Edit tour
Linux
Analysis Report
VPXX0UiRJ3.elf
Overview
General Information
Sample name: | VPXX0UiRJ3.elfrenamed because original name is a hash value |
Original sample name: | 61682f3d6f8a60b2526fbf2e331a44fa.elf |
Analysis ID: | 1428685 |
MD5: | 61682f3d6f8a60b2526fbf2e331a44fa |
SHA1: | 287d1364326ea46270e2b46bd3c7c5e04f028ce0 |
SHA256: | 7a74f548ee440de4c1d35b891fc609a84f5acf5e8b6841a1001b463c4dc46532 |
Tags: | 32elfintelmirai |
Infos: |
Detection
Mirai, Moobot, Okiru
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Mirai
Yara detected Moobot
Yara detected Okiru
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Reads system version information
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428685 |
Start date and time: | 2024-04-19 11:50:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | VPXX0UiRJ3.elfrenamed because original name is a hash value |
Original Sample Name: | 61682f3d6f8a60b2526fbf2e331a44fa.elf |
Detection: | MAL |
Classification: | mal100.troj.linELF@0/0@21/0 |
Command: | /tmp/VPXX0UiRJ3.elf |
PID: | 5694 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | done. |
Standard Error: |
- system is lnxubuntu20
- VPXX0UiRJ3.elf New Fork (PID: 5695, Parent: 5694)
- VPXX0UiRJ3.elf New Fork (PID: 5696, Parent: 5695)
- systemd New Fork (PID: 5736, Parent: 1)
- snap-failure New Fork (PID: 5754, Parent: 5736)
- snap-failure New Fork (PID: 5757, Parent: 5736)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
MooBot | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Moobot | Yara detected Moobot | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Click to see the 6 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Moobot | Yara detected Moobot | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Click to see the 10 entries |
Timestamp: | 04/19/24-11:51:57.752627 |
SID: | 2030490 |
Source Port: | 41448 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:29.887131 |
SID: | 2030490 |
Source Port: | 41458 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:39.319465 |
SID: | 2030490 |
Source Port: | 41478 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:21.049647 |
SID: | 2030490 |
Source Port: | 41456 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:05.074079 |
SID: | 2030490 |
Source Port: | 41468 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:28.456780 |
SID: | 2030490 |
Source Port: | 41476 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:58.253118 |
SID: | 2030490 |
Source Port: | 41466 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:17.231819 |
SID: | 2030490 |
Source Port: | 41454 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:43.185008 |
SID: | 2030490 |
Source Port: | 41480 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:55.746040 |
SID: | 2030490 |
Source Port: | 41486 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:54:01.586434 |
SID: | 2030490 |
Source Port: | 41488 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:18.772726 |
SID: | 2030490 |
Source Port: | 41472 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:43.592802 |
SID: | 2030490 |
Source Port: | 41462 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:05.546930 |
SID: | 2030490 |
Source Port: | 41450 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:14.379856 |
SID: | 2030490 |
Source Port: | 41452 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:45.052765 |
SID: | 2030490 |
Source Port: | 41482 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:51.901617 |
SID: | 2030490 |
Source Port: | 41484 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:15.915257 |
SID: | 2030490 |
Source Port: | 41470 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:53:22.622454 |
SID: | 2030490 |
Source Port: | 41474 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:38.746003 |
SID: | 2030490 |
Source Port: | 41460 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:52:54.418714 |
SID: | 2030490 |
Source Port: | 41464 |
Destination Port: | 29989 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Systemctl executable: | Jump to behavior |
Source: | Reads version info: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Systemd Service | 1 Systemd Service | Direct Volume Access | 1 OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Scripting | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
63% | ReversingLabs | Linux.Trojan.Mirai | ||
40% | Virustotal | Browse | ||
100% | Avira | EXP/ELF.Mirai.Z.A | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
proxy.heleh.vn | 103.174.73.85 | true | true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.174.73.85 | proxy.heleh.vn | unknown | 7575 | AARNET-AS-APAustralianAcademicandResearchNetworkAARNe | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
103.174.73.85 | Get hash | malicious | Mirai, Moobot, Okiru | Browse | ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai, Moobot, Okiru | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
proxy.heleh.vn | Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| |
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AARNET-AS-APAustralianAcademicandResearchNetworkAARNe | Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| |
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.774774322276727 |
TrID: |
|
File name: | VPXX0UiRJ3.elf |
File size: | 96'264 bytes |
MD5: | 61682f3d6f8a60b2526fbf2e331a44fa |
SHA1: | 287d1364326ea46270e2b46bd3c7c5e04f028ce0 |
SHA256: | 7a74f548ee440de4c1d35b891fc609a84f5acf5e8b6841a1001b463c4dc46532 |
SHA512: | 275e285d7307cca4a2a8f53db5b4abebccadd7e8f06ff55b71707db195bd103ffc0a3a1dccd0db6b088072152013dc7584a7307018f1c9fa6af0574b08cd5077 |
SSDEEP: | 1536:ycIcWeUddgRSfOtWektXFC7rpHQj9In/klDw+uckqr2XPGRw7SPRDmxW:XBoddgRSmtVWXsPpHa9InYvjkXXe2WUx |
TLSH: | C4936DC4F283D4FAE85705B12137AB365F33E0B56119EE42D3789E32AC92512DA17B9C |
File Content Preview: | .ELF....................d...4...xv......4. ...(......................................................G..8...........Q.td............................U..S......./>...h....C...[]...$.............U......=@....t..5...................u........t....h............ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 95864 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0x10a66 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x8058b16 | 0x10b16 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8058b40 | 0x10b40 | 0x2370 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x805beb4 | 0x12eb4 | 0xc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x805bec0 | 0x12ec0 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x805bee0 | 0x12ee0 | 0x4758 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x8060640 | 0x17638 | 0x49ac | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x17638 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0x12eb0 | 0x12eb0 | 6.5789 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0x12eb4 | 0x805beb4 | 0x805beb4 | 0x4784 | 0x9138 | 0.3595 | 0x6 | RW | 0x1000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-11:51:57.752627 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41448 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:29.887131 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41458 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:39.319465 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41478 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:21.049647 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41456 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:05.074079 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41468 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:28.456780 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41476 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:58.253118 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:17.231819 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41454 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:43.185008 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41480 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:55.746040 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41486 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:54:01.586434 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41488 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:18.772726 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41472 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:43.592802 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41462 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:05.546930 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41450 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:14.379856 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41452 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:45.052765 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41482 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:51.901617 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41484 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:15.915257 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41470 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:53:22.622454 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41474 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:38.746003 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41460 | 29989 | 192.168.2.13 | 103.174.73.85 |
04/19/24-11:52:54.418714 | TCP | 2030490 | ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 11:51:57.409117937 CEST | 41448 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:51:57.752494097 CEST | 29989 | 41448 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:51:57.752572060 CEST | 41448 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:51:57.752626896 CEST | 41448 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:51:58.095606089 CEST | 29989 | 41448 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:51:58.095662117 CEST | 29989 | 41448 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:51:58.095746040 CEST | 41448 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:51:58.438581944 CEST | 29989 | 41448 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:05.200895071 CEST | 41450 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:05.546761036 CEST | 29989 | 41450 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:05.546844959 CEST | 41450 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:05.546930075 CEST | 41450 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:05.896409035 CEST | 29989 | 41450 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:05.896447897 CEST | 29989 | 41450 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:05.896547079 CEST | 41450 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:06.242222071 CEST | 29989 | 41450 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:14.002401114 CEST | 41452 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:14.379697084 CEST | 29989 | 41452 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:14.379854918 CEST | 41452 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:14.379856110 CEST | 41452 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:14.758086920 CEST | 29989 | 41452 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:14.758153915 CEST | 29989 | 41452 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:14.758400917 CEST | 41452 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:15.136200905 CEST | 29989 | 41452 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:16.864129066 CEST | 41454 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:17.224184036 CEST | 29989 | 41454 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:17.224520922 CEST | 41454 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:17.231818914 CEST | 41454 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:17.588233948 CEST | 29989 | 41454 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:17.588553905 CEST | 41454 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:17.594574928 CEST | 29989 | 41454 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:17.949639082 CEST | 29989 | 41454 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:20.694150925 CEST | 41456 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:21.049464941 CEST | 29989 | 41456 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:21.049591064 CEST | 41456 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:21.049647093 CEST | 41456 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:21.404793978 CEST | 29989 | 41456 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:21.404856920 CEST | 29989 | 41456 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:21.405132055 CEST | 41456 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:21.759638071 CEST | 29989 | 41456 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:29.511044979 CEST | 41458 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:29.886719942 CEST | 29989 | 41458 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:29.887041092 CEST | 41458 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:29.887130976 CEST | 41458 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:30.262594938 CEST | 29989 | 41458 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:30.262664080 CEST | 29989 | 41458 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:30.262969017 CEST | 41458 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:30.637692928 CEST | 29989 | 41458 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:38.368926048 CEST | 41460 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:38.745789051 CEST | 29989 | 41460 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:38.746002913 CEST | 41460 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:38.746002913 CEST | 41460 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:39.123341084 CEST | 29989 | 41460 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:39.123389959 CEST | 29989 | 41460 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:39.123506069 CEST | 41460 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:39.502147913 CEST | 29989 | 41460 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:43.231952906 CEST | 41462 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:43.592407942 CEST | 29989 | 41462 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:43.592528105 CEST | 41462 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:43.592802048 CEST | 41462 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:43.952783108 CEST | 29989 | 41462 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:43.952815056 CEST | 29989 | 41462 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:43.953161001 CEST | 41462 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:44.313323975 CEST | 29989 | 41462 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:54.059086084 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:54.418385029 CEST | 29989 | 41464 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:54.418714046 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:54.418714046 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:54.779195070 CEST | 29989 | 41464 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:54.779522896 CEST | 29989 | 41464 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:54.779828072 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:54.779829025 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:55.727849960 CEST | 41464 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:56.087019920 CEST | 29989 | 41464 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:56.885535955 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:57.903693914 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:58.252875090 CEST | 29989 | 41466 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:58.253025055 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:58.253118038 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:58.256444931 CEST | 29989 | 41466 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:58.256506920 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:58.604712963 CEST | 29989 | 41466 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:58.605520010 CEST | 29989 | 41466 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:52:58.605624914 CEST | 41466 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:52:58.957537889 CEST | 29989 | 41466 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:04.711443901 CEST | 41468 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:05.073844910 CEST | 29989 | 41468 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:05.073980093 CEST | 41468 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:05.074079037 CEST | 41468 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:05.437036991 CEST | 29989 | 41468 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:05.437110901 CEST | 29989 | 41468 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:05.437350988 CEST | 41468 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:05.799948931 CEST | 29989 | 41468 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:15.543370962 CEST | 41470 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:15.914928913 CEST | 29989 | 41470 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:15.915198088 CEST | 41470 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:15.915256977 CEST | 41470 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:16.287090063 CEST | 29989 | 41470 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:16.287163973 CEST | 29989 | 41470 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:16.287331104 CEST | 41470 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:16.658687115 CEST | 29989 | 41470 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:18.393042088 CEST | 41472 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:18.772507906 CEST | 29989 | 41472 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:18.772644043 CEST | 41472 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:18.772726059 CEST | 41472 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:19.154978991 CEST | 29989 | 41472 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:19.155045033 CEST | 29989 | 41472 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:19.155145884 CEST | 41472 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:19.534720898 CEST | 29989 | 41472 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:22.261451960 CEST | 41474 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:22.622077942 CEST | 29989 | 41474 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:22.622194052 CEST | 41474 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:22.622453928 CEST | 41474 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:22.982198954 CEST | 29989 | 41474 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:22.982265949 CEST | 29989 | 41474 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:22.982413054 CEST | 41474 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:23.342406988 CEST | 29989 | 41474 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:28.088437080 CEST | 41476 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:28.456352949 CEST | 29989 | 41476 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:28.456779957 CEST | 41476 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:28.456779957 CEST | 41476 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:28.830758095 CEST | 29989 | 41476 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:28.830823898 CEST | 29989 | 41476 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:28.831285954 CEST | 41476 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:29.199434996 CEST | 29989 | 41476 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:38.937499046 CEST | 41478 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:39.319106102 CEST | 29989 | 41478 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:39.319379091 CEST | 41478 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:39.319464922 CEST | 41478 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:39.701004028 CEST | 29989 | 41478 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:39.701069117 CEST | 29989 | 41478 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:39.701539040 CEST | 41478 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:40.082233906 CEST | 29989 | 41478 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:42.807197094 CEST | 41480 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:43.184830904 CEST | 29989 | 41480 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:43.185007095 CEST | 41480 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:43.185008049 CEST | 41480 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:43.562042952 CEST | 29989 | 41480 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:43.562091112 CEST | 29989 | 41480 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:43.562220097 CEST | 41480 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:43.939191103 CEST | 29989 | 41480 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:44.668030977 CEST | 41482 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:45.052536964 CEST | 29989 | 41482 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:45.052697897 CEST | 41482 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:45.052764893 CEST | 41482 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:45.437228918 CEST | 29989 | 41482 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:45.437295914 CEST | 29989 | 41482 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:45.437417984 CEST | 41482 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:45.822196960 CEST | 29989 | 41482 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:51.543143988 CEST | 41484 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:51.901340008 CEST | 29989 | 41484 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:51.901617050 CEST | 41484 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:51.901617050 CEST | 41484 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:52.260165930 CEST | 29989 | 41484 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:52.260232925 CEST | 29989 | 41484 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:52.260488033 CEST | 41484 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:52.618278027 CEST | 29989 | 41484 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:55.366807938 CEST | 41486 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:55.745860100 CEST | 29989 | 41486 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:55.746004105 CEST | 41486 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:55.746040106 CEST | 41486 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:56.125947952 CEST | 29989 | 41486 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:56.126014948 CEST | 29989 | 41486 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:53:56.126110077 CEST | 41486 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:53:56.506257057 CEST | 29989 | 41486 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:54:01.231862068 CEST | 41488 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:54:01.586193085 CEST | 29989 | 41488 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:54:01.586352110 CEST | 41488 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:54:01.586433887 CEST | 41488 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:54:01.941014051 CEST | 29989 | 41488 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:54:01.941080093 CEST | 29989 | 41488 | 103.174.73.85 | 192.168.2.13 |
Apr 19, 2024 11:54:01.941344023 CEST | 41488 | 29989 | 192.168.2.13 | 103.174.73.85 |
Apr 19, 2024 11:54:02.295775890 CEST | 29989 | 41488 | 103.174.73.85 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 11:51:57.303970098 CEST | 40401 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:51:57.409006119 CEST | 53 | 40401 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:05.095886946 CEST | 55654 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:05.200767994 CEST | 53 | 55654 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:13.896723032 CEST | 46138 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:14.002194881 CEST | 53 | 46138 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:16.758503914 CEST | 41261 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:16.863859892 CEST | 53 | 41261 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:20.588572979 CEST | 50586 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:20.693954945 CEST | 53 | 50586 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:29.405200005 CEST | 54159 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:29.510700941 CEST | 53 | 54159 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:38.263052940 CEST | 53124 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:38.368767023 CEST | 53 | 53124 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:43.123727083 CEST | 47184 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:43.231724977 CEST | 53 | 47184 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:53.953402042 CEST | 57214 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:54.058871031 CEST | 53 | 57214 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:52:56.779886007 CEST | 54043 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:52:56.885292053 CEST | 53 | 54043 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:04.605910063 CEST | 47961 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:04.711143017 CEST | 53 | 47961 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:15.437525034 CEST | 43725 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:15.543097019 CEST | 53 | 43725 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:18.287508011 CEST | 59450 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:18.392846107 CEST | 53 | 59450 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:22.155402899 CEST | 60362 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:22.261219978 CEST | 53 | 60362 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:27.982604027 CEST | 32843 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:28.088238955 CEST | 53 | 32843 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:38.831468105 CEST | 41711 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:38.937077999 CEST | 53 | 41711 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:42.701605082 CEST | 52685 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:42.807044983 CEST | 53 | 52685 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:44.562365055 CEST | 48816 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:44.667826891 CEST | 53 | 48816 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:51.437555075 CEST | 54753 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:51.542815924 CEST | 53 | 54753 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:53:55.260564089 CEST | 46898 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:53:55.366441965 CEST | 53 | 46898 | 8.8.8.8 | 192.168.2.13 |
Apr 19, 2024 11:54:01.126281977 CEST | 48403 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 19, 2024 11:54:01.231612921 CEST | 53 | 48403 | 8.8.8.8 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 11:51:57.303970098 CEST | 192.168.2.13 | 8.8.8.8 | 0x381 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:05.095886946 CEST | 192.168.2.13 | 8.8.8.8 | 0x377f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:13.896723032 CEST | 192.168.2.13 | 8.8.8.8 | 0x925 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:16.758503914 CEST | 192.168.2.13 | 8.8.8.8 | 0x4111 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:20.588572979 CEST | 192.168.2.13 | 8.8.8.8 | 0x4de2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:29.405200005 CEST | 192.168.2.13 | 8.8.8.8 | 0x3cac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:38.263052940 CEST | 192.168.2.13 | 8.8.8.8 | 0x2711 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:43.123727083 CEST | 192.168.2.13 | 8.8.8.8 | 0xe2b7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:53.953402042 CEST | 192.168.2.13 | 8.8.8.8 | 0x9017 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:52:56.779886007 CEST | 192.168.2.13 | 8.8.8.8 | 0xabe3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:04.605910063 CEST | 192.168.2.13 | 8.8.8.8 | 0xb543 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:15.437525034 CEST | 192.168.2.13 | 8.8.8.8 | 0xf9b8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:18.287508011 CEST | 192.168.2.13 | 8.8.8.8 | 0xb622 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:22.155402899 CEST | 192.168.2.13 | 8.8.8.8 | 0x9965 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:27.982604027 CEST | 192.168.2.13 | 8.8.8.8 | 0x5dd7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:38.831468105 CEST | 192.168.2.13 | 8.8.8.8 | 0xc6bc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:42.701605082 CEST | 192.168.2.13 | 8.8.8.8 | 0x7ffb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:44.562365055 CEST | 192.168.2.13 | 8.8.8.8 | 0xeada | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:51.437555075 CEST | 192.168.2.13 | 8.8.8.8 | 0xd0ae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:53:55.260564089 CEST | 192.168.2.13 | 8.8.8.8 | 0x7c48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 11:54:01.126281977 CEST | 192.168.2.13 | 8.8.8.8 | 0xeaa3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 11:51:57.409006119 CEST | 8.8.8.8 | 192.168.2.13 | 0x381 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:05.200767994 CEST | 8.8.8.8 | 192.168.2.13 | 0x377f | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:14.002194881 CEST | 8.8.8.8 | 192.168.2.13 | 0x925 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:16.863859892 CEST | 8.8.8.8 | 192.168.2.13 | 0x4111 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:20.693954945 CEST | 8.8.8.8 | 192.168.2.13 | 0x4de2 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:29.510700941 CEST | 8.8.8.8 | 192.168.2.13 | 0x3cac | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:38.368767023 CEST | 8.8.8.8 | 192.168.2.13 | 0x2711 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:43.231724977 CEST | 8.8.8.8 | 192.168.2.13 | 0xe2b7 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:54.058871031 CEST | 8.8.8.8 | 192.168.2.13 | 0x9017 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:52:56.885292053 CEST | 8.8.8.8 | 192.168.2.13 | 0xabe3 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:04.711143017 CEST | 8.8.8.8 | 192.168.2.13 | 0xb543 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:15.543097019 CEST | 8.8.8.8 | 192.168.2.13 | 0xf9b8 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:18.392846107 CEST | 8.8.8.8 | 192.168.2.13 | 0xb622 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:22.261219978 CEST | 8.8.8.8 | 192.168.2.13 | 0x9965 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:28.088238955 CEST | 8.8.8.8 | 192.168.2.13 | 0x5dd7 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:38.937077999 CEST | 8.8.8.8 | 192.168.2.13 | 0xc6bc | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:42.807044983 CEST | 8.8.8.8 | 192.168.2.13 | 0x7ffb | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:44.667826891 CEST | 8.8.8.8 | 192.168.2.13 | 0xeada | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:51.542815924 CEST | 8.8.8.8 | 192.168.2.13 | 0xd0ae | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:53:55.366441965 CEST | 8.8.8.8 | 192.168.2.13 | 0x7c48 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 11:54:01.231612921 CEST | 8.8.8.8 | 192.168.2.13 | 0xeaa3 | No error (0) | 103.174.73.85 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 09:51:56 |
Start date (UTC): | 19/04/2024 |
Path: | /tmp/VPXX0UiRJ3.elf |
Arguments: | /tmp/VPXX0UiRJ3.elf |
File size: | 96264 bytes |
MD5 hash: | 61682f3d6f8a60b2526fbf2e331a44fa |
Start time (UTC): | 09:51:56 |
Start date (UTC): | 19/04/2024 |
Path: | /tmp/VPXX0UiRJ3.elf |
Arguments: | - |
File size: | 96264 bytes |
MD5 hash: | 61682f3d6f8a60b2526fbf2e331a44fa |
Start time (UTC): | 09:51:56 |
Start date (UTC): | 19/04/2024 |
Path: | /tmp/VPXX0UiRJ3.elf |
Arguments: | - |
File size: | 96264 bytes |
MD5 hash: | 61682f3d6f8a60b2526fbf2e331a44fa |
Start time (UTC): | 09:52:35 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 09:52:35 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | /usr/lib/snapd/snap-failure snapd |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |
Start time (UTC): | 09:52:35 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | - |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |
Start time (UTC): | 09:52:35 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/bin/systemctl |
Arguments: | systemctl stop snapd.socket |
File size: | 996584 bytes |
MD5 hash: | 4deddfb6741481f68aeac522cc26ff4b |
Start time (UTC): | 09:52:36 |
Start date (UTC): | 19/04/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | - |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |