Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
oidpLRF3GS

Overview

General Information

Sample Name:oidpLRF3GS
Analysis ID:673717
MD5:d8e00c04f65a8389a3644c11af97d239
SHA1:ca8e5c86aca9e2e70652d4bf656191688578fb6f
SHA256:b84c1ce9ae5f44c366252f0157d4d877375e45b7750e2e27a57295873dc2bd2a
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:64
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
ELF contains segments with high entropy indicating compressed/encrypted content

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:35.0.0 Citrine
Analysis ID:673717
Start date and time: 26/07/202218:09:032022-07-26 18:09:03 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 44s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:oidpLRF3GS
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal64.spre.troj.evad.lin@0/0@0/0
Command:/tmp/oidpLRF3GS
PID:6221
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • oidpLRF3GS (PID: 6221, Parent: 6120, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/oidpLRF3GS
  • wrapper-2.0 (PID: 6234, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 6235, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 6236, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 6237, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
  • wrapper-2.0 (PID: 6238, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 6239, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • cleanup
SourceRuleDescriptionAuthorStrings
6226.1.00007f5d40017000.00007f5d40025000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    6227.1.00007f5d40017000.00007f5d40025000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6221.1.00007f5d40017000.00007f5d40025000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        No Snort rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: oidpLRF3GSVirustotal: Detection: 41%Perma Link
        Source: oidpLRF3GSReversingLabs: Detection: 42%
        Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
        Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
        Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
        Source: global trafficTCP traffic: 192.168.2.23:41418 -> 194.195.245.195:3778
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 194.195.245.195
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: oidpLRF3GSString found in binary or memory: http://upx.sf.net

        System Summary

        barindex
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2018, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2077, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2078, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2079, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2080, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2083, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2084, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2114, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2156, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6227, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6234, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6235, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6236, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6237, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6238, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6239, result: successfulJump to behavior
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2018, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2077, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2078, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2079, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2080, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2083, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2084, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2114, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 2156, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6227, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6234, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6235, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6236, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6237, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6238, result: successfulJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)SIGKILL sent: pid: 6239, result: successfulJump to behavior
        Source: classification engineClassification label: mal64.spre.troj.evad.lin@0/0@0/0

        Data Obfuscation

        barindex
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6230/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6234/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6236/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6235/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1582/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2033/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2275/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/3088/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1612/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1579/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1699/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1335/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1698/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2028/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1334/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1576/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2302/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/3236/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2025/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2146/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/910/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6227/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/912/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/517/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/759/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2307/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/918/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1594/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2285/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2281/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1349/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1623/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/761/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1622/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/884/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1983/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2038/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1344/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1465/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1586/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1463/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2156/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6238/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/801/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6237/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1629/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6239/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1627/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1900/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/3021/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/491/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2294/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2050/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1877/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/772/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1633/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1599/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1632/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/774/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1477/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/654/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/896/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1476/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1872/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2048/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/655/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1475/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2289/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/777/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/4466/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/4467/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/4468/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/4469/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/4502/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/936/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1639/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1638/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2208/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2180/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1809/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1494/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1890/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2063/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2062/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1888/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1886/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/420/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1489/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/785/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1642/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/788/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/667/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/789/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/1648/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6157/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6159/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/6279/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2078/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2077/cmdlineJump to behavior
        Source: /tmp/oidpLRF3GS (PID: 6224)File opened: /proc/2074/cmdlineJump to behavior
        Source: oidpLRF3GSSubmission file: segment LOAD with 7.9198 entropy (max. 8.0)
        Source: /tmp/oidpLRF3GS (PID: 6221)Queries kernel information via 'uname': Jump to behavior
        Source: oidpLRF3GS, 6221.1.00005652dc94b000.00005652dcab9000.rw-.sdmp, oidpLRF3GS, 6226.1.00005652dc94b000.00005652dcab9000.rw-.sdmp, oidpLRF3GS, 6227.1.00005652dc94b000.00005652dcab9000.rw-.sdmpBinary or memory string: RV!/etc/qemu-binfmt/arm
        Source: oidpLRF3GS, 6221.1.00007fff7901a000.00007fff7903b000.rw-.sdmp, oidpLRF3GS, 6226.1.00007fff7901a000.00007fff7903b000.rw-.sdmp, oidpLRF3GS, 6227.1.00007fff7901a000.00007fff7903b000.rw-.sdmpBinary or memory string: 3"x86_64/usr/bin/qemu-arm/tmp/oidpLRF3GSSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/oidpLRF3GS
        Source: oidpLRF3GS, 6221.1.00005652dc94b000.00005652dcab9000.rw-.sdmp, oidpLRF3GS, 6226.1.00005652dc94b000.00005652dcab9000.rw-.sdmp, oidpLRF3GS, 6227.1.00005652dc94b000.00005652dcab9000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: oidpLRF3GS, 6221.1.00007fff7901a000.00007fff7903b000.rw-.sdmp, oidpLRF3GS, 6226.1.00007fff7901a000.00007fff7903b000.rw-.sdmp, oidpLRF3GS, 6227.1.00007fff7901a000.00007fff7903b000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 6226.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6227.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6221.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 6226.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6227.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 6221.1.00007f5d40017000.00007f5d40025000.r-x.sdmp, type: MEMORY
        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
        Obfuscated Files or Information
        1
        OS Credential Dumping
        11
        Security Software Discovery
        Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
        Encrypted Channel
        Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
        Service Stop
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
        Non-Standard Port
        Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
        Application Layer Protocol
        Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        No configs have been found
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 673717 Sample: oidpLRF3GS Startdate: 26/07/2022 Architecture: LINUX Score: 64 22 194.195.245.195, 3778, 41418 NEXINTO-DE Germany 2->22 24 109.202.202.202, 80 INIT7CH Switzerland 2->24 26 2 other IPs or domains 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 Sample is packed with UPX 2->32 7 oidpLRF3GS 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 4 other processes 2->13 signatures3 process4 process5 15 oidpLRF3GS 7->15         started        18 oidpLRF3GS 7->18         started        20 oidpLRF3GS 7->20         started        signatures6 34 Sample tries to kill multiple processes (SIGKILL) 15->34

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        oidpLRF3GS42%VirustotalBrowse
        oidpLRF3GS42%ReversingLabsLinux.Trojan.Mirai
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        No contacted domains info
        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netoidpLRF3GSfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          194.195.245.195
          unknownGermany
          6659NEXINTO-DEfalse
          109.202.202.202
          unknownSwitzerland
          13030INIT7CHfalse
          91.189.91.43
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          91.189.91.42
          unknownUnited Kingdom
          41231CANONICAL-ASGBfalse
          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          194.195.245.1952MhjFCiP4WGet hashmaliciousBrowse
            QptmStI3xvGet hashmaliciousBrowse
              errOgPfWUfGet hashmaliciousBrowse
                6YTQRj2yleGet hashmaliciousBrowse
                  xiM1yxBb81Get hashmaliciousBrowse
                    109.202.202.2022MhjFCiP4WGet hashmaliciousBrowse
                      o0qIAFmO7SGet hashmaliciousBrowse
                        QptmStI3xvGet hashmaliciousBrowse
                          errOgPfWUfGet hashmaliciousBrowse
                            l3aEWMhUf2Get hashmaliciousBrowse
                              6YTQRj2yleGet hashmaliciousBrowse
                                xiM1yxBb81Get hashmaliciousBrowse
                                  mipselGet hashmaliciousBrowse
                                    armGet hashmaliciousBrowse
                                      i586Get hashmaliciousBrowse
                                        i686Get hashmaliciousBrowse
                                          x86_64Get hashmaliciousBrowse
                                            arm5Get hashmaliciousBrowse
                                              arm6Get hashmaliciousBrowse
                                                arm7Get hashmaliciousBrowse
                                                  roles_actionsGet hashmaliciousBrowse
                                                    home.arm6-20220726-0916Get hashmaliciousBrowse
                                                      home.arm5-20220726-0916Get hashmaliciousBrowse
                                                        bFiPi9FNYwGet hashmaliciousBrowse
                                                          5ukn4U9C0tGet hashmaliciousBrowse
                                                            91.189.91.432MhjFCiP4WGet hashmaliciousBrowse
                                                              o0qIAFmO7SGet hashmaliciousBrowse
                                                                QptmStI3xvGet hashmaliciousBrowse
                                                                  errOgPfWUfGet hashmaliciousBrowse
                                                                    l3aEWMhUf2Get hashmaliciousBrowse
                                                                      6YTQRj2yleGet hashmaliciousBrowse
                                                                        xiM1yxBb81Get hashmaliciousBrowse
                                                                          mipselGet hashmaliciousBrowse
                                                                            armGet hashmaliciousBrowse
                                                                              i586Get hashmaliciousBrowse
                                                                                i686Get hashmaliciousBrowse
                                                                                  x86_64Get hashmaliciousBrowse
                                                                                    arm5Get hashmaliciousBrowse
                                                                                      arm6Get hashmaliciousBrowse
                                                                                        arm7Get hashmaliciousBrowse
                                                                                          roles_actionsGet hashmaliciousBrowse
                                                                                            home.arm6-20220726-0916Get hashmaliciousBrowse
                                                                                              home.arm5-20220726-0916Get hashmaliciousBrowse
                                                                                                bFiPi9FNYwGet hashmaliciousBrowse
                                                                                                  5ukn4U9C0tGet hashmaliciousBrowse
                                                                                                    No context
                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                    NEXINTO-DE2MhjFCiP4WGet hashmaliciousBrowse
                                                                                                    • 194.195.245.195
                                                                                                    QptmStI3xvGet hashmaliciousBrowse
                                                                                                    • 194.195.245.195
                                                                                                    errOgPfWUfGet hashmaliciousBrowse
                                                                                                    • 194.195.245.195
                                                                                                    6YTQRj2yleGet hashmaliciousBrowse
                                                                                                    • 194.195.245.195
                                                                                                    xiM1yxBb81Get hashmaliciousBrowse
                                                                                                    • 194.195.245.195
                                                                                                    xvfn049x98Get hashmaliciousBrowse
                                                                                                    • 212.228.240.222
                                                                                                    tfrCRlebe7Get hashmaliciousBrowse
                                                                                                    • 212.229.189.174
                                                                                                    http://mids4d.co.ukGet hashmaliciousBrowse
                                                                                                    • 195.179.64.81
                                                                                                    UAwAYtkv6TGet hashmaliciousBrowse
                                                                                                    • 212.228.240.237
                                                                                                    F8nBo4zAw2.dllGet hashmaliciousBrowse
                                                                                                    • 212.228.146.25
                                                                                                    BkiIRJuvus.dllGet hashmaliciousBrowse
                                                                                                    • 194.163.102.2
                                                                                                    https://nationalgiveawaypr9.editorx.io/my-siteGet hashmaliciousBrowse
                                                                                                    • 194.163.157.244
                                                                                                    X9viIjRIyx.dllGet hashmaliciousBrowse
                                                                                                    • 194.233.145.162
                                                                                                    D5AeSqq60p.dllGet hashmaliciousBrowse
                                                                                                    • 194.233.218.156
                                                                                                    41ECj4EgTY.dllGet hashmaliciousBrowse
                                                                                                    • 195.180.187.70
                                                                                                    0HVVcaZuD1.exeGet hashmaliciousBrowse
                                                                                                    • 194.195.211.98
                                                                                                    mW6l0hEXP3Get hashmaliciousBrowse
                                                                                                    • 195.179.35.71
                                                                                                    9IDtyIo5MEGet hashmaliciousBrowse
                                                                                                    • 212.228.15.158
                                                                                                    Ares.x32Get hashmaliciousBrowse
                                                                                                    • 212.229.189.50
                                                                                                    iN9u7DdJv4.exeGet hashmaliciousBrowse
                                                                                                    • 194.195.211.98
                                                                                                    INIT7CH2MhjFCiP4WGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    o0qIAFmO7SGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    QptmStI3xvGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    errOgPfWUfGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    l3aEWMhUf2Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    6YTQRj2yleGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    xiM1yxBb81Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    mipselGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    armGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    i586Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    i686Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    x86_64Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    arm5Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    arm6Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    arm7Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    roles_actionsGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    home.arm6-20220726-0916Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    home.arm5-20220726-0916Get hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    bFiPi9FNYwGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    5ukn4U9C0tGet hashmaliciousBrowse
                                                                                                    • 109.202.202.202
                                                                                                    No context
                                                                                                    No context
                                                                                                    No created / dropped files found
                                                                                                    File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                                                                    Entropy (8bit):7.9156709449657745
                                                                                                    TrID:
                                                                                                    • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                    File name:oidpLRF3GS
                                                                                                    File size:22160
                                                                                                    MD5:d8e00c04f65a8389a3644c11af97d239
                                                                                                    SHA1:ca8e5c86aca9e2e70652d4bf656191688578fb6f
                                                                                                    SHA256:b84c1ce9ae5f44c366252f0157d4d877375e45b7750e2e27a57295873dc2bd2a
                                                                                                    SHA512:15f6f7a495ddbb1a76b935c2edb3a698c4ef57a3af1d7bbc559b4828bf41fc74c6b7317e1840d4af2062c951f5ff5d34a2ec8a792d35545da460a4f6d55476b0
                                                                                                    SSDEEP:384:UvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjzeIhymdGUop5ha:UvQn4j+ZO5fKAlxHbs3Uozs
                                                                                                    TLSH:57A2D11576932D65E3ED1C3CC9AA831BF9A71BFC80F5327679411620CD4D20A2E3DA4E
                                                                                                    File Content Preview:.ELF...a..........(.........4...........4. ...(......................U...U...............\..........................Q.td..............................CvUPX!........`...`.......Q..........?.E.h;.}...^..........f@.,v..(fw....&.x:.E....|.........y]8J.r.F.O.v

                                                                                                    ELF header

                                                                                                    Class:ELF32
                                                                                                    Data:2's complement, little endian
                                                                                                    Version:1 (current)
                                                                                                    Machine:ARM
                                                                                                    Version Number:0x1
                                                                                                    Type:EXEC (Executable file)
                                                                                                    OS/ABI:ARM - ABI
                                                                                                    ABI Version:0
                                                                                                    Entry Point Address:0xc3f8
                                                                                                    Flags:0x202
                                                                                                    ELF Header Size:52
                                                                                                    Program Header Offset:52
                                                                                                    Program Header Size:32
                                                                                                    Number of Program Headers:3
                                                                                                    Section Header Offset:0
                                                                                                    Section Header Size:40
                                                                                                    Number of Section Headers:0
                                                                                                    Header String Table Index:0
                                                                                                    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                    LOAD0x00x80000x80000x55a70x55a77.91980x5R E0x8000
                                                                                                    LOAD0x5ca40x1dca40x1dca40x00x00.00000x6RW 0x8000
                                                                                                    GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jul 26, 2022 18:09:50.884213924 CEST42836443192.168.2.2391.189.91.43
                                                                                                    Jul 26, 2022 18:09:51.201900959 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:09:51.220258951 CEST377841418194.195.245.195192.168.2.23
                                                                                                    Jul 26, 2022 18:09:51.220371962 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:09:51.220979929 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:09:51.239109993 CEST377841418194.195.245.195192.168.2.23
                                                                                                    Jul 26, 2022 18:09:51.239255905 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:09:51.256020069 CEST377841418194.195.245.195192.168.2.23
                                                                                                    Jul 26, 2022 18:09:51.652172089 CEST4251680192.168.2.23109.202.202.202
                                                                                                    Jul 26, 2022 18:09:57.121543884 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:09:57.138534069 CEST377841418194.195.245.195192.168.2.23
                                                                                                    Jul 26, 2022 18:09:57.138596058 CEST414183778192.168.2.23194.195.245.195
                                                                                                    Jul 26, 2022 18:10:07.011703968 CEST43928443192.168.2.2391.189.91.42
                                                                                                    Jul 26, 2022 18:10:17.251302958 CEST42836443192.168.2.2391.189.91.43
                                                                                                    Jul 26, 2022 18:10:21.347172976 CEST4251680192.168.2.23109.202.202.202
                                                                                                    Jul 26, 2022 18:10:47.970094919 CEST43928443192.168.2.2391.189.91.42

                                                                                                    System Behavior

                                                                                                    Start time:18:09:50
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/tmp/oidpLRF3GS
                                                                                                    Arguments:/tmp/oidpLRF3GS
                                                                                                    File size:4956856 bytes
                                                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                    Start time:18:09:50
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/tmp/oidpLRF3GS
                                                                                                    Arguments:n/a
                                                                                                    File size:4956856 bytes
                                                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                    Start time:18:09:50
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/tmp/oidpLRF3GS
                                                                                                    Arguments:n/a
                                                                                                    File size:4956856 bytes
                                                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                    Start time:18:09:50
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/tmp/oidpLRF3GS
                                                                                                    Arguments:n/a
                                                                                                    File size:4956856 bytes
                                                                                                    MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1
                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/bin/xfce4-panel
                                                                                                    Arguments:n/a
                                                                                                    File size:375768 bytes
                                                                                                    MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                                                                    Start time:18:09:56
                                                                                                    Start date:26/07/2022
                                                                                                    Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                                                                    Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                                                                                    File size:35136 bytes
                                                                                                    MD5 hash:ac0b8a906f359a8ae102244738682e76