Edit tour
Linux
Analysis Report
mZFiaBnsij.elf
Overview
General Information
Sample name: | mZFiaBnsij.elfrenamed because original name is a hash value |
Original sample name: | 1d748651f9c051e53e3d07e0333a43c4.elf |
Analysis ID: | 1417433 |
MD5: | 1d748651f9c051e53e3d07e0333a43c4 |
SHA1: | c4bbe809180a1a8fa110873fe2184f38e3b6acab |
SHA256: | d7a2c679f5050aa0f40c3807517df52eb3c7a8a47aae8567c5ff34bacae91a51 |
Tags: | 32elfmirairenesas |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Reads CPU information from /proc indicative of miner or evasive malware
Reads system information from the proc file system
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417433 |
Start date and time: | 2024-03-29 09:45:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | mZFiaBnsij.elfrenamed because original name is a hash value |
Original Sample Name: | 1d748651f9c051e53e3d07e0333a43c4.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@1/0 |
Command: | /tmp/mZFiaBnsij.elf |
PID: | 5504 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | carico_di_insetti. |
Standard Error: |
- system is lnxubuntu20
- mZFiaBnsij.elf New Fork (PID: 5506, Parent: 5504)
- mZFiaBnsij.elf New Fork (PID: 5508, Parent: 5506)
- mZFiaBnsij.elf New Fork (PID: 5510, Parent: 5506)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Reads CPU info from proc file: | Jump to behavior |
Networking |
---|
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Reads from proc file: | Jump to behavior |
Source: | Reads CPU info from proc file: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse | ||
42% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jhbaghjbasdg.shop | 185.196.8.213 | true | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
217.32.184.17 | unknown | United Kingdom | 6871 | PLUSNETUKInternetServiceProviderGB | false | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
185.196.8.213 | jhbaghjbasdg.shop | Switzerland | 34888 | SIMPLECARRER2IT | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
217.32.184.17 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
185.125.190.26 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
185.196.8.213 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
jhbaghjbasdg.shop | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SIMPLECARRER2IT | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Phonk Miner, Xmrig | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
PLUSNETUKInternetServiceProviderGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.751155975753273 |
TrID: |
|
File name: | mZFiaBnsij.elf |
File size: | 62'940 bytes |
MD5: | 1d748651f9c051e53e3d07e0333a43c4 |
SHA1: | c4bbe809180a1a8fa110873fe2184f38e3b6acab |
SHA256: | d7a2c679f5050aa0f40c3807517df52eb3c7a8a47aae8567c5ff34bacae91a51 |
SHA512: | 5b1f031b8d2982ef0648ab1ed9a7e3cc754fbe36679afa27ecbe77520910988700f5bd1e1e2e7337d6d3b031d2b78079955a9b69af2889d16890d43e0dc4f43a |
SSDEEP: | 1536:oaDwtTI2a4rtfoZeZFaKVUB4BhObeCPxJ6:oA72Vtft9VVhObeK6 |
TLSH: | A6539D77C47A6D84C1498AF4B4748AB45B63F04891932FFE4A95C6BA8087EBCF6053F4 |
File Content Preview: | .ELF..............*.......@.4...L.......4. ...(...............@...@.<...<.....................A...A......%..........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 62540 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0xd1c0 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40d2a0 | 0xd2a0 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40d2c4 | 0xd2c4 | 0x1778 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x41f000 | 0xf000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x41f008 | 0xf008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x41f014 | 0xf014 | 0x3f8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x41f40c | 0xf40c | 0x21f0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xf40c | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0xea3c | 0xea3c | 6.8945 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xf000 | 0x41f000 | 0x41f000 | 0x40c | 0x25fc | 3.2104 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:45:50.246228933 CET | 43266 | 6789 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.433001041 CET | 6789 | 43266 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:50.433049917 CET | 43266 | 6789 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.435220957 CET | 43266 | 6789 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.436449051 CET | 43266 | 6789 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.621918917 CET | 6789 | 43266 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:50.622987986 CET | 6789 | 43266 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:50.623117924 CET | 43266 | 6789 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.660939932 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.847738028 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:50.847788095 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.847953081 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:50.945199013 CET | 49874 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:45:51.034235001 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:51.034388065 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:45:51.220704079 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:45:51.966198921 CET | 49874 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:45:53.982304096 CET | 49874 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:45:58.046061039 CET | 49874 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:00.854011059 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:46:01.040592909 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:46:01.040635109 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:46:01.040678978 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:46:02.465029955 CET | 49876 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:03.165812969 CET | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Mar 29, 2024 09:46:03.485797882 CET | 49876 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:05.501754999 CET | 49876 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:09.565568924 CET | 49876 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:13.976728916 CET | 49878 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:15.005220890 CET | 49878 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:16.360711098 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:46:16.360924959 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:46:17.021131039 CET | 49878 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:21.084983110 CET | 49878 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:25.494643927 CET | 49880 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:26.524776936 CET | 49880 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:28.540699959 CET | 49880 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:31.548708916 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:46:31.548835993 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:46:32.604581118 CET | 49880 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:34.652462006 CET | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Mar 29, 2024 09:46:37.011276007 CET | 49882 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:38.012283087 CET | 49882 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:40.028244019 CET | 49882 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:44.124075890 CET | 49882 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:46.736711979 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:46:46.736880064 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:46:48.525599957 CET | 49884 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:49.531888962 CET | 49884 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:51.547743082 CET | 49884 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:46:55.643599987 CET | 49884 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:00.037863016 CET | 49886 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:01.051307917 CET | 49886 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:01.083314896 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:47:01.270090103 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:47:01.270170927 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:47:03.067248106 CET | 49886 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:07.163094997 CET | 49886 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:11.545593023 CET | 49888 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:12.570853949 CET | 49888 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:14.586757898 CET | 49888 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:16.520725965 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:47:16.521200895 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:47:18.682595015 CET | 49888 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:23.050178051 CET | 49890 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:24.058429956 CET | 49890 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:26.074341059 CET | 49890 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:30.202162981 CET | 49890 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:31.708725929 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:47:31.708997011 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:47:34.563589096 CET | 49892 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:35.577872038 CET | 49892 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:37.593795061 CET | 49892 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:41.721627951 CET | 49892 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:46.072822094 CET | 49894 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:46.900609970 CET | 59432 | 56080 | 185.196.8.213 | 192.168.2.14 |
Mar 29, 2024 09:47:46.900835037 CET | 56080 | 59432 | 192.168.2.14 | 185.196.8.213 |
Mar 29, 2024 09:47:47.097397089 CET | 49894 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:49.113332033 CET | 49894 | 23 | 192.168.2.14 | 217.32.184.17 |
Mar 29, 2024 09:47:53.241163969 CET | 49894 | 23 | 192.168.2.14 | 217.32.184.17 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:45:50.439151049 CET | 37827 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.441138983 CET | 42928 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.541440010 CET | 53 | 42928 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:45:50.541742086 CET | 41034 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.642210960 CET | 53 | 41034 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:45:50.642380953 CET | 34320 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.660482883 CET | 53 | 37827 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:45:50.742455959 CET | 53 | 34320 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:45:50.742629051 CET | 40875 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.845113993 CET | 53 | 40875 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:45:50.845196962 CET | 58386 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:45:50.944916964 CET | 53 | 58386 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:01.955316067 CET | 42856 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:02.055413961 CET | 53 | 42856 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:02.055623055 CET | 45860 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:02.157624960 CET | 53 | 45860 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:02.157799006 CET | 59119 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:02.261862040 CET | 53 | 59119 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:02.262034893 CET | 36366 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:02.364707947 CET | 53 | 36366 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:02.364872932 CET | 58366 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:02.464864969 CET | 53 | 58366 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:13.474868059 CET | 55202 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:13.574829102 CET | 53 | 55202 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:13.574965954 CET | 41047 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:13.674750090 CET | 53 | 41047 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:13.675008059 CET | 51699 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:13.775300026 CET | 53 | 51699 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:13.775546074 CET | 60412 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:13.875827074 CET | 53 | 60412 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:13.876068115 CET | 49539 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:13.976407051 CET | 53 | 49539 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:24.986923933 CET | 40897 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:25.087383032 CET | 53 | 40897 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:25.087733030 CET | 39921 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:25.188014984 CET | 53 | 39921 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:25.188288927 CET | 46612 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:25.290990114 CET | 53 | 46612 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:25.291229963 CET | 35306 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:25.391362906 CET | 53 | 35306 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:25.391661882 CET | 36864 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:25.494385958 CET | 53 | 36864 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:36.500545025 CET | 50158 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:36.603120089 CET | 53 | 50158 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:36.603286982 CET | 48570 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:36.705708027 CET | 53 | 48570 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:36.705921888 CET | 52622 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:36.808312893 CET | 53 | 52622 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:36.808501005 CET | 32965 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:36.908442974 CET | 53 | 32965 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:36.908765078 CET | 48937 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:37.011156082 CET | 53 | 48937 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:48.021274090 CET | 41543 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:48.124092102 CET | 53 | 41543 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:48.124423027 CET | 50116 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:48.224600077 CET | 53 | 50116 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:48.224761963 CET | 57704 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:48.324836969 CET | 53 | 57704 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:48.324925900 CET | 48302 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:48.424890995 CET | 53 | 48302 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:48.425198078 CET | 54916 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:48.525413036 CET | 53 | 54916 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:59.535624981 CET | 56230 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:59.636147022 CET | 53 | 56230 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:59.636464119 CET | 41517 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:59.736674070 CET | 53 | 41517 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:59.736860037 CET | 33632 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:59.836939096 CET | 53 | 33632 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:59.837244987 CET | 58137 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:46:59.937127113 CET | 53 | 58137 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:46:59.937320948 CET | 57860 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:00.037570000 CET | 53 | 57860 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:11.043369055 CET | 51733 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:11.143521070 CET | 53 | 51733 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:11.143759012 CET | 53142 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:11.243865967 CET | 53 | 53142 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:11.244149923 CET | 33267 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:11.344804049 CET | 53 | 33267 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:11.345043898 CET | 37506 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:11.445135117 CET | 53 | 37506 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:11.445312023 CET | 47146 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:11.545335054 CET | 53 | 47146 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:22.549076080 CET | 49308 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:22.649173975 CET | 53 | 49308 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:22.649375916 CET | 34118 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:22.749233007 CET | 53 | 34118 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:22.749413967 CET | 53135 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:22.849742889 CET | 53 | 53135 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:22.849989891 CET | 35081 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:22.950046062 CET | 53 | 35081 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:22.950196028 CET | 51722 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:23.049988031 CET | 53 | 51722 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:34.059994936 CET | 42203 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:34.160527945 CET | 53 | 42203 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:34.160717964 CET | 39736 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:34.263154030 CET | 53 | 39736 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:34.263365030 CET | 40557 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:34.363154888 CET | 53 | 40557 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:34.363280058 CET | 58989 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:34.463299036 CET | 53 | 58989 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:34.463430882 CET | 55404 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:34.563417912 CET | 53 | 55404 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:45.569665909 CET | 54820 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:45.669564009 CET | 53 | 54820 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:45.669682980 CET | 36103 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:45.772604942 CET | 53 | 36103 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:45.772735119 CET | 41272 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:45.872828007 CET | 53 | 41272 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:45.872921944 CET | 43387 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:45.972595930 CET | 53 | 43387 | 8.8.8.8 | 192.168.2.14 |
Mar 29, 2024 09:47:45.972722054 CET | 58489 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 29, 2024 09:47:46.072706938 CET | 53 | 58489 | 8.8.8.8 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:45:50.439151049 CET | 192.168.2.14 | 8.8.8.8 | 0x20e1 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:45:50.660482883 CET | 8.8.8.8 | 192.168.2.14 | 0x20e1 | No error (0) | 185.196.8.213 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 08:45:49 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/mZFiaBnsij.elf |
Arguments: | /tmp/mZFiaBnsij.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:45:49 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/mZFiaBnsij.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:45:49 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/mZFiaBnsij.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:45:49 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/mZFiaBnsij.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |