Edit tour
Linux
Analysis Report
AkV7DALWTe.elf
Overview
General Information
Sample name: | AkV7DALWTe.elfrenamed because original name is a hash value |
Original sample name: | 7b844888f864698c835723076d6731a0.elf |
Analysis ID: | 1427652 |
MD5: | 7b844888f864698c835723076d6731a0 |
SHA1: | 8216c1d44e0cfb92f20158e144c56b405a2bf27c |
SHA256: | 0e7aa35748eebf6df567c22f7dc492bfbd4b84f4666e63f90979ea18aa41894c |
Tags: | 32elfintelmirai |
Infos: |
Detection
Mirai
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queries the IP of a very long domain name
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match
Classification
Analysis Advice
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427652 |
Start date and time: | 2024-04-17 23:11:58 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | AkV7DALWTe.elfrenamed because original name is a hash value |
Original Sample Name: | 7b844888f864698c835723076d6731a0.elf |
Detection: | MAL |
Classification: | mal88.troj.evad.linELF@0/0@26/0 |
- VT rate limit hit for: AkV7DALWTe.elf
Command: | /tmp/AkV7DALWTe.elf |
PID: | 5460 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | about to cum inside a femboy btw |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_268aac0b | unknown | unknown |
| |
Linux_Trojan_Mirai_0cb1699c | unknown | unknown |
| |
Linux_Trojan_Mirai_70ef58f1 | unknown | unknown |
| |
Click to see the 4 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_268aac0b | unknown | unknown |
| |
Linux_Trojan_Mirai_0cb1699c | unknown | unknown |
| |
Linux_Trojan_Mirai_70ef58f1 | unknown | unknown |
| |
Click to see the 5 entries |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Networking |
---|
Source: | DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 12 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kovey.mezo-api.xyz | 45.131.111.219 | true | true | unknown | |
kovey.mezo-api.xyz.; fJ66a/PV!E(j5OXv; fLOOPV!a/EAI@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f66a/PV!E(W95l; f\OOPV!a/EA_@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.U; f66a/PV!E(958NCU; fJJPV!a/E<:@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fh66a/PV!E(o@:>5CyQ; fiOOPV!a/EA|@@j | unknown | unknown | true | low | |
kovey.mezo-api.xyz.U; f?66a/PV!E(&(:5CU; fsOOPV!a/EAp@@v | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fIZ66a/PV!E(!:5; f[OOPV!a/EA,@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.U; f66a/PV!E(vw:75CU; fOOPV!a/EA_@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.v; f66a/PV!E(59y-5,`"=v; fOOPV!a/EA@@E | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fd66a/PV!E(c:5c?; fdJJPV!a/E<l @@n | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f3A66a/PV!E(ij5(H; f!BOOPV!a/EA@@d | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f866a/PV!E(fj5zQ; f~8OOPV!a/EA@@P | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f66a/PV!E(Ni9`5; fPOOPV!a/EA@@G | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fr66a/PV!E(:i5Z; ftOOPV!a/EA@@S | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f66a/PV!E(9?5@Q; f?OOPV!a/EA@@_ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fj66a/PV!E(:P5DQ; fJJPV!a/E<{@@- | unknown | unknown | true | low | |
kovey.mezo-api.xyz.v; fD66a/PV!E(:d5"=v; fOOPV!a/EA@@+ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; fq66a/PV!E($j[594; fmOOPV!a/EA@@b | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f~66a/PV!E(95]; f~JJPV!a/E<@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.v; fI66a/PV!E(Z8:S5l "=v; fKOOPV!a/EA@@O | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f66a/PV!E(95Q; f_OOPV!a/EA@@T | unknown | unknown | true | low | |
kovey.mezo-api.xyz.; f66a/PV!E(&:5C; fOOPV!a/EA1@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.v; fz66a/PV!E(9k9u5"=v; fC{OOPV!a/EA@@A | unknown | unknown | true | low | |
kovey.mezo-api.xyz.T; f66a/PV!E(95"dCT; fOOPV!a/EAT@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.v; f66a/PV!E(:;5"=v; fTJJPV!a/E<N@@ | unknown | unknown | true | low | |
kovey.mezo-api.xyz.U; fb66a/PV!E(:%5CU; fOOPV!a/EAY@@ | unknown | unknown | true | low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.131.111.219 | kovey.mezo-api.xyz | Germany | 398373 | SERVERDESTROYERSUS | true | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.131.111.219 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
185.125.190.26 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Chaos | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
kovey.mezo-api.xyz | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
SERVERDESTROYERSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.355917816487784 |
TrID: |
|
File name: | AkV7DALWTe.elf |
File size: | 58'704 bytes |
MD5: | 7b844888f864698c835723076d6731a0 |
SHA1: | 8216c1d44e0cfb92f20158e144c56b405a2bf27c |
SHA256: | 0e7aa35748eebf6df567c22f7dc492bfbd4b84f4666e63f90979ea18aa41894c |
SHA512: | 106358b02799e0aed98eaee8ebd53f72302dd519977305633485b3e783e80aad513f3b7ed66b383a0cf53d76e5c30d55490eb7de4d6d6c132a0a4d4cd49863b8 |
SSDEEP: | 1536:0RgWI56uIi0hTtcTNcTyV0ULBvdDLTjOWmCAM3e0/vHj67FQQR:0Rgd56ViLTNcTyV1LBvdDLTzl1O0/PjS |
TLSH: | FD4319C1F58B44FAD05B093081A7FB3FDE31D5A84270D76EEFD99A36DA635038612A48 |
File Content Preview: | .ELF....................h...4...........4. ...(..............................................p...p.......(..........Q.td............................U..S............h........[]...$.............U......=.s...t..1.....p......p......u........t...$.`..........s |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 58304 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0xbcb1 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x8053d61 | 0xbd61 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8053d80 | 0xbd80 | 0x231c | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x80570a0 | 0xe0a0 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x80570a8 | 0xe0a8 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x80570c0 | 0xe0c0 | 0x2c0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x8057380 | 0xe380 | 0x2520 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0xe380 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0xe09c | 0xe09c | 6.3874 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0xe0a0 | 0x80570a0 | 0x80570a0 | 0x2e0 | 0x2800 | 3.9558 | 0x6 | RW | 0x1000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:12:53.373663902 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:12:53.579695940 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:12:53.579900980 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:12:53.580136061 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:12:53.786056042 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:12:53.786216974 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:12:53.992433071 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:02.846235037 CEST | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Apr 17, 2024 23:13:08.994786978 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:08.995057106 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:24.202672958 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:24.202887058 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:24.382405043 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:24.382589102 CEST | 44672 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:24.588480949 CEST | 33966 | 44672 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:26.437076092 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:26.646409988 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:26.646576881 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:26.646650076 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:26.855885029 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:26.856041908 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:27.065273046 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:34.589777946 CEST | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Apr 17, 2024 23:13:42.067527056 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:42.067748070 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:13:57.279361010 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:13:57.279547930 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:06.678333998 CEST | 44674 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:06.887960911 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:08.044281960 CEST | 33966 | 44674 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:10.091344118 CEST | 44676 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:10.294547081 CEST | 33966 | 44676 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:10.294740915 CEST | 44676 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:10.294825077 CEST | 44676 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:10.497997999 CEST | 33966 | 44676 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:10.498191118 CEST | 44676 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:10.701420069 CEST | 33966 | 44676 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:20.304920912 CEST | 44676 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:20.508143902 CEST | 33966 | 44676 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:28.921673059 CEST | 33966 | 44676 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:30.970989943 CEST | 44678 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:31.179406881 CEST | 33966 | 44678 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:35.229118109 CEST | 44680 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:35.435530901 CEST | 33966 | 44680 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:35.435705900 CEST | 44680 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:35.435833931 CEST | 44680 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:35.642213106 CEST | 33966 | 44680 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:35.642343044 CEST | 44680 | 33966 | 192.168.2.13 | 45.131.111.219 |
Apr 17, 2024 23:14:35.848639011 CEST | 33966 | 44680 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:50.852081060 CEST | 33966 | 44680 | 45.131.111.219 | 192.168.2.13 |
Apr 17, 2024 23:14:50.852319956 CEST | 44680 | 33966 | 192.168.2.13 | 45.131.111.219 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 23:12:52.739965916 CEST | 34336 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:52.849937916 CEST | 53 | 34336 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:12:52.850111961 CEST | 46370 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:52.954540968 CEST | 53 | 46370 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:12:52.954818964 CEST | 36599 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:53.059233904 CEST | 53 | 36599 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:12:53.059585094 CEST | 33206 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:53.163989067 CEST | 53 | 33206 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:12:53.164364100 CEST | 37537 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:53.268606901 CEST | 53 | 37537 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:12:53.268914938 CEST | 53816 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:12:53.373446941 CEST | 53 | 53816 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.382821083 CEST | 57756 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:25.487603903 CEST | 53 | 57756 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.487839937 CEST | 58548 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:25.592298985 CEST | 53 | 58548 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.592608929 CEST | 60826 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:25.705552101 CEST | 53 | 60826 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.705805063 CEST | 47399 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:25.810102940 CEST | 53 | 47399 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.810292959 CEST | 49764 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:25.914535046 CEST | 53 | 49764 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:25.914710999 CEST | 57964 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:26.018863916 CEST | 53 | 57964 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:26.019211054 CEST | 43052 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:26.123420000 CEST | 53 | 43052 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:26.123629093 CEST | 60106 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:26.227979898 CEST | 53 | 60106 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:26.228163004 CEST | 44500 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:26.332355976 CEST | 53 | 44500 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:13:26.332518101 CEST | 37022 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:13:26.436892033 CEST | 53 | 37022 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.044774055 CEST | 58707 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.148953915 CEST | 53 | 58707 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.149337053 CEST | 47137 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.253781080 CEST | 53 | 47137 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.254007101 CEST | 52531 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.358289957 CEST | 53 | 52531 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.358534098 CEST | 57495 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.462963104 CEST | 53 | 57495 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.463162899 CEST | 47973 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.567508936 CEST | 53 | 47973 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.567744017 CEST | 35368 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.672050953 CEST | 53 | 35368 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.672288895 CEST | 40249 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.776561022 CEST | 53 | 40249 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.776813030 CEST | 59601 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.881298065 CEST | 53 | 59601 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.881690979 CEST | 48915 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:09.986342907 CEST | 53 | 48915 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:09.986704111 CEST | 37475 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:10.091159105 CEST | 53 | 37475 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:29.922327042 CEST | 40899 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.026834011 CEST | 53 | 40899 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.027301073 CEST | 47740 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.131848097 CEST | 53 | 47740 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.132205963 CEST | 38886 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.237211943 CEST | 53 | 38886 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.237622023 CEST | 48313 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.341850042 CEST | 53 | 48313 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.341957092 CEST | 59120 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.446439981 CEST | 53 | 59120 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.446604967 CEST | 57411 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.551064014 CEST | 53 | 57411 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.551184893 CEST | 34499 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.655543089 CEST | 53 | 34499 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.655678988 CEST | 34576 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.760792017 CEST | 53 | 34576 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.760926962 CEST | 57118 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.866319895 CEST | 53 | 57118 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:30.866430044 CEST | 44612 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:30.970858097 CEST | 53 | 44612 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.179807901 CEST | 34539 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.284162998 CEST | 53 | 34539 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.284442902 CEST | 37884 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.390197039 CEST | 53 | 37884 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.390479088 CEST | 45721 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.494806051 CEST | 53 | 45721 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.495028019 CEST | 59032 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.600393057 CEST | 53 | 59032 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.600656033 CEST | 48018 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.704905987 CEST | 53 | 48018 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.705296993 CEST | 33308 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.809545040 CEST | 53 | 33308 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.809868097 CEST | 34115 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:34.914416075 CEST | 53 | 34115 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:34.914571047 CEST | 49999 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:35.019125938 CEST | 53 | 49999 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:35.019591093 CEST | 44793 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:35.124072075 CEST | 53 | 44793 | 8.8.8.8 | 192.168.2.13 |
Apr 17, 2024 23:14:35.124507904 CEST | 48618 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 17, 2024 23:14:35.228874922 CEST | 53 | 48618 | 8.8.8.8 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:12:52.739965916 CEST | 192.168.2.13 | 8.8.8.8 | 0x35c9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 23:12:52.850111961 CEST | 192.168.2.13 | 8.8.8.8 | 0x1743 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:12:52.954818964 CEST | 192.168.2.13 | 8.8.8.8 | 0x1743 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:12:53.059585094 CEST | 192.168.2.13 | 8.8.8.8 | 0x1743 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:12:53.164364100 CEST | 192.168.2.13 | 8.8.8.8 | 0x1743 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:12:53.268914938 CEST | 192.168.2.13 | 8.8.8.8 | 0x1743 | Standard query (0) | 525 | 11651 | false | |
Apr 17, 2024 23:13:25.914710999 CEST | 192.168.2.13 | 8.8.8.8 | 0x223d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:13:26.019211054 CEST | 192.168.2.13 | 8.8.8.8 | 0x223d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:13:26.123629093 CEST | 192.168.2.13 | 8.8.8.8 | 0x223d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:13:26.228163004 CEST | 192.168.2.13 | 8.8.8.8 | 0x223d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:13:26.332518101 CEST | 192.168.2.13 | 8.8.8.8 | 0x223d | Standard query (0) | 525 | 11651 | false | |
Apr 17, 2024 23:14:09.567744017 CEST | 192.168.2.13 | 8.8.8.8 | 0xd99d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:09.672288895 CEST | 192.168.2.13 | 8.8.8.8 | 0xd99d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:09.776813030 CEST | 192.168.2.13 | 8.8.8.8 | 0xd99d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:09.881690979 CEST | 192.168.2.13 | 8.8.8.8 | 0xd99d | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:09.986704111 CEST | 192.168.2.13 | 8.8.8.8 | 0xd99d | Standard query (0) | 525 | 11651 | false | |
Apr 17, 2024 23:14:30.446604967 CEST | 192.168.2.13 | 8.8.8.8 | 0x51c6 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:30.551184893 CEST | 192.168.2.13 | 8.8.8.8 | 0x51c6 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:30.655678988 CEST | 192.168.2.13 | 8.8.8.8 | 0x51c6 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:30.760926962 CEST | 192.168.2.13 | 8.8.8.8 | 0x51c6 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:30.866430044 CEST | 192.168.2.13 | 8.8.8.8 | 0x51c6 | Standard query (0) | 525 | 11651 | false | |
Apr 17, 2024 23:14:34.705296993 CEST | 192.168.2.13 | 8.8.8.8 | 0x9004 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:34.809868097 CEST | 192.168.2.13 | 8.8.8.8 | 0x9004 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:34.914571047 CEST | 192.168.2.13 | 8.8.8.8 | 0x9004 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:35.019591093 CEST | 192.168.2.13 | 8.8.8.8 | 0x9004 | Standard query (0) | 525 | 2056 | false | |
Apr 17, 2024 23:14:35.124507904 CEST | 192.168.2.13 | 8.8.8.8 | 0x9004 | Standard query (0) | 525 | 11651 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 23:12:52.849937916 CEST | 8.8.8.8 | 192.168.2.13 | 0x35c9 | No error (0) | 45.131.111.219 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 21:12:52 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/AkV7DALWTe.elf |
Arguments: | /tmp/AkV7DALWTe.elf |
File size: | 58704 bytes |
MD5 hash: | 7b844888f864698c835723076d6731a0 |
Start time (UTC): | 21:12:52 |
Start date (UTC): | 17/04/2024 |
Path: | /tmp/AkV7DALWTe.elf |
Arguments: | - |
File size: | 58704 bytes |
MD5 hash: | 7b844888f864698c835723076d6731a0 |