Edit tour
Linux
Analysis Report
FwLad7Fxwv.elf
Overview
General Information
Sample name: | FwLad7Fxwv.elfrenamed because original name is a hash value |
Original sample name: | 413fedc45da2ad408f91fe2d6ecc830a.elf |
Analysis ID: | 1427649 |
MD5: | 413fedc45da2ad408f91fe2d6ecc830a |
SHA1: | 4d78c79c811b3fd8b9f1ee2c6c57e8e2d5508dfd |
SHA256: | f80cd3259f269a6a1b266178c8d3cb9b4d5774427a67371d382adcffa53f98af |
Tags: | 32elfmipsmirai |
Infos: |
Detection
Mirai
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Performs DNS queries to domains with low reputation
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427649 |
Start date and time: | 2024-04-17 23:08:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | FwLad7Fxwv.elfrenamed because original name is a hash value |
Original Sample Name: | 413fedc45da2ad408f91fe2d6ecc830a.elf |
Detection: | MAL |
Classification: | mal80.troj.evad.linELF@0/1@10/0 |
- VT rate limit hit for: FwLad7Fxwv.elf
Command: | /tmp/FwLad7Fxwv.elf |
PID: | 6236 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | about to cum inside a femboy btw |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kovey.mezo-api.xyz | 45.131.111.219 | true | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.131.111.219 | kovey.mezo-api.xyz | Germany | 398373 | SERVERDESTROYERSUS | true | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.131.111.219 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
109.202.202.202 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
kovey.mezo-api.xyz | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Chaos | Browse |
| ||
Get hash | malicious | Chaos | Browse |
| ||
Get hash | malicious | Chaos | Browse |
| ||
Get hash | malicious | Chaos | Browse |
| ||
SERVERDESTROYERSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
Process: | /tmp/FwLad7Fxwv.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 4.323231428797621 |
Encrypted: | false |
SSDEEP: | 3:Tgupo/ANloHJN:Tgupo/ilaJN |
MD5: | 2F95567BA4406FCCA9A85BD9B898572B |
SHA1: | 421553163F5D284D1110BDC9EB3DC8808CF3E6BA |
SHA-256: | 4B5C4AE7E4D409E8A940E83D595F1B08D319D96DBB8931102789A4CF6CEE076A |
SHA-512: | FD47FB5EA4C31F336C9906BD9C263246876DF7A63170B54504803430D40DDD4ADD87291572D9549765B08FF8477C538992C15E261EE8B621D4C75C4F2B44F378 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.556730856469953 |
TrID: |
|
File name: | FwLad7Fxwv.elf |
File size: | 79'448 bytes |
MD5: | 413fedc45da2ad408f91fe2d6ecc830a |
SHA1: | 4d78c79c811b3fd8b9f1ee2c6c57e8e2d5508dfd |
SHA256: | f80cd3259f269a6a1b266178c8d3cb9b4d5774427a67371d382adcffa53f98af |
SHA512: | c2ac239058687cba7cbb1f68a35ef568be8d74f8e7966c8e803a1d5ba09ced3689e842c04bcaa576a61bcdf93d4bb23febf0a146d8d5c34279b8663a66c60bd1 |
SSDEEP: | 1536:ldZeohW9uklAIYyBBAn/+aUZ0Z8FABk9i8k4:lDeohW9ukfO+aUZ0A7k |
TLSH: | 6873E806BB510FFBDCDBCD3705A81B0528DC699F22E56B363234C968B44B64B56E3CA4 |
File Content Preview: | .ELF....................`.@.4...(4......4. ...(...............@...@..%...%...............%...%E..%E.0...L0..........Q.td...............................<...'!......'.......................<...'!... .........9'.. ........................<...'!.............9 |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 78888 |
Section Header Size: | 40 |
Number of Section Headers: | 14 |
Header String Table Index: | 13 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0x10400 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x410520 | 0x10520 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x410580 | 0x10580 | 0x2010 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x452594 | 0x12594 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x45259c | 0x1259c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data.rel.ro | PROGBITS | 0x4525a8 | 0x125a8 | 0x400 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x4529b0 | 0x129b0 | 0x3e0 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x452d90 | 0x12d90 | 0x634 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x4533c4 | 0x133c4 | 0x14 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x4533e0 | 0x133c4 | 0x2200 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.mdebug.abi32 | PROGBITS | 0xbe2 | 0x133c4 | 0x0 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x133c4 | 0x64 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x12590 | 0x12590 | 5.5957 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x12594 | 0x452594 | 0x452594 | 0xe30 | 0x304c | 3.8368 | 0x6 | RW | 0x10000 | .ctors .dtors .data.rel.ro .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:08:52.137367964 CEST | 40172 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:52.343628883 CEST | 33966 | 40172 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:52.344023943 CEST | 40172 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:52.344383955 CEST | 40172 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:52.550482988 CEST | 33966 | 40172 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:52.550800085 CEST | 40172 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:52.757050037 CEST | 33966 | 40172 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:52.983530998 CEST | 33966 | 40172 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:52.984062910 CEST | 40172 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:53.190012932 CEST | 33966 | 40172 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:54.194770098 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:54.209816933 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 17, 2024 23:08:54.401492119 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:54.401871920 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:54.401871920 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:54.608632088 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:54.608983040 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:08:54.815458059 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:08:54.977776051 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 17, 2024 23:09:08.800237894 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 17, 2024 23:09:09.817226887 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:09.817641020 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:14.005227089 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:14.005599022 CEST | 40174 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:14.212270975 CEST | 33966 | 40174 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:15.216567993 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:15.426668882 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:15.427090883 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:15.427340984 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:15.637136936 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:15.637387991 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:15.847687006 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:21.086286068 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 17, 2024 23:09:25.181684971 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 17, 2024 23:09:30.849199057 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:30.849349022 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:46.081348896 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:46.081777096 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:49.348304987 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:49.348803043 CEST | 40176 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:49.558924913 CEST | 33966 | 40176 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:49.754389048 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 17, 2024 23:09:50.560266972 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:50.765079975 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:50.765367985 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:50.765499115 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:50.969988108 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:09:50.970344067 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:09:51.174731970 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:06.174828053 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:06.175384045 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:07.139564037 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:07.140053988 CEST | 40178 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:07.344764948 CEST | 33966 | 40178 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:08.404484034 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:08.618679047 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:08.618949890 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:08.619138002 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:08.827743053 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:08.828176975 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:09.041538954 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:24.041316032 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:24.041677952 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:28.637134075 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:28.846731901 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:38.643418074 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:38.852497101 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:53.921214104 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Apr 17, 2024 23:10:53.921576023 CEST | 40180 | 33966 | 192.168.2.23 | 45.131.111.219 |
Apr 17, 2024 23:10:56.265176058 CEST | 33966 | 40180 | 45.131.111.219 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:08:51.926314116 CEST | 60343 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:08:52.031224966 CEST | 53 | 60343 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:08:52.031996012 CEST | 45642 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:08:52.136905909 CEST | 53 | 45642 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:08:53.984661102 CEST | 56895 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:08:54.089349031 CEST | 53 | 56895 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:08:54.089636087 CEST | 53827 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:08:54.194559097 CEST | 53 | 53827 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:09:15.005867958 CEST | 39063 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:09:15.110770941 CEST | 53 | 39063 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:09:15.111107111 CEST | 38195 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:09:15.216300011 CEST | 53 | 38195 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:09:50.348975897 CEST | 43830 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:09:50.453852892 CEST | 53 | 43830 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:09:50.454304934 CEST | 40177 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:09:50.559688091 CEST | 53 | 40177 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:10:08.140007019 CEST | 59523 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:10:08.298595905 CEST | 53 | 59523 | 8.8.8.8 | 192.168.2.23 |
Apr 17, 2024 23:10:08.299205065 CEST | 49094 | 53 | 192.168.2.23 | 8.8.8.8 |
Apr 17, 2024 23:10:08.404011011 CEST | 53 | 49094 | 8.8.8.8 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:08:51.926314116 CEST | 192.168.2.23 | 8.8.8.8 | 0xe5ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:08:52.031996012 CEST | 192.168.2.23 | 8.8.8.8 | 0x8d54 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:08:53.984661102 CEST | 192.168.2.23 | 8.8.8.8 | 0x40d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:08:54.089636087 CEST | 192.168.2.23 | 8.8.8.8 | 0xc5ee | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:09:15.005867958 CEST | 192.168.2.23 | 8.8.8.8 | 0x65a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:09:15.111107111 CEST | 192.168.2.23 | 8.8.8.8 | 0x5d51 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:09:50.348975897 CEST | 192.168.2.23 | 8.8.8.8 | 0xe3a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:09:50.454304934 CEST | 192.168.2.23 | 8.8.8.8 | 0xf624 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:10:08.140007019 CEST | 192.168.2.23 | 8.8.8.8 | 0x4a7e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:10:08.299205065 CEST | 192.168.2.23 | 8.8.8.8 | 0xc9db | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:08:52.031224966 CEST | 8.8.8.8 | 192.168.2.23 | 0xe5ac | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:08:52.136905909 CEST | 8.8.8.8 | 192.168.2.23 | 0x8d54 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:08:54.089349031 CEST | 8.8.8.8 | 192.168.2.23 | 0x40d9 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:08:54.194559097 CEST | 8.8.8.8 | 192.168.2.23 | 0xc5ee | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:09:15.110770941 CEST | 8.8.8.8 | 192.168.2.23 | 0x65a | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:09:15.216300011 CEST | 8.8.8.8 | 192.168.2.23 | 0x5d51 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:09:50.453852892 CEST | 8.8.8.8 | 192.168.2.23 | 0xe3a0 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:09:50.559688091 CEST | 8.8.8.8 | 192.168.2.23 | 0xf624 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:10:08.298595905 CEST | 8.8.8.8 | 192.168.2.23 | 0x4a7e | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 23:10:08.404011011 CEST | 8.8.8.8 | 192.168.2.23 | 0xc9db | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 21:08:50 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/FwLad7Fxwv.elf |
Arguments: | /tmp/FwLad7Fxwv.elf |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 21:08:50 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/FwLad7Fxwv.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |