Edit tour

Linux Analysis Report
NnDBvZKtdN.elf

Overview

General Information

Sample name:	NnDBvZKtdN.elf renamed because original name is a hash value
Original sample name:	8622bebd8e2cbc2b5771884826a0afe5.elf
Analysis ID:	1427807
MD5:	8622bebd8e2cbc2b5771884826a0afe5
SHA1:	9563625717e0b5408a169c200182f81f6adc373a
SHA256:	3242dc29b3aeffc6cfbb754278b327953eaccb1488fd6cdb5101d06baaf98e91
Tags:	32elfintelmirai
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Enumerates processes within the "proc" file system

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Yara signature match

Classification

Analysis Advice

All domains contacted by the sample do not resolve. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427807
Start date and time:	2024-04-18 07:59:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	NnDBvZKtdN.elf renamed because original name is a hash value
Original Sample Name:	8622bebd8e2cbc2b5771884826a0afe5.elf
Detection:	MAL
Classification:	mal60.linELF@0/0@100/0

Runtime Messages

Command:	/tmp/NnDBvZKtdN.elf
PID:	5513
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	done.
Standard Error:

Process Tree

system is lnxubuntu20

NnDBvZKtdN.elf (PID: 5513, Parent: 5437, MD5: 8622bebd8e2cbc2b5771884826a0afe5) Arguments: /tmp/NnDBvZKtdN.elf

NnDBvZKtdN.elf New Fork (PID: 5514, Parent: 5513)

NnDBvZKtdN.elf New Fork (PID: 5515, Parent: 5514)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
NnDBvZKtdN.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xd178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd18c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd204:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd218:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd22c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd240:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd254:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd268:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd27c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd290:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd308:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
NnDBvZKtdN.elf	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x720b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
NnDBvZKtdN.elf	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x59ba:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
NnDBvZKtdN.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x53a2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Memory Dumps

Source	Rule	Description	Author	Strings
5513.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xd178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd18c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd204:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd218:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd22c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd240:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd254:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd268:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd27c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd290:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd2f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd308:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5513.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x720b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5513.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x59ba:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5513.1.0000000008048000.0000000008057000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x53a2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Process Memory Space: NnDBvZKtdN.elf PID: 5513	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x9d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaa0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xab4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xadc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: NnDBvZKtdN.elf	ReversingLabs: Detection: 60%
Source: NnDBvZKtdN.elf	Virustotal: Detection: 50%			Perma Link

Machine Learning detection for sample

Source: NnDBvZKtdN.elf

Joe Sandbox ML: detected

Source: NnDBvZKtdN.elf

String: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f

Source: unknown

DNS traffic detected: query: cnc.condi.cloud replaycode: Server failure (2)

Source: unknown

DNS traffic detected: queries for: cnc.condi.cloud

System Summary

Malicious sample detected (through community Yara rule)

Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: Process Memory Space: NnDBvZKtdN.elf PID: 5513, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: HTTP/1.1 200 OKtop1hbt.armtop1hbt.arm5top1hbt.arm6top1hbt.arm7top1hbt.mipstop1hbt.mpsltop1hbt.x86_64top1hbt.sh4/proc/proc/%d/cmdlinenetstatwgetcurl/bin/busybox/proc//proc/%s/exe/proc/self/exevar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdvar/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemdshellmnt/sys/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/anko-app/ankosample _8182T_1104/usr/libexec/openssh/sftp-serverabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ3f

Source: ELF static info symbol of initial sample

.symtab present: no

Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: NnDBvZKtdN.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5513.1.0000000008048000.0000000008057000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: Process Memory Space: NnDBvZKtdN.elf PID: 5513, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal60.linELF@0/0@100/0

Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1583/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/2672/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1577/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1593/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/240/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3094/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/242/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3406/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/244/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1589/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/245/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3402/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/247/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3764/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3765/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3766/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3767/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/806/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/807/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/928/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/490/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/131/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/135/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/378/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/3412/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/30/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/35/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/1371/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/260/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/261/cmdline	Jump to behavior
Source: /tmp/NnDBvZKtdN.elf (PID: 5515)	File opened: /proc/262/cmdline	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
NnDBvZKtdN.elf	61%	ReversingLabs	Linux.Trojan.Mirai
NnDBvZKtdN.elf	50%	Virustotal		Browse
NnDBvZKtdN.elf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cnc.condi.cloud	unknown	unknown	true		unknown

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.32990306590306
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	NnDBvZKtdN.elf
File size:	62'316 bytes
MD5:	8622bebd8e2cbc2b5771884826a0afe5
SHA1:	9563625717e0b5408a169c200182f81f6adc373a
SHA256:	3242dc29b3aeffc6cfbb754278b327953eaccb1488fd6cdb5101d06baaf98e91
SHA512:	fa95d16673d24ed84aa3fd7f6eb49d9f268a84ae555203c4bcb8c3aef06d0727f53690f9cfa3bcc6139b4eabfb06bec760b04a82091ecd925e07cfc4364f7670
SSDEEP:	768:lXlW6Ur9L39tzOL1++vLoIC22mSAeao6fYkeUo6LEz3BvyPwXnVrUAM31g2yXMDd:hqL399OQsLQmSn9UoIwrU531g2y70r
TLSH:	5F533A94F743D4F1D8470930119BFB3A9A31EEE11160ED2BEB98FE72AC729129116B5C
File Content Preview:	.ELF....................T...4...........4. ...(.........................................t...tp..tp..(...............Q.td................................d.......................U......=.q...t..5.....p......p......u........t....h.p.............q........&...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048154
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	61916
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x11	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xcbe7	0x0	0x6	AX	16
.fini	PROGBITS	0x8054c97	0xcc97	0xc	0x0	0x6	AX	1
.rodata	PROGBITS	0x8054cc0	0xccc0	0x1ad4	0x0	0x2	A	32
.ctors	PROGBITS	0x8057074	0xf074	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805707c	0xf07c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80570a0	0xf0a0	0xfc	0x0	0x3	WA	32
.bss	NOBITS	0x80571a0	0xf19c	0x868	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xf19c	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xe794	0xe794	6.4892	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xf074	0x8057074	0x8057074	0x128	0x994	3.8489	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 07:59:46.722132921 CEST	48074	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:46.948549986 CEST	53	48074	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:46.948668003 CEST	33508	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:47.131932974 CEST	53	33508	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:47.132056952 CEST	38961	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:47.334244967 CEST	53	38961	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:47.334382057 CEST	44470	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:47.517951965 CEST	53	44470	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:47.518098116 CEST	57678	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:47.701625109 CEST	53	57678	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:51.701713085 CEST	48495	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:51.898200989 CEST	53	48495	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:51.898422003 CEST	59424	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:52.081671000 CEST	53	59424	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:52.081803083 CEST	50698	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:52.265723944 CEST	53	50698	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:52.265842915 CEST	56120	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:52.450360060 CEST	53	56120	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:52.450486898 CEST	48733	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:52.633991003 CEST	53	48733	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:55.634138107 CEST	56742	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:55.817697048 CEST	53	56742	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:55.817804098 CEST	54404	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:56.019841909 CEST	53	54404	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:56.019948006 CEST	49262	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:56.203500032 CEST	53	49262	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:56.203716040 CEST	43821	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:56.386876106 CEST	53	43821	8.8.8.8	192.168.2.14
Apr 18, 2024 07:59:56.386971951 CEST	48434	53	192.168.2.14	8.8.8.8
Apr 18, 2024 07:59:56.570341110 CEST	53	48434	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:02.570354939 CEST	58686	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:02.754101038 CEST	53	58686	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:02.754283905 CEST	46829	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:02.937650919 CEST	53	46829	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:02.937827110 CEST	50777	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:03.121373892 CEST	53	50777	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:03.121526003 CEST	35792	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:03.308938026 CEST	53	35792	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:03.309092999 CEST	33984	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:03.542287111 CEST	53	33984	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:09.542417049 CEST	60282	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:09.726397991 CEST	53	60282	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:09.726835012 CEST	34132	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:09.942184925 CEST	53	34132	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:09.942492962 CEST	40602	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:10.155698061 CEST	53	40602	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:10.156008959 CEST	38724	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:10.339857101 CEST	53	38724	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:10.340142012 CEST	35028	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:10.524296999 CEST	53	35028	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:14.524583101 CEST	43827	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:14.721690893 CEST	53	43827	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:14.721966982 CEST	42744	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:14.906235933 CEST	53	42744	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:14.906497955 CEST	40971	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:15.132921934 CEST	53	40971	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:15.133162975 CEST	35377	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:15.336913109 CEST	53	35377	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:15.337348938 CEST	34097	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:15.540225983 CEST	53	34097	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:24.540326118 CEST	44546	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:24.724495888 CEST	53	44546	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:24.724708080 CEST	33012	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:24.921787024 CEST	53	33012	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:24.922116041 CEST	53149	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:25.119848967 CEST	53	53149	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:25.120151997 CEST	59687	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:25.316850901 CEST	53	59687	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:25.317167997 CEST	56465	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:25.513696909 CEST	53	56465	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:28.513968945 CEST	48683	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:28.710575104 CEST	53	48683	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:28.710853100 CEST	43000	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:28.893897057 CEST	53	43000	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:28.894148111 CEST	59675	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:29.090543032 CEST	53	59675	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:29.090799093 CEST	42431	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:29.273555040 CEST	53	42431	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:29.273793936 CEST	38161	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:29.470681906 CEST	53	38161	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:36.470777035 CEST	49227	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:36.673547029 CEST	53	49227	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:36.673829079 CEST	40477	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:36.905941963 CEST	53	40477	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:36.906481028 CEST	41442	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:37.132483959 CEST	53	41442	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:37.132772923 CEST	50003	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:37.316299915 CEST	53	50003	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:37.316576004 CEST	57926	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:37.500693083 CEST	53	57926	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:45.500744104 CEST	47138	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:45.698384047 CEST	53	47138	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:45.698914051 CEST	43485	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:45.901597023 CEST	53	43485	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:45.901865959 CEST	37053	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:46.087308884 CEST	53	37053	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:46.087587118 CEST	52374	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:46.283981085 CEST	53	52374	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:46.284224033 CEST	52885	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:46.468306065 CEST	53	52885	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:47.468625069 CEST	53215	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:47.684854984 CEST	53	53215	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:47.685142994 CEST	46756	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:47.868275881 CEST	53	46756	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:47.868506908 CEST	50731	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:48.094039917 CEST	53	50731	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:48.094263077 CEST	36466	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:48.278177977 CEST	53	36466	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:48.278492928 CEST	57646	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:48.460906029 CEST	53	57646	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:52.461404085 CEST	42955	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:52.644948006 CEST	53	42955	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:52.645221949 CEST	49905	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:52.829624891 CEST	53	49905	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:52.829895973 CEST	49362	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:53.026540995 CEST	53	49362	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:53.026676893 CEST	35479	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:53.242419958 CEST	53	35479	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:53.242758036 CEST	60706	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:53.426841021 CEST	53	60706	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:59.426836967 CEST	55857	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:59.622844934 CEST	53	55857	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:59.623032093 CEST	55628	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:00:59.835685968 CEST	53	55628	8.8.8.8	192.168.2.14
Apr 18, 2024 08:00:59.835867882 CEST	47172	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:00.061758995 CEST	53	47172	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:00.061909914 CEST	57725	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:00.245811939 CEST	53	57725	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:00.245999098 CEST	55005	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:00.429737091 CEST	53	55005	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:10.429635048 CEST	44776	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:10.629762888 CEST	53	44776	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:10.629947901 CEST	49802	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:10.813534975 CEST	53	49802	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:10.813967943 CEST	58806	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:10.997620106 CEST	53	58806	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:10.997807026 CEST	48056	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:11.195067883 CEST	53	48056	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:11.195262909 CEST	57489	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:11.379558086 CEST	53	57489	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:15.379915953 CEST	54596	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:15.564397097 CEST	53	54596	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:15.564615011 CEST	60359	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:15.762249947 CEST	53	60359	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:15.762404919 CEST	50261	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:15.946124077 CEST	53	50261	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:15.946310043 CEST	50103	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:16.143855095 CEST	53	50103	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:16.144068956 CEST	36110	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:16.375581026 CEST	53	36110	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:20.375941038 CEST	39430	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:20.560750008 CEST	53	39430	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:20.560976982 CEST	46733	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:20.774063110 CEST	53	46733	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:20.774378061 CEST	56777	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:20.958498955 CEST	53	56777	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:20.958971977 CEST	55082	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:21.142911911 CEST	53	55082	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:21.143315077 CEST	44986	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:22.034096956 CEST	53	44986	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:29.034472942 CEST	32829	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:29.225467920 CEST	53	32829	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:29.225641012 CEST	47963	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:29.428054094 CEST	53	47963	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:29.428212881 CEST	45206	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:29.619388103 CEST	53	45206	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:29.619556904 CEST	34847	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:29.836000919 CEST	53	34847	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:29.836229086 CEST	44434	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:30.039355993 CEST	53	44434	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:33.039669037 CEST	59711	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:33.224353075 CEST	53	59711	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:33.224528074 CEST	37179	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:33.421010017 CEST	53	37179	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:33.421174049 CEST	53728	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:33.604779959 CEST	53	53728	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:33.604924917 CEST	50214	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:33.788877010 CEST	53	50214	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:33.789006948 CEST	56382	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:33.972978115 CEST	53	56382	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:35.973198891 CEST	49188	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:36.187423944 CEST	53	49188	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:36.187644005 CEST	34602	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:36.384558916 CEST	53	34602	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:36.384691000 CEST	47665	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:36.599905014 CEST	53	47665	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:36.600141048 CEST	53171	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:36.827447891 CEST	53	53171	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:36.827614069 CEST	49411	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:37.040780067 CEST	53	49411	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:47.040591955 CEST	52043	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:47.238677979 CEST	53	52043	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:47.238810062 CEST	51304	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:47.465261936 CEST	53	51304	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:47.465373039 CEST	47709	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:47.654369116 CEST	53	47709	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:47.654547930 CEST	55404	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:47.850879908 CEST	53	55404	8.8.8.8	192.168.2.14
Apr 18, 2024 08:01:47.851057053 CEST	45012	53	192.168.2.14	8.8.8.8
Apr 18, 2024 08:01:48.034682989 CEST	53	45012	8.8.8.8	192.168.2.14

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 07:59:46.722132921 CEST	192.168.2.14	8.8.8.8	0xf6fa	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:46.948668003 CEST	192.168.2.14	8.8.8.8	0xf6fa	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.132056952 CEST	192.168.2.14	8.8.8.8	0xf6fa	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.334382057 CEST	192.168.2.14	8.8.8.8	0xf6fa	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.518098116 CEST	192.168.2.14	8.8.8.8	0xf6fa	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:51.701713085 CEST	192.168.2.14	8.8.8.8	0x468a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:51.898422003 CEST	192.168.2.14	8.8.8.8	0x468a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.081803083 CEST	192.168.2.14	8.8.8.8	0x468a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.265842915 CEST	192.168.2.14	8.8.8.8	0x468a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.450486898 CEST	192.168.2.14	8.8.8.8	0x468a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:55.634138107 CEST	192.168.2.14	8.8.8.8	0x2ff2	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:55.817804098 CEST	192.168.2.14	8.8.8.8	0x2ff2	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.019948006 CEST	192.168.2.14	8.8.8.8	0x2ff2	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.203716040 CEST	192.168.2.14	8.8.8.8	0x2ff2	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.386971951 CEST	192.168.2.14	8.8.8.8	0x2ff2	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:02.570354939 CEST	192.168.2.14	8.8.8.8	0xcaa8	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:02.754283905 CEST	192.168.2.14	8.8.8.8	0xcaa8	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:02.937827110 CEST	192.168.2.14	8.8.8.8	0xcaa8	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:03.121526003 CEST	192.168.2.14	8.8.8.8	0xcaa8	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:03.309092999 CEST	192.168.2.14	8.8.8.8	0xcaa8	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:09.542417049 CEST	192.168.2.14	8.8.8.8	0xa12e	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:09.726835012 CEST	192.168.2.14	8.8.8.8	0xa12e	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:09.942492962 CEST	192.168.2.14	8.8.8.8	0xa12e	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:10.156008959 CEST	192.168.2.14	8.8.8.8	0xa12e	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:10.340142012 CEST	192.168.2.14	8.8.8.8	0xa12e	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:14.524583101 CEST	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:14.721966982 CEST	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:14.906497955 CEST	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:15.133162975 CEST	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:15.337348938 CEST	192.168.2.14	8.8.8.8	0x23a1	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:24.540326118 CEST	192.168.2.14	8.8.8.8	0x660b	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:24.724708080 CEST	192.168.2.14	8.8.8.8	0x660b	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:24.922116041 CEST	192.168.2.14	8.8.8.8	0x660b	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:25.120151997 CEST	192.168.2.14	8.8.8.8	0x660b	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:25.317167997 CEST	192.168.2.14	8.8.8.8	0x660b	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:28.513968945 CEST	192.168.2.14	8.8.8.8	0xea97	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:28.710853100 CEST	192.168.2.14	8.8.8.8	0xea97	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:28.894148111 CEST	192.168.2.14	8.8.8.8	0xea97	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:29.090799093 CEST	192.168.2.14	8.8.8.8	0xea97	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:29.273793936 CEST	192.168.2.14	8.8.8.8	0xea97	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:36.470777035 CEST	192.168.2.14	8.8.8.8	0x69f3	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:36.673829079 CEST	192.168.2.14	8.8.8.8	0x69f3	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:36.906481028 CEST	192.168.2.14	8.8.8.8	0x69f3	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:37.132772923 CEST	192.168.2.14	8.8.8.8	0x69f3	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:37.316576004 CEST	192.168.2.14	8.8.8.8	0x69f3	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:45.500744104 CEST	192.168.2.14	8.8.8.8	0x6c89	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:45.698914051 CEST	192.168.2.14	8.8.8.8	0x6c89	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:45.901865959 CEST	192.168.2.14	8.8.8.8	0x6c89	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:46.087587118 CEST	192.168.2.14	8.8.8.8	0x6c89	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:46.284224033 CEST	192.168.2.14	8.8.8.8	0x6c89	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:47.468625069 CEST	192.168.2.14	8.8.8.8	0xba21	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:47.685142994 CEST	192.168.2.14	8.8.8.8	0xba21	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:47.868506908 CEST	192.168.2.14	8.8.8.8	0xba21	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:48.094263077 CEST	192.168.2.14	8.8.8.8	0xba21	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:48.278492928 CEST	192.168.2.14	8.8.8.8	0xba21	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:52.461404085 CEST	192.168.2.14	8.8.8.8	0x57a7	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:52.645221949 CEST	192.168.2.14	8.8.8.8	0x57a7	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:52.829895973 CEST	192.168.2.14	8.8.8.8	0x57a7	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:53.026676893 CEST	192.168.2.14	8.8.8.8	0x57a7	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:53.242758036 CEST	192.168.2.14	8.8.8.8	0x57a7	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:59.426836967 CEST	192.168.2.14	8.8.8.8	0x674f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:59.623032093 CEST	192.168.2.14	8.8.8.8	0x674f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:59.835867882 CEST	192.168.2.14	8.8.8.8	0x674f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:00.061909914 CEST	192.168.2.14	8.8.8.8	0x674f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:00.245999098 CEST	192.168.2.14	8.8.8.8	0x674f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.429635048 CEST	192.168.2.14	8.8.8.8	0xf09f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.629947901 CEST	192.168.2.14	8.8.8.8	0xf09f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.813967943 CEST	192.168.2.14	8.8.8.8	0xf09f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.997807026 CEST	192.168.2.14	8.8.8.8	0xf09f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:11.195262909 CEST	192.168.2.14	8.8.8.8	0xf09f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.379915953 CEST	192.168.2.14	8.8.8.8	0x5db4	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.564615011 CEST	192.168.2.14	8.8.8.8	0x5db4	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.762404919 CEST	192.168.2.14	8.8.8.8	0x5db4	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.946310043 CEST	192.168.2.14	8.8.8.8	0x5db4	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:16.144068956 CEST	192.168.2.14	8.8.8.8	0x5db4	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.375941038 CEST	192.168.2.14	8.8.8.8	0x879f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.560976982 CEST	192.168.2.14	8.8.8.8	0x879f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.774378061 CEST	192.168.2.14	8.8.8.8	0x879f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.958971977 CEST	192.168.2.14	8.8.8.8	0x879f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:21.143315077 CEST	192.168.2.14	8.8.8.8	0x879f	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.034472942 CEST	192.168.2.14	8.8.8.8	0xe204	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.225641012 CEST	192.168.2.14	8.8.8.8	0xe204	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.428212881 CEST	192.168.2.14	8.8.8.8	0xe204	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.619556904 CEST	192.168.2.14	8.8.8.8	0xe204	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.836229086 CEST	192.168.2.14	8.8.8.8	0xe204	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.039669037 CEST	192.168.2.14	8.8.8.8	0x2917	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.224528074 CEST	192.168.2.14	8.8.8.8	0x2917	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.421174049 CEST	192.168.2.14	8.8.8.8	0x2917	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.604924917 CEST	192.168.2.14	8.8.8.8	0x2917	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.789006948 CEST	192.168.2.14	8.8.8.8	0x2917	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:35.973198891 CEST	192.168.2.14	8.8.8.8	0xdd8a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.187644005 CEST	192.168.2.14	8.8.8.8	0xdd8a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.384691000 CEST	192.168.2.14	8.8.8.8	0xdd8a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.600141048 CEST	192.168.2.14	8.8.8.8	0xdd8a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.827614069 CEST	192.168.2.14	8.8.8.8	0xdd8a	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.040591955 CEST	192.168.2.14	8.8.8.8	0x7131	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.238810062 CEST	192.168.2.14	8.8.8.8	0x7131	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.465373039 CEST	192.168.2.14	8.8.8.8	0x7131	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.654547930 CEST	192.168.2.14	8.8.8.8	0x7131	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.851057053 CEST	192.168.2.14	8.8.8.8	0x7131	Standard query (0)	cnc.condi.cloud	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 07:59:46.948549986 CEST	8.8.8.8	192.168.2.14	0xf6fa	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.131932974 CEST	8.8.8.8	192.168.2.14	0xf6fa	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.334244967 CEST	8.8.8.8	192.168.2.14	0xf6fa	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.517951965 CEST	8.8.8.8	192.168.2.14	0xf6fa	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:47.701625109 CEST	8.8.8.8	192.168.2.14	0xf6fa	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:51.898200989 CEST	8.8.8.8	192.168.2.14	0x468a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.081671000 CEST	8.8.8.8	192.168.2.14	0x468a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.265723944 CEST	8.8.8.8	192.168.2.14	0x468a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.450360060 CEST	8.8.8.8	192.168.2.14	0x468a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:52.633991003 CEST	8.8.8.8	192.168.2.14	0x468a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:55.817697048 CEST	8.8.8.8	192.168.2.14	0x2ff2	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.019841909 CEST	8.8.8.8	192.168.2.14	0x2ff2	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.203500032 CEST	8.8.8.8	192.168.2.14	0x2ff2	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.386876106 CEST	8.8.8.8	192.168.2.14	0x2ff2	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 07:59:56.570341110 CEST	8.8.8.8	192.168.2.14	0x2ff2	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:02.754101038 CEST	8.8.8.8	192.168.2.14	0xcaa8	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:02.937650919 CEST	8.8.8.8	192.168.2.14	0xcaa8	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:03.121373892 CEST	8.8.8.8	192.168.2.14	0xcaa8	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:03.308938026 CEST	8.8.8.8	192.168.2.14	0xcaa8	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:03.542287111 CEST	8.8.8.8	192.168.2.14	0xcaa8	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:09.726397991 CEST	8.8.8.8	192.168.2.14	0xa12e	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:09.942184925 CEST	8.8.8.8	192.168.2.14	0xa12e	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:10.155698061 CEST	8.8.8.8	192.168.2.14	0xa12e	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:10.339857101 CEST	8.8.8.8	192.168.2.14	0xa12e	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:10.524296999 CEST	8.8.8.8	192.168.2.14	0xa12e	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:14.721690893 CEST	8.8.8.8	192.168.2.14	0x23a1	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:14.906235933 CEST	8.8.8.8	192.168.2.14	0x23a1	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:15.132921934 CEST	8.8.8.8	192.168.2.14	0x23a1	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:15.336913109 CEST	8.8.8.8	192.168.2.14	0x23a1	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:15.540225983 CEST	8.8.8.8	192.168.2.14	0x23a1	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:24.724495888 CEST	8.8.8.8	192.168.2.14	0x660b	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:24.921787024 CEST	8.8.8.8	192.168.2.14	0x660b	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:25.119848967 CEST	8.8.8.8	192.168.2.14	0x660b	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:25.316850901 CEST	8.8.8.8	192.168.2.14	0x660b	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:25.513696909 CEST	8.8.8.8	192.168.2.14	0x660b	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:28.710575104 CEST	8.8.8.8	192.168.2.14	0xea97	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:28.893897057 CEST	8.8.8.8	192.168.2.14	0xea97	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:29.090543032 CEST	8.8.8.8	192.168.2.14	0xea97	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:29.273555040 CEST	8.8.8.8	192.168.2.14	0xea97	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:29.470681906 CEST	8.8.8.8	192.168.2.14	0xea97	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:36.673547029 CEST	8.8.8.8	192.168.2.14	0x69f3	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:36.905941963 CEST	8.8.8.8	192.168.2.14	0x69f3	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:37.132483959 CEST	8.8.8.8	192.168.2.14	0x69f3	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:37.316299915 CEST	8.8.8.8	192.168.2.14	0x69f3	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:37.500693083 CEST	8.8.8.8	192.168.2.14	0x69f3	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:45.698384047 CEST	8.8.8.8	192.168.2.14	0x6c89	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:45.901597023 CEST	8.8.8.8	192.168.2.14	0x6c89	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:46.087308884 CEST	8.8.8.8	192.168.2.14	0x6c89	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:46.283981085 CEST	8.8.8.8	192.168.2.14	0x6c89	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:46.468306065 CEST	8.8.8.8	192.168.2.14	0x6c89	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:47.684854984 CEST	8.8.8.8	192.168.2.14	0xba21	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:47.868275881 CEST	8.8.8.8	192.168.2.14	0xba21	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:48.094039917 CEST	8.8.8.8	192.168.2.14	0xba21	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:48.278177977 CEST	8.8.8.8	192.168.2.14	0xba21	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:48.460906029 CEST	8.8.8.8	192.168.2.14	0xba21	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:52.644948006 CEST	8.8.8.8	192.168.2.14	0x57a7	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:52.829624891 CEST	8.8.8.8	192.168.2.14	0x57a7	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:53.026540995 CEST	8.8.8.8	192.168.2.14	0x57a7	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:53.242419958 CEST	8.8.8.8	192.168.2.14	0x57a7	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:53.426841021 CEST	8.8.8.8	192.168.2.14	0x57a7	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:59.622844934 CEST	8.8.8.8	192.168.2.14	0x674f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:00:59.835685968 CEST	8.8.8.8	192.168.2.14	0x674f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:00.061758995 CEST	8.8.8.8	192.168.2.14	0x674f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:00.245811939 CEST	8.8.8.8	192.168.2.14	0x674f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:00.429737091 CEST	8.8.8.8	192.168.2.14	0x674f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.629762888 CEST	8.8.8.8	192.168.2.14	0xf09f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.813534975 CEST	8.8.8.8	192.168.2.14	0xf09f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:10.997620106 CEST	8.8.8.8	192.168.2.14	0xf09f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:11.195067883 CEST	8.8.8.8	192.168.2.14	0xf09f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:11.379558086 CEST	8.8.8.8	192.168.2.14	0xf09f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.564397097 CEST	8.8.8.8	192.168.2.14	0x5db4	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.762249947 CEST	8.8.8.8	192.168.2.14	0x5db4	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:15.946124077 CEST	8.8.8.8	192.168.2.14	0x5db4	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:16.143855095 CEST	8.8.8.8	192.168.2.14	0x5db4	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:16.375581026 CEST	8.8.8.8	192.168.2.14	0x5db4	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.560750008 CEST	8.8.8.8	192.168.2.14	0x879f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.774063110 CEST	8.8.8.8	192.168.2.14	0x879f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:20.958498955 CEST	8.8.8.8	192.168.2.14	0x879f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:21.142911911 CEST	8.8.8.8	192.168.2.14	0x879f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:22.034096956 CEST	8.8.8.8	192.168.2.14	0x879f	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.225467920 CEST	8.8.8.8	192.168.2.14	0xe204	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.428054094 CEST	8.8.8.8	192.168.2.14	0xe204	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.619388103 CEST	8.8.8.8	192.168.2.14	0xe204	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:29.836000919 CEST	8.8.8.8	192.168.2.14	0xe204	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:30.039355993 CEST	8.8.8.8	192.168.2.14	0xe204	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.224353075 CEST	8.8.8.8	192.168.2.14	0x2917	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.421010017 CEST	8.8.8.8	192.168.2.14	0x2917	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.604779959 CEST	8.8.8.8	192.168.2.14	0x2917	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.788877010 CEST	8.8.8.8	192.168.2.14	0x2917	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:33.972978115 CEST	8.8.8.8	192.168.2.14	0x2917	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.187423944 CEST	8.8.8.8	192.168.2.14	0xdd8a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.384558916 CEST	8.8.8.8	192.168.2.14	0xdd8a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.599905014 CEST	8.8.8.8	192.168.2.14	0xdd8a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:36.827447891 CEST	8.8.8.8	192.168.2.14	0xdd8a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:37.040780067 CEST	8.8.8.8	192.168.2.14	0xdd8a	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.238677979 CEST	8.8.8.8	192.168.2.14	0x7131	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.465261936 CEST	8.8.8.8	192.168.2.14	0x7131	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.654369116 CEST	8.8.8.8	192.168.2.14	0x7131	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:47.850879908 CEST	8.8.8.8	192.168.2.14	0x7131	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false
Apr 18, 2024 08:01:48.034682989 CEST	8.8.8.8	192.168.2.14	0x7131	Server failure (2)	cnc.condi.cloud	none	none	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: NnDBvZKtdN.elf PID: 5513, Parent PID: 5437

General

Start time (UTC):	05:59:46
Start date (UTC):	18/04/2024
Path:	/tmp/NnDBvZKtdN.elf
Arguments:	/tmp/NnDBvZKtdN.elf
File size:	62316 bytes
MD5 hash:	8622bebd8e2cbc2b5771884826a0afe5

Start time (UTC):	05:59:46
Start date (UTC):	18/04/2024
Path:	/tmp/NnDBvZKtdN.elf
Arguments:	-
File size:	62316 bytes
MD5 hash:	8622bebd8e2cbc2b5771884826a0afe5

Start time (UTC):	05:59:46
Start date (UTC):	18/04/2024
Path:	/tmp/NnDBvZKtdN.elf
Arguments:	-
File size:	62316 bytes
MD5 hash:	8622bebd8e2cbc2b5771884826a0afe5

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report NnDBvZKtdN.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: NnDBvZKtdN.elf PID: 5513, Parent PID: 5437

General

Chronological Activities

Analysis Process: NnDBvZKtdN.elf PID: 5514, Parent PID: 5513

General

Chronological Activities

Analysis Process: NnDBvZKtdN.elf PID: 5515, Parent PID: 5514

General

Chronological Activities

Linux Analysis Report
NnDBvZKtdN.elf