Edit tour
Linux
Analysis Report
6pZSqZEAa2.elf
Overview
General Information
Sample name: | 6pZSqZEAa2.elfrenamed because original name is a hash value |
Original sample name: | d4054f34cd68bfdeaed597ebe9eb226b.elf |
Analysis ID: | 1427651 |
MD5: | d4054f34cd68bfdeaed597ebe9eb226b |
SHA1: | a5537bc9b2ffb0c1da02cd6db15ddeea2bf3b42b |
SHA256: | 28139b1c3cb363b5d592878c641c5e0b3978239a0fab0106b780bd8b9250a2a2 |
Tags: | 32elfmiraimotorola |
Infos: |
Detection
Mirai
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Performs DNS queries to domains with low reputation
Queries the IP of a very long domain name
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427651 |
Start date and time: | 2024-04-17 23:09:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | 6pZSqZEAa2.elfrenamed because original name is a hash value |
Original Sample Name: | d4054f34cd68bfdeaed597ebe9eb226b.elf |
Detection: | MAL |
Classification: | mal84.troj.evad.linELF@0/1@11/0 |
- VT rate limit hit for: 6pZSqZEAa2.elf
Command: | /tmp/6pZSqZEAa2.elf |
PID: | 5545 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | about to cum inside a femboy btw |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 11 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kovey.mezo-api.xyz | 45.131.111.219 | true | true | unknown | |
kovey.mezo-api.xyz.: f66a1PV!E(_j5u!}: fOOPV!a1EA | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.: fJ66a1PV!E(b9L5K}: fKOOPV!a1EA | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.; fi66a1PV!E(e95o%; fOOPV!a1EA.@@.aV5-%koveymezo-apixyzm; fU[66a1PV!E(:.5.%; fc]OOPV!a1EA@@bH5-%.kovey.mezo-api.xyz.; f66a1PV!E(z95%; fOOPV!a1EA.@@.=5-I%koveymezo-apixyzm; f66a1PV!E(89.5 | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.: f-66a1PV!E(Oa:^54}: fNNPV!a1E@ | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.; f66a1PV!E(895D%; f#OOPV!a1EA.@@.2x5-%koveymezo-apixyzm; f(66a1PV!E(mj.5.%; f)NNPV!a1E@@@b15,U\mezo-koveymezo-apixyz; f6 | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.; fU[66a1PV!E(:5V%; fc]OOPV!a1EA.@@.H5-%koveymezo-apixyzm; f66a1PV!E(z9.5.%; fO | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.; f66a1PV!E(z95%; fOOPV!a1EA.@@.=5-I%koveymezo-apixyzm; f66a1PV!E(89.5 | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.: f66a1PV!E(C:j5}: fOOPV!a1EA | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.; f(66a1PV!E(mj5x%; f)NNPV!a1E@.@@.15,U\mezo-koveymezo-apixyz; f66a1PV!E(g:.5 | unknown | unknown | true | unknown | |
kovey.mezo-api.xyz.: fz66a1PV!E(j5kmQ}: f{OOPV!a1EA | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.131.111.219 | kovey.mezo-api.xyz | Germany | 398373 | SERVERDESTROYERSUS | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.131.111.219 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
kovey.mezo-api.xyz | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SERVERDESTROYERSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
Process: | /tmp/6pZSqZEAa2.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 4.348394345536403 |
Encrypted: | false |
SSDEEP: | 3:TgTcmhXV8HJN:TgTcmhIJN |
MD5: | 08D18AFBD28914B479A90AFCCB8152BB |
SHA1: | 748AB2C475BCFD3C4B0ABF502F32E475BA9C8D8C |
SHA-256: | 72AF8FAE5F1635E3455D6CBB3A79E4FB6E71510975012ECA2DC007E5F9819209 |
SHA-512: | 3198DB2C17D8C6AC1403E4E9935893D37CE3849A8897AAE87E0FBD5224E77B36A5A0B079A4F4C63E200022F872E775D46CE19614BD0A7A7021074F0E2D3F8E7E |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.2737930965081175 |
TrID: |
|
File name: | 6pZSqZEAa2.elf |
File size: | 64'216 bytes |
MD5: | d4054f34cd68bfdeaed597ebe9eb226b |
SHA1: | a5537bc9b2ffb0c1da02cd6db15ddeea2bf3b42b |
SHA256: | 28139b1c3cb363b5d592878c641c5e0b3978239a0fab0106b780bd8b9250a2a2 |
SHA512: | 8f164fd02cc85147290a8199e9bd66828a669b1f7ae30dd4839cdde62f94c27e5cd5c04e5fa7ca09d54b0db098fcb5e53689b277873db99a04e2c2a6f6f1e329 |
SSDEEP: | 1536:CHj/RpEawVW5f852EO/9Ll8eejXLd6jn5WC6:aj/RqW5um9B8tmn5WC6 |
TLSH: | 52534B9AF901DE7CF80BD2BA44574D0DB970A3D142830B3523ABFEA76D721A51D22F85 |
File Content Preview: | .ELF.......................D...4...H.....4. ...(.......................V...V...... ........\...\...\......%P...... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y...t QJ.g.X.#....tN."y...t QJ.f.A.....J.g.Hy...XN.X.........N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 63816 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0xd3fe | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x8000d4a6 | 0xd4a6 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x8000d4b4 | 0xd4b4 | 0x20a2 | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x8001155c | 0xf55c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x80011564 | 0xf564 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x80011570 | 0xf570 | 0x398 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x80011908 | 0xf908 | 0x21a4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xf908 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0xf556 | 0xf556 | 6.3115 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0xf55c | 0x8001155c | 0x8001155c | 0x3ac | 0x2550 | 3.3780 | 0x6 | RW | 0x2000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:10:12.144203901 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:12.354351044 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:12.354789019 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:12.354923964 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:12.565078974 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:12.565412998 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:12.775397062 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:27.811460018 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:27.811883926 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:43.023082972 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:43.023525000 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:56.266856909 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:56.267952919 CEST | 39686 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:56.477755070 CEST | 33966 | 39686 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:58.315869093 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:58.520334959 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:58.520504951 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:58.520653009 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:58.725053072 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:10:58.725229979 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:10:58.932089090 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:13.930855989 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:13.931137085 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:28.550288916 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:28.754894972 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:38.559900999 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:38.764302969 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:53.822854042 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:53.822978973 CEST | 39688 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:54.402215004 CEST | 33966 | 39688 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:56.462690115 CEST | 39690 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:56.666512966 CEST | 33966 | 39690 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:56.666969061 CEST | 39690 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:56.666969061 CEST | 39690 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:56.870660067 CEST | 33966 | 39690 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:11:56.870874882 CEST | 39690 | 33966 | 192.168.2.15 | 45.131.111.219 |
Apr 17, 2024 23:11:57.075026035 CEST | 33966 | 39690 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:12:12.080925941 CEST | 33966 | 39690 | 45.131.111.219 | 192.168.2.15 |
Apr 17, 2024 23:12:12.081146955 CEST | 39690 | 33966 | 192.168.2.15 | 45.131.111.219 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:10:11.507832050 CEST | 44257 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:11.617125034 CEST | 53 | 44257 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:11.617594957 CEST | 49241 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:11.722557068 CEST | 53 | 49241 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:11.722872019 CEST | 58610 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:11.827568054 CEST | 53 | 58610 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:11.827826023 CEST | 38060 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:11.932298899 CEST | 53 | 38060 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:11.933274031 CEST | 42622 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:12.038389921 CEST | 53 | 42622 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:12.038703918 CEST | 50352 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:12.143584013 CEST | 53 | 50352 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.268985987 CEST | 47515 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.373378992 CEST | 53 | 47515 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.373637915 CEST | 58274 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.477904081 CEST | 53 | 58274 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.478096962 CEST | 35488 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.582379103 CEST | 53 | 35488 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.582598925 CEST | 49515 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.686841011 CEST | 53 | 49515 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.687046051 CEST | 39560 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.791341066 CEST | 53 | 39560 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.791557074 CEST | 42746 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:57.896013975 CEST | 53 | 42746 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:57.896230936 CEST | 44611 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:58.000664949 CEST | 53 | 44611 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:58.001070976 CEST | 43348 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:58.105287075 CEST | 53 | 43348 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:58.105598927 CEST | 47095 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:58.210093021 CEST | 53 | 47095 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:10:58.210516930 CEST | 41923 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:10:58.315521002 CEST | 53 | 41923 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.403283119 CEST | 41839 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:55.507752895 CEST | 53 | 41839 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.508369923 CEST | 39766 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:55.613204956 CEST | 53 | 39766 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.613730907 CEST | 46873 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:55.718306065 CEST | 53 | 46873 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.718739033 CEST | 35036 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:55.823195934 CEST | 53 | 35036 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.823586941 CEST | 52344 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:55.927889109 CEST | 53 | 52344 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:55.928159952 CEST | 55064 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:56.041428089 CEST | 53 | 55064 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:56.041831970 CEST | 41841 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:56.146737099 CEST | 53 | 41841 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:56.147021055 CEST | 55258 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:56.251565933 CEST | 53 | 55258 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:56.251924992 CEST | 45910 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:56.356225014 CEST | 53 | 45910 | 8.8.8.8 | 192.168.2.15 |
Apr 17, 2024 23:11:56.356714964 CEST | 47877 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 17, 2024 23:11:56.462069035 CEST | 53 | 47877 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:10:11.507832050 CEST | 192.168.2.15 | 8.8.8.8 | 0x8157 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:10:57.268985987 CEST | 192.168.2.15 | 8.8.8.8 | 0x7d0b | Standard query (0) | 19264 | 64 | false | |
Apr 17, 2024 23:10:57.373637915 CEST | 192.168.2.15 | 8.8.8.8 | 0x7d0b | Standard query (0) | 25664 | 64 | false | |
Apr 17, 2024 23:10:57.478096962 CEST | 192.168.2.15 | 8.8.8.8 | 0x7d0b | Standard query (0) | 28480 | 64 | false | |
Apr 17, 2024 23:10:57.582598925 CEST | 192.168.2.15 | 8.8.8.8 | 0x7d0b | Standard query (0) | 35136 | 64 | false | |
Apr 17, 2024 23:10:57.687046051 CEST | 192.168.2.15 | 8.8.8.8 | 0x7d0b | Standard query (0) | 38976 | 64 | false | |
Apr 17, 2024 23:11:55.403283119 CEST | 192.168.2.15 | 8.8.8.8 | 0x25a7 | Standard query (0) | 20 | 64836 | false | |
Apr 17, 2024 23:11:55.508369923 CEST | 192.168.2.15 | 8.8.8.8 | 0x25a7 | Standard query (0) | 0 | 20224 | false | |
Apr 17, 2024 23:11:55.613730907 CEST | 192.168.2.15 | 8.8.8.8 | 0x25a7 | Standard query (0) | 20 | 64836 | false | |
Apr 17, 2024 23:11:55.718739033 CEST | 192.168.2.15 | 8.8.8.8 | 0x25a7 | Standard query (0) | 54 | 0 | false | |
Apr 17, 2024 23:11:55.823586941 CEST | 192.168.2.15 | 8.8.8.8 | 0x25a7 | Standard query (0) | 5239 | 63836 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:10:11.617125034 CEST | 8.8.8.8 | 192.168.2.15 | 0x8157 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 21:10:11 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/6pZSqZEAa2.elf |
Arguments: | /tmp/6pZSqZEAa2.elf |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 21:10:11 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/6pZSqZEAa2.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |