Edit tour
Linux
Analysis Report
If1BjZdkZh.elf
Overview
General Information
Sample name: | If1BjZdkZh.elfrenamed because original name is a hash value |
Original sample name: | 985188e6bc0bf7c11d97deaeab65444a.elf |
Analysis ID: | 1417441 |
MD5: | 985188e6bc0bf7c11d97deaeab65444a |
SHA1: | d75c924bd7597fc35a2e09a8f70345112ceaa78c |
SHA256: | 6eb86c672a98e4148f968de247d345ca5c5739033159f191480208c4d0d51272 |
Tags: | 32elfmiraimotorola |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Reads CPU information from /proc indicative of miner or evasive malware
Reads system information from the proc file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417441 |
Start date and time: | 2024-03-29 09:53:42 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | If1BjZdkZh.elfrenamed because original name is a hash value |
Original Sample Name: | 985188e6bc0bf7c11d97deaeab65444a.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@1/0 |
Command: | /tmp/If1BjZdkZh.elf |
PID: | 5464 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | carico_di_insetti. |
Standard Error: |
- system is lnxubuntu20
- If1BjZdkZh.elf New Fork (PID: 5467, Parent: 5464)
- If1BjZdkZh.elf New Fork (PID: 5469, Parent: 5467)
- If1BjZdkZh.elf New Fork (PID: 5471, Parent: 5467)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Reads CPU info from proc file: | Jump to behavior |
Networking |
---|
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Reads from proc file: | Jump to behavior |
Source: | Reads CPU info from proc file: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Linux.Trojan.Mirai | ||
43% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
jhbaghjbasdg.shop | 185.196.8.213 | true | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
217.32.184.17 | unknown | United Kingdom | 6871 | PLUSNETUKInternetServiceProviderGB | false | |
185.196.8.213 | jhbaghjbasdg.shop | Switzerland | 34888 | SIMPLECARRER2IT | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
217.32.184.17 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
185.196.8.213 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
jhbaghjbasdg.shop | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SIMPLECARRER2IT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
Get hash | malicious | Socks5Systemz | Browse |
| ||
PLUSNETUKInternetServiceProviderGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.222811672621052 |
TrID: |
|
File name: | If1BjZdkZh.elf |
File size: | 75'956 bytes |
MD5: | 985188e6bc0bf7c11d97deaeab65444a |
SHA1: | d75c924bd7597fc35a2e09a8f70345112ceaa78c |
SHA256: | 6eb86c672a98e4148f968de247d345ca5c5739033159f191480208c4d0d51272 |
SHA512: | 6c50d43803b8b2fa4ce4e1649d8b2d86d314ebf5565875e80c966d4a57c3837cd915452e88a0cb679445fbe2171578b05ea8ed7282ee7cc2909a288301493348 |
SSDEEP: | 1536:9TsyB0oms5jmgXTGEG2qp97Xu88XyM6HGYz3am0EOn/ERnLilhorc/R:9Ts6KcC2TWNp97Xu1yM6Hpnpi/gLUR |
TLSH: | A5735BDAF800DD7DF81EE77B4463450AB631A39116830F3A275BFDA7AC321A81857E85 |
File Content Preview: | .ELF.......................D...4..'$.....4. ...(......................"..."....... ......."...B...B.......%....... .dt.Q............................NV..a....da.....N^NuNV..J9..F.f>"y..B. QJ.g.X.#...B.N."y..B. QJ.f.A.....J.g.Hy..".N.X.......F.N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 75556 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0x10afa | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x80010ba2 | 0x10ba2 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x80010bb0 | 0x10bb0 | 0x1724 | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x800142d8 | 0x122d8 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x800142e0 | 0x122e0 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x800142ec | 0x122ec | 0x3f8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x800146e4 | 0x126e4 | 0x21c4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x126e4 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0x122d4 | 0x122d4 | 6.2531 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0x122d8 | 0x800142d8 | 0x800142d8 | 0x40c | 0x25d0 | 3.3764 | 0x6 | RW | 0x2000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:54:37.889786005 CET | 57442 | 6789 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.076263905 CET | 6789 | 57442 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:38.076426983 CET | 57442 | 6789 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.078161001 CET | 57442 | 6789 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.078581095 CET | 57442 | 6789 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.185944080 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.264569998 CET | 6789 | 57442 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:38.264981031 CET | 6789 | 57442 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:38.265033007 CET | 57442 | 6789 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.372391939 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:38.372462034 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.372631073 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.559166908 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:38.559221029 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:38.583949089 CET | 37068 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:38.745661020 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:39.586477041 CET | 37068 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:41.602463961 CET | 37068 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:45.666435003 CET | 37068 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:48.382914066 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:48.569443941 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:48.569488049 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:54:48.569530010 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:54:50.097611904 CET | 37070 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:51.106539965 CET | 37070 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:53.122579098 CET | 37070 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:54:57.186511040 CET | 37070 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:01.613729000 CET | 37072 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:02.626524925 CET | 37072 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:03.976516008 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:55:03.976629972 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:55:04.642471075 CET | 37072 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:08.706393003 CET | 37072 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:13.135386944 CET | 37074 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:14.146509886 CET | 37074 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:16.162492990 CET | 37074 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:19.164495945 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:55:19.164664030 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:55:20.226385117 CET | 37074 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:24.662695885 CET | 37076 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:25.666373014 CET | 37076 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:27.682531118 CET | 37076 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:31.746361017 CET | 37076 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:34.352958918 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:55:34.353066921 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:55:36.176755905 CET | 37078 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:37.186465025 CET | 37078 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:39.202346087 CET | 37078 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:43.266338110 CET | 37078 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:47.693089008 CET | 37080 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:48.620021105 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:55:48.706343889 CET | 37080 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:48.806771994 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:55:48.806876898 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:55:50.722417116 CET | 37080 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:54.786453009 CET | 37080 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:55:59.215245008 CET | 37082 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:00.226320982 CET | 37082 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:02.242317915 CET | 37082 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:04.138530016 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:56:04.138642073 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:56:06.306305885 CET | 37082 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:10.726290941 CET | 37084 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:11.746299982 CET | 37084 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:13.762376070 CET | 37084 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:17.826284885 CET | 37084 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:19.328521013 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:56:19.328588963 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:56:22.240053892 CET | 37086 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:23.266266108 CET | 37086 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:25.282263041 CET | 37086 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:29.346235037 CET | 37086 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:33.756632090 CET | 37088 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:34.516499043 CET | 59432 | 36554 | 185.196.8.213 | 192.168.2.13 |
Mar 29, 2024 09:56:34.516788006 CET | 36554 | 59432 | 192.168.2.13 | 185.196.8.213 |
Mar 29, 2024 09:56:34.786360979 CET | 37088 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:36.802352905 CET | 37088 | 23 | 192.168.2.13 | 217.32.184.17 |
Mar 29, 2024 09:56:40.866219997 CET | 37088 | 23 | 192.168.2.13 | 217.32.184.17 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:54:38.079941988 CET | 39716 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.081302881 CET | 55651 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.180988073 CET | 53 | 55651 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:38.181348085 CET | 47309 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.185539007 CET | 53 | 39716 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:38.281097889 CET | 53 | 47309 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:38.281173944 CET | 43926 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.380755901 CET | 53 | 43926 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:38.380814075 CET | 51144 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.480989933 CET | 53 | 51144 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:38.481060028 CET | 51225 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:38.583718061 CET | 53 | 51225 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:49.591445923 CET | 42671 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:49.693748951 CET | 53 | 42671 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:49.694137096 CET | 36468 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:49.796622992 CET | 53 | 36468 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:49.796989918 CET | 33513 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:49.896899939 CET | 53 | 33513 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:49.897208929 CET | 58820 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:49.997302055 CET | 53 | 58820 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:54:49.997704029 CET | 37360 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:54:50.097263098 CET | 53 | 37360 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:01.107939959 CET | 43189 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:01.208853006 CET | 53 | 43189 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:01.209034920 CET | 58895 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:01.309031010 CET | 53 | 58895 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:01.309200048 CET | 37212 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:01.411885977 CET | 53 | 37212 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:01.411998987 CET | 49479 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:01.511962891 CET | 53 | 49479 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:01.512073994 CET | 49173 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:01.613560915 CET | 53 | 49173 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:12.624157906 CET | 56521 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:12.729104996 CET | 53 | 56521 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:12.729497910 CET | 51319 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:12.833219051 CET | 53 | 51319 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:12.833605051 CET | 36428 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:12.933686018 CET | 53 | 36428 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:12.933937073 CET | 32792 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:13.034974098 CET | 53 | 32792 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:13.035315037 CET | 43720 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:13.135164022 CET | 53 | 43720 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:24.145772934 CET | 59010 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:24.248893976 CET | 53 | 59010 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:24.249155998 CET | 51135 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:24.350790024 CET | 53 | 51135 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:24.351064920 CET | 45547 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:24.458885908 CET | 53 | 45547 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:24.459144115 CET | 55948 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:24.559854031 CET | 53 | 55948 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:24.560143948 CET | 45741 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:24.662528038 CET | 53 | 45741 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:35.673207998 CET | 58664 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:35.773257017 CET | 53 | 58664 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:35.773638010 CET | 34644 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:35.875930071 CET | 53 | 34644 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:35.876044035 CET | 33434 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:35.976480961 CET | 53 | 33434 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:35.976708889 CET | 45685 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:36.076539040 CET | 53 | 45685 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:36.076782942 CET | 52898 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:36.176456928 CET | 53 | 52898 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:47.187167883 CET | 51029 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:47.287378073 CET | 53 | 51029 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:47.287631989 CET | 34464 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:47.387186050 CET | 53 | 34464 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:47.387368917 CET | 38656 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:47.487626076 CET | 53 | 38656 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:47.487704992 CET | 42407 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:47.590245008 CET | 53 | 42407 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:47.590337038 CET | 33206 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:47.692990065 CET | 53 | 33206 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:58.703562975 CET | 53598 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:58.803709030 CET | 53 | 53598 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:58.804081917 CET | 49275 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:58.908186913 CET | 53 | 49275 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:58.908582926 CET | 51643 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:59.011734009 CET | 53 | 51643 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:59.012069941 CET | 34951 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:59.114631891 CET | 53 | 34951 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:55:59.114981890 CET | 35710 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:55:59.215042114 CET | 53 | 35710 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:10.218852997 CET | 46392 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:10.321522951 CET | 53 | 46392 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:10.321741104 CET | 58304 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:10.424514055 CET | 53 | 58304 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:10.424686909 CET | 45137 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:10.525537968 CET | 53 | 45137 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:10.525763988 CET | 40950 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:10.625788927 CET | 53 | 40950 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:10.625969887 CET | 46236 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:10.726104021 CET | 53 | 46236 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:21.734734058 CET | 54178 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:21.834781885 CET | 53 | 54178 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:21.834942102 CET | 35245 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:21.935018063 CET | 53 | 35245 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:21.935139894 CET | 36421 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:22.035466909 CET | 53 | 36421 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:22.035573006 CET | 57319 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:22.138267040 CET | 53 | 57319 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:22.138442039 CET | 54091 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:22.239937067 CET | 53 | 54091 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:33.250492096 CET | 45152 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:33.350342989 CET | 53 | 45152 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:33.350621939 CET | 55756 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:33.453828096 CET | 53 | 55756 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:33.454010010 CET | 45117 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:33.554167986 CET | 53 | 45117 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:33.554539919 CET | 40210 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:33.655121088 CET | 53 | 40210 | 8.8.8.8 | 192.168.2.13 |
Mar 29, 2024 09:56:33.655513048 CET | 34001 | 53 | 192.168.2.13 | 8.8.8.8 |
Mar 29, 2024 09:56:33.756254911 CET | 53 | 34001 | 8.8.8.8 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:54:38.079941988 CET | 192.168.2.13 | 8.8.8.8 | 0xee9f | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:54:38.185539007 CET | 8.8.8.8 | 192.168.2.13 | 0xee9f | No error (0) | 185.196.8.213 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 08:54:36 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/If1BjZdkZh.elf |
Arguments: | /tmp/If1BjZdkZh.elf |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 08:54:36 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/If1BjZdkZh.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 08:54:36 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/If1BjZdkZh.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 08:54:36 |
Start date (UTC): | 29/03/2024 |
Path: | /tmp/If1BjZdkZh.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |