Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
kWVY0Rqmlx.elf

Overview

General Information

Sample name:kWVY0Rqmlx.elf
renamed because original name is a hash value
Original sample name:89a3962a4218572b4bc0e978afd529cc.elf
Analysis ID:1432066
MD5:89a3962a4218572b4bc0e978afd529cc
SHA1:76dea3d1a1aef7a9fef2985ffc627b54f53e785b
SHA256:0ae749a5ecfe43e848a079f3d966edf57e1d1e2df5d8cce37eb8d0b71d368748
Tags:32elfmipsmirai
Infos:

Detection

Okiru
Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Yara detected Okiru
Detected TCP or UDP traffic on non-standard ports
Reads CPU information from /proc indicative of miner or evasive malware
Reads system information from the proc file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1432066
Start date and time:2024-04-26 11:19:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:kWVY0Rqmlx.elf
renamed because original name is a hash value
Original Sample Name:89a3962a4218572b4bc0e978afd529cc.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@2/0

Runtime Messages

Command:/tmp/kWVY0Rqmlx.elf
PID:5406
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
kWVY0Rqmlx.elfJoeSecurity_OkiruYara detected OkiruJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5410.1.00007f1234400000.00007f1234428000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      5406.1.00007f1234400000.00007f1234428000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
        Process Memory Space: kWVY0Rqmlx.elf PID: 5406JoeSecurity_OkiruYara detected OkiruJoe Security
          Process Memory Space: kWVY0Rqmlx.elf PID: 5410JoeSecurity_OkiruYara detected OkiruJoe Security

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: kWVY0Rqmlx.elfReversingLabs: Detection: 13%
            Source: kWVY0Rqmlx.elfVirustotal: Detection: 24%Perma Link
            Source: /tmp/kWVY0Rqmlx.elf (PID: 5412)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: global trafficTCP traffic: 192.168.2.13:39284 -> 80.182.142.45:5900
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownTCP traffic detected without corresponding DNS query: 80.182.142.45
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
            Source: Initial sampleString containing 'busybox' found: /bin/busybox
            Source: Initial sampleString containing 'busybox' found: /proc/proc/%s/exe/var/Challenge/app/hi3511/gmDVR/ibox/usr/dvr_main _8182T_1108/mnt/mtd/app/gui/var/Kylin/l0 c/udevd/anko-app/ankosample _8182T_1104/var/tmp/sonia/hicore/stm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-server/usr//shell/mnt//sys//bin//boot//media//srv//var/run//sbin//lib//etc//dev//home/Davinci/telnet/ssh/var/spool/var/Sofia/sshd/usr/compress/bin//compress/bin/compress/usr//bash/httpd/telnetd/dropbear/ropbear/encoder/system/root/dvr_gui//root/dvr_app//anko-app//opt//softbot.arm/softbot.arm6/softbot.dbg/softbot.mpsl/softbot.x86/softbot.arm5/softbot.arm7/softbot.mips/softbot.sh4softbot.armsoftbot.arm6softbot.dbgsoftbot.mpslsoftbot.x86softbot.arm5softbot.arm7softbot.mipssoftbot.sh4/bin/sh8.8.8.8murderwaswrote
            Source: ELF static info symbol of initial sample.symtab present: no
            Source: classification engineClassification label: mal56.troj.linELF@0/0@2/0
            Source: /tmp/kWVY0Rqmlx.elf (PID: 5412)Reads from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/kWVY0Rqmlx.elf (PID: 5412)Reads from proc file: /proc/meminfoJump to behavior
            Source: /tmp/kWVY0Rqmlx.elf (PID: 5412)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/kWVY0Rqmlx.elf (PID: 5406)Queries kernel information via 'uname': Jump to behavior
            Source: kWVY0Rqmlx.elf, 5406.1.000055c48b310000.000055c48b397000.rw-.sdmp, kWVY0Rqmlx.elf, 5410.1.000055c48b310000.000055c48b397000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mips
            Source: kWVY0Rqmlx.elf, 5406.1.000055c48b310000.000055c48b397000.rw-.sdmp, kWVY0Rqmlx.elf, 5410.1.000055c48b310000.000055c48b397000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
            Source: kWVY0Rqmlx.elf, 5406.1.00007ffe4805e000.00007ffe4807f000.rw-.sdmp, kWVY0Rqmlx.elf, 5410.1.00007ffe4805e000.00007ffe4807f000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mips/tmp/kWVY0Rqmlx.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/kWVY0Rqmlx.elf
            Source: kWVY0Rqmlx.elf, 5406.1.00007ffe4805e000.00007ffe4807f000.rw-.sdmp, kWVY0Rqmlx.elf, 5410.1.00007ffe4805e000.00007ffe4807f000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips

            Stealing of Sensitive Information

            barindex
            Yara detected Okiru
            Source: Yara matchFile source: kWVY0Rqmlx.elf, type: SAMPLE
            Source: Yara matchFile source: 5410.1.00007f1234400000.00007f1234428000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 5406.1.00007f1234400000.00007f1234428000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: kWVY0Rqmlx.elf PID: 5406, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: kWVY0Rqmlx.elf PID: 5410, type: MEMORYSTR
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
            Source: Initial sampleUser agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0

            Remote Access Functionality

            barindex
            Yara detected Okiru
            Source: Yara matchFile source: kWVY0Rqmlx.elf, type: SAMPLE
            Source: Yara matchFile source: 5410.1.00007f1234400000.00007f1234428000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 5406.1.00007f1234400000.00007f1234428000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: kWVY0Rqmlx.elf PID: 5406, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: kWVY0Rqmlx.elf PID: 5410, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
            Security Software Discovery            		Remote ServicesData from Local System1
            Data Obfuscation            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory2
            System Information Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
            Application Layer Protocol            		Traffic DuplicationData Destruction

            Malware Configuration

            No configs have been found

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Number of created Files
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432066 Sample: kWVY0Rqmlx.elf Startdate: 26/04/2024 Architecture: LINUX Score: 56 16 80.182.142.45, 5900, 5901 ASN-IBSNAZIT Italy 2->16 18 daisy.ubuntu.com 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Yara detected Okiru 2->22 8 kWVY0Rqmlx.elf 2->8         started        signatures3 process4 process5 10 kWVY0Rqmlx.elf 8->10         started        12 kWVY0Rqmlx.elf 8->12         started        process6 14 kWVY0Rqmlx.elf 10->14         started       

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            kWVY0Rqmlx.elf13%ReversingLabsLinux.Trojan.Mirai
            kWVY0Rqmlx.elf25%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            daisy.ubuntu.com
            		162.213.35.24
            		truefalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              80.182.142.45
              		unknownItaly
              		3269ASN-IBSNAZITfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              daisy.ubuntu.comRJ93lr3oq2.elfGet hashmaliciousOkiruBrowse
              • 162.213.35.25
              0tfJECfbEP.elfGet hashmaliciousMiraiBrowse
              • 162.213.35.24
              wve8oHXj1h.elfGet hashmaliciousMirai, OkiruBrowse
              • 162.213.35.24
              o4883TEQGB.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 162.213.35.25
              Y4pblBbDQc.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 162.213.35.24
              WIen6fj9bO.elfGet hashmaliciousMirai, OkiruBrowse
              • 162.213.35.24
              LmwJkVcLpC.elfGet hashmaliciousMirai, OkiruBrowse
              • 162.213.35.24
              6fV4tfoJp2.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 162.213.35.24
              hz2ffABF7w.elfGet hashmaliciousMirai, OkiruBrowse
              • 162.213.35.25
              fqEpqMWF6r.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 162.213.35.24

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              ASN-IBSNAZIT0ar3q66pGv.elfGet hashmaliciousMiraiBrowse
              • 2.113.40.46
              Hs97Nxxy5u.elfGet hashmaliciousMiraiBrowse
              • 95.255.148.75
              sBgS8t0K7i.elfGet hashmaliciousMiraiBrowse
              • 88.60.154.18
              n0CEgmtnuf.elfGet hashmaliciousMiraiBrowse
              • 85.45.13.79
              NMdpQecbkg.elfGet hashmaliciousMiraiBrowse
              • 81.78.206.134
              1mHUcsxKG6.elfGet hashmaliciousMiraiBrowse
              • 81.76.63.226
              xzk9TKqNoI.elfGet hashmaliciousMiraiBrowse
              • 82.58.246.197
              ccm9HqTuky.elfGet hashmaliciousMiraiBrowse
              • 82.186.81.109
              jdsfl.arm.elfGet hashmaliciousMiraiBrowse
              • 5.97.34.41
              caA474oBY2.elfGet hashmaliciousMiraiBrowse
              • 138.133.109.76

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
              Entropy (8bit):4.725186413418542
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:kWVY0Rqmlx.elf
              File size:179'208 bytes
              MD5:89a3962a4218572b4bc0e978afd529cc
              SHA1:76dea3d1a1aef7a9fef2985ffc627b54f53e785b
              SHA256:0ae749a5ecfe43e848a079f3d966edf57e1d1e2df5d8cce37eb8d0b71d368748
              SHA512:22db07c9ec63c04831f6fc9eb33008931df54eb3dd45d1b0a2c15a182e257fdd829a29b946b2c74b2333de12cf7bf0804aa3ef51f9e4fe88242672fd5ffd6fec
              SSDEEP:3072:wOlJBnjifgrUvdTBNFMpvkFQcK1I1ISGvhFb1l+iWv/i4:1ZnjifgrUvOpeISG5Fb1l+iW3i4
              TLSH:E104836B7A10DF26E65C83300AF7AD34838623A62AE5E94ED15FC7045E7136D1C0FAB5
              File Content Preview:.ELF.....................@.....4...`.....4. ...(....p........@...@...........................@...@....u...u................<.C.<.C.<................dt.Q.................................................D..'...................<...'......!........'9... .....

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, big endian
              Version:1 (current)
              Machine:MIPS R3000
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x4002a0
              Flags:0x1007
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:4
              Section Header Offset:178528
              Section Header Size:40
              Number of Section Headers:17
              Header String Table Index:16

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .reginfoMIPS_REGINFO0x4000b40xb40x180x180x2A004
              .initPROGBITS0x4000cc0xcc0x7c0x00x6AX004
              .textPROGBITS0x4001500x1500x25bb00x00x6AX0016
              .finiPROGBITS0x425d000x25d000x4c0x00x6AX004
              .rodataPROGBITS0x425d500x25d500x17b00x00x2A0016
              .ctorsPROGBITS0x43803c0x2803c0x80x00x3WA004
              .dtorsPROGBITS0x4380440x280440x80x00x3WA004
              .data.rel.roPROGBITS0x4380500x280500x15c0x00x3WA004
              .dataPROGBITS0x4381b00x281b00x400x00x3WA0016
              .gotPROGBITS0x4381f00x281f00x3300x40x10000003WAp0016
              .sdataPROGBITS0x4385200x285200x40x00x10000003WAp004
              .sbssNOBITS0x4385240x285240x180x00x10000003WAp004
              .bssNOBITS0x4385400x285240x6c40x00x3WA0016
              .commentPROGBITS0x00x285240x8a60x00x0001
              .pdrPROGBITS0x00x28dcc0x2b200x00x0004
              .shstrtabSTRTAB0x00x2b8ec0x740x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              <unknown>0xb40x4000b40x4000b40x180x180.98340x4R 0x4.reginfo
              LOAD0x00x4000000x4000000x275000x275004.83180x5R E0x10000.reginfo .init .text .fini .rodata
              LOAD0x2803c0x43803c0x43803c0x4e80xbc84.81730x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sdata .sbss .bss
              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Apr 26, 2024 11:19:45.782701015 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:45.782840967 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:46.794122934 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:46.794125080 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:48.810086012 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:48.810110092 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:53.002067089 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:19:53.002070904 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:01.194097042 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:01.194103003 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:17.322109938 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:17.322124958 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:49.578078032 CEST392845900192.168.2.1380.182.142.45
              Apr 26, 2024 11:20:49.578260899 CEST526165901192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:55.215539932 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:55.215538979 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:56.234070063 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:56.234078884 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:58.249989033 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:21:58.250009060 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:02.282130957 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:02.282131910 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:10.473984003 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:10.474006891 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:26.602015972 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:22:26.602018118 CEST392885900192.168.2.1380.182.142.45
              Apr 26, 2024 11:23:00.650029898 CEST526205901192.168.2.1380.182.142.45
              Apr 26, 2024 11:23:00.650027037 CEST392885900192.168.2.1380.182.142.45

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Apr 26, 2024 11:22:31.149132967 CEST5378953192.168.2.131.1.1.1
              Apr 26, 2024 11:22:31.149207115 CEST4373053192.168.2.131.1.1.1
              Apr 26, 2024 11:22:31.274106979 CEST53437301.1.1.1192.168.2.13
              Apr 26, 2024 11:22:31.275263071 CEST53537891.1.1.1192.168.2.13

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 26, 2024 11:22:31.149132967 CEST192.168.2.131.1.1.10x9d76Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
              Apr 26, 2024 11:22:31.149207115 CEST192.168.2.131.1.1.10xd834Standard query (0)daisy.ubuntu.com28IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 26, 2024 11:22:31.275263071 CEST1.1.1.1192.168.2.130x9d76No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
              Apr 26, 2024 11:22:31.275263071 CEST1.1.1.1192.168.2.130x9d76No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

              System Behavior

              General

              Start time (UTC):09:19:44
              Start date (UTC):26/04/2024
              Path:/tmp/kWVY0Rqmlx.elf
              Arguments:/tmp/kWVY0Rqmlx.elf
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Chronological Activities


              General

              Start time (UTC):09:19:44
              Start date (UTC):26/04/2024
              Path:/tmp/kWVY0Rqmlx.elf
              Arguments:-
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Chronological Activities


              General

              Start time (UTC):09:19:44
              Start date (UTC):26/04/2024
              Path:/tmp/kWVY0Rqmlx.elf
              Arguments:-
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Chronological Activities


              General

              Start time (UTC):09:19:44
              Start date (UTC):26/04/2024
              Path:/tmp/kWVY0Rqmlx.elf
              Arguments:-
              File size:5777432 bytes
              MD5 hash:0083f1f0e77be34ad27f849842bbb00c

              Chronological Activities