		4664HIT-KR-APShinbiroKRfalse
        145.103.13.187
        		unknownNetherlands
        		1103SURFNET-NLSURFnetTheNetherlandsNLfalse
        125.252.63.134
        		unknownKorea Republic of
        		17608ABN-AS-KRABNKRfalse
        157.190.234.164
        		unknownIreland
        		1213HEANETIEfalse
        196.178.177.179
        		unknownTunisia
        		37693TUNISIANATNfalse
        166.242.49.101
        		unknownUnited States
        		6614USCC-ASNUSfalse
        253.196.194.66
        		unknownReserved
        		unknownunknownfalse
        66.238.202.135
        		unknownUnited States
        		2828XO-AS15USfalse
        210.37.185.91
        		unknownChina
        		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
        148.37.24.17
        		unknownUnited States
        		6400CompaniaDominicanadeTelefonosSADOfalse

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
        Entropy (8bit):7.869234697100542
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:sora.x86.elf
        File size:27704
        MD5:ed1472168cdeb8c93dd3f03c3c8fdba8
        SHA1:647657a97916d4db8ade0115a6fb5b3de3c02f77
        SHA256:17492e1447ec32d450601db269a687e058fab102b0bd35763e93483c755921cd
        SHA512:298f355d1a894695b13a11f0de55f56d90b9f98ea568e0f7de280ad9da8feba50af74abb3c5505479af99c8b6e617f933a5e08391b4e089c3dcc8e689708175f
        SSDEEP:384:MRG/9WXUx5+bkbRaliVErjrL9VD9jPwrSaf5cwd/DyZTYHHJC8oytPFnAqV/LlTf:/5+Kcrb9VDJeIwkTYTlPFnz/Qe
        TLSH:01C2E1A3A4E5CD15C863413B6F1F1AAB61386524134DEE1E323BEBDC63460B4A176DC7
        File Content Preview:.ELF....................@s..4...........4. ...(.....................;k..;k...................~...~..................Q.td................................UPX!........P...P......._........?d..ELF.......d.......4....4. (.......k.-.#. ......sw....$..w..\.\..A.

        Static ELF Info

        ELF header

        Class:
        Data:
        Version:
        Machine:
        Version Number:
        Type:
        OS/ABI:
        ABI Version:
        Entry Point Address:
        Flags:
        ELF Header Size:
        Program Header Offset:
        Program Header Size:
        Number of Program Headers:
        Section Header Offset:
        Section Header Size:
        Number of Section Headers:
        Header String Table Index:

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00xc010000xc010000x6b3b0x6b3b7.87400x5R E0x1000
        LOAD0xe800x8057e800x8057e800x00x00.00000x6RW 0x1000
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Mar 21, 2023 09:35:54.129697084 CET376541312192.168.2.2346.3.197.29
        Mar 21, 2023 09:35:54.129934072 CET5234423192.168.2.2324.195.66.43
        Mar 21, 2023 09:35:54.129940033 CET5234423192.168.2.2340.9.237.43
        Mar 21, 2023 09:35:54.129978895 CET5234423192.168.2.23115.252.171.174
        Mar 21, 2023 09:35:54.129978895 CET5234423192.168.2.2314.210.106.105
        Mar 21, 2023 09:35:54.129978895 CET5234423192.168.2.23200.94.5.160
        Mar 21, 2023 09:35:54.130017996 CET5234423192.168.2.2380.246.13.159
        Mar 21, 2023 09:35:54.130017996 CET5234423192.168.2.238.181.119.247
        Mar 21, 2023 09:35:54.130032063 CET5234423192.168.2.2371.79.189.121
        Mar 21, 2023 09:35:54.130054951 CET5234423192.168.2.23243.120.20.51
        Mar 21, 2023 09:35:54.130054951 CET5234423192.168.2.23169.240.26.79
        Mar 21, 2023 09:35:54.130069017 CET5234423192.168.2.2374.8.66.172
        Mar 21, 2023 09:35:54.130081892 CET5234423192.168.2.2316.44.198.121
        Mar 21, 2023 09:35:54.130086899 CET5234423192.168.2.23145.199.66.230
        Mar 21, 2023 09:35:54.130100965 CET5234423192.168.2.23194.93.212.255
        Mar 21, 2023 09:35:54.130140066 CET5234423192.168.2.2388.32.231.57
        Mar 21, 2023 09:35:54.130148888 CET5234423192.168.2.23185.105.174.161
        Mar 21, 2023 09:35:54.130177021 CET5234423192.168.2.235.162.47.93
        Mar 21, 2023 09:35:54.130177021 CET5234423192.168.2.2393.85.243.117
        Mar 21, 2023 09:35:54.130187988 CET5234423192.168.2.2391.70.231.88
        Mar 21, 2023 09:35:54.130208969 CET5234423192.168.2.23110.85.3.6
        Mar 21, 2023 09:35:54.130222082 CET5234423192.168.2.23221.14.68.227
        Mar 21, 2023 09:35:54.130222082 CET5234423192.168.2.2348.179.21.219
        Mar 21, 2023 09:35:54.130225897 CET5234423192.168.2.2361.138.53.131
        Mar 21, 2023 09:35:54.130229950 CET5234423192.168.2.23159.193.200.64
        Mar 21, 2023 09:35:54.130242109 CET5234423192.168.2.2340.141.10.55
        Mar 21, 2023 09:35:54.130250931 CET5234423192.168.2.23241.134.182.79
        Mar 21, 2023 09:35:54.130259991 CET5234423192.168.2.2398.205.95.2
        Mar 21, 2023 09:35:54.130259991 CET5234423192.168.2.2347.229.140.94
        Mar 21, 2023 09:35:54.130284071 CET5234423192.168.2.23209.195.177.186
        Mar 21, 2023 09:35:54.130284071 CET5234423192.168.2.2316.124.55.24
        Mar 21, 2023 09:35:54.130327940 CET5234423192.168.2.23117.111.95.152
        Mar 21, 2023 09:35:54.130346060 CET5234423192.168.2.23124.81.139.215
        Mar 21, 2023 09:35:54.130366087 CET5234423192.168.2.2382.217.39.130
        Mar 21, 2023 09:35:54.130366087 CET5234423192.168.2.235.230.163.179
        Mar 21, 2023 09:35:54.130367994 CET5234423192.168.2.23210.19.152.19
        Mar 21, 2023 09:35:54.130378008 CET5234423192.168.2.2331.30.49.195
        Mar 21, 2023 09:35:54.130389929 CET5234423192.168.2.2384.122.220.136
        Mar 21, 2023 09:35:54.130392075 CET5234423192.168.2.23167.136.25.35
        Mar 21, 2023 09:35:54.130400896 CET5234423192.168.2.2332.195.164.204
        Mar 21, 2023 09:35:54.130425930 CET5234423192.168.2.2334.66.15.115
        Mar 21, 2023 09:35:54.130425930 CET5234423192.168.2.23106.50.138.199
        Mar 21, 2023 09:35:54.130425930 CET5234423192.168.2.23240.221.19.150
        Mar 21, 2023 09:35:54.130429983 CET5234423192.168.2.23183.45.22.130
        Mar 21, 2023 09:35:54.130439043 CET5234423192.168.2.23174.46.26.37
        Mar 21, 2023 09:35:54.130450964 CET5234423192.168.2.23154.21.189.208
        Mar 21, 2023 09:35:54.130461931 CET5234423192.168.2.2331.109.96.72
        Mar 21, 2023 09:35:54.130461931 CET5234423192.168.2.23104.183.135.60
        Mar 21, 2023 09:35:54.130516052 CET5234423192.168.2.2312.89.41.164
        Mar 21, 2023 09:35:54.130525112 CET5234423192.168.2.23203.48.122.82
        Mar 21, 2023 09:35:54.130528927 CET5234423192.168.2.23250.49.137.203
        Mar 21, 2023 09:35:54.130549908 CET5234423192.168.2.2357.174.2.110
        Mar 21, 2023 09:35:54.130553007 CET5234423192.168.2.23206.106.47.180
        Mar 21, 2023 09:35:54.130553961 CET5234423192.168.2.2353.184.45.203
        Mar 21, 2023 09:35:54.130573034 CET5234423192.168.2.23213.131.28.73
        Mar 21, 2023 09:35:54.130579948 CET5234423192.168.2.23142.35.222.165
        Mar 21, 2023 09:35:54.130584002 CET5234423192.168.2.23192.65.164.111
        Mar 21, 2023 09:35:54.130604029 CET5234423192.168.2.239.201.37.252
        Mar 21, 2023 09:35:54.130614042 CET5234423192.168.2.23183.237.183.200
        Mar 21, 2023 09:35:54.130620956 CET5234423192.168.2.23154.119.137.142
        Mar 21, 2023 09:35:54.130620956 CET5234423192.168.2.2348.49.203.149
        Mar 21, 2023 09:35:54.130640984 CET5234423192.168.2.2379.98.234.143
        Mar 21, 2023 09:35:54.130641937 CET5234423192.168.2.23218.54.91.162
        Mar 21, 2023 09:35:54.130676985 CET5234423192.168.2.23253.132.99.169
        Mar 21, 2023 09:35:54.130712986 CET5234423192.168.2.23159.254.7.11
        Mar 21, 2023 09:35:54.130733967 CET5234423192.168.2.2380.154.59.166
        Mar 21, 2023 09:35:54.130737066 CET5234423192.168.2.23212.34.16.29
        Mar 21, 2023 09:35:54.130737066 CET5234423192.168.2.23218.182.63.229
        Mar 21, 2023 09:35:54.130742073 CET5234423192.168.2.23204.251.8.217
        Mar 21, 2023 09:35:54.130742073 CET5234423192.168.2.2377.253.138.173
        Mar 21, 2023 09:35:54.130742073 CET5234423192.168.2.2375.162.160.151
        Mar 21, 2023 09:35:54.130753994 CET5234423192.168.2.23193.57.119.15
        Mar 21, 2023 09:35:54.130795002 CET5234423192.168.2.23206.59.209.37
        Mar 21, 2023 09:35:54.130814075 CET5234423192.168.2.2384.176.208.6
        Mar 21, 2023 09:35:54.130820990 CET5234423192.168.2.23158.143.157.74
        Mar 21, 2023 09:35:54.130820990 CET5234423192.168.2.239.52.72.175
        Mar 21, 2023 09:35:54.130842924 CET5234423192.168.2.2382.168.172.245
        Mar 21, 2023 09:35:54.130851030 CET5234423192.168.2.23168.130.193.47
        Mar 21, 2023 09:35:54.130856037 CET5234423192.168.2.23149.32.75.87
        Mar 21, 2023 09:35:54.130865097 CET5234423192.168.2.235.148.95.103
        Mar 21, 2023 09:35:54.130876064 CET5234423192.168.2.23161.81.115.28
        Mar 21, 2023 09:35:54.130881071 CET5234423192.168.2.2359.208.222.18
        Mar 21, 2023 09:35:54.130898952 CET5234423192.168.2.23191.182.181.18
        Mar 21, 2023 09:35:54.130898952 CET5234423192.168.2.23173.111.252.171
        Mar 21, 2023 09:35:54.130908966 CET5234423192.168.2.23244.30.108.232
        Mar 21, 2023 09:35:54.130927086 CET5234423192.168.2.23126.219.31.214
        Mar 21, 2023 09:35:54.130928993 CET5234423192.168.2.23208.65.197.147
        Mar 21, 2023 09:35:54.130930901 CET5234423192.168.2.2336.51.163.151
        Mar 21, 2023 09:35:54.130954981 CET5234423192.168.2.23186.162.144.134
        Mar 21, 2023 09:35:54.130990982 CET5234423192.168.2.2336.139.246.201
        Mar 21, 2023 09:35:54.130995989 CET5234423192.168.2.23250.246.194.224
        Mar 21, 2023 09:35:54.131006002 CET5234423192.168.2.23180.159.87.207
        Mar 21, 2023 09:35:54.131015062 CET5234423192.168.2.23146.183.184.251
        Mar 21, 2023 09:35:54.131038904 CET5234423192.168.2.23105.10.17.22
        Mar 21, 2023 09:35:54.131038904 CET5234423192.168.2.23193.139.228.243
        Mar 21, 2023 09:35:54.131052971 CET5234423192.168.2.23212.150.75.76
        Mar 21, 2023 09:35:54.131072998 CET5234423192.168.2.23157.49.78.163
        Mar 21, 2023 09:35:54.131098986 CET5234423192.168.2.23171.56.82.99
        Mar 21, 2023 09:35:54.131098986 CET5234423192.168.2.2399.94.83.29
        Mar 21, 2023 09:35:54.133594036 CET5234423192.168.2.23107.92.122.79

        System Behavior

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:/tmp/sora.x86.elf
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:50
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:50
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:38:45
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8

        General

        Start time:09:35:53
        Start date:21/03/2023
        Path:/tmp/sora.x86.elf
        Arguments:n/a
        File size:27704 bytes
        MD5 hash:ed1472168cdeb8c93dd3f03c3c8fdba8