Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
zerx86.elf

Overview

General Information

Sample name:zerx86.elf
Analysis ID:1628595
MD5:7f69d042988dec35a84d496e1e211a1d
SHA1:150b83ee7efa2e5c61f7d6574ffad8b8c1980fb9
SHA256:0d3d353b0c4a7115957e0460998fa3279fb438817b1bbda766987fa9663e04d4
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1628595
Start date and time:2025-03-03 23:26:15 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerx86.elf
Detection:MAL
Classification:mal60.troj.linELF@0/0@22/0

Runtime Messages

Command:/tmp/zerx86.elf
PID:5491
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:

Process Tree

  • system is lnxubuntu20
  • zerx86.elf (PID: 5491, Parent: 5416, MD5: 7f69d042988dec35a84d496e1e211a1d) Arguments: /tmp/zerx86.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zerx86.elfLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x3fd0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
zerx86.elfLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
zerx86.elfLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x810c:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
zerx86.elfLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x76e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Memory Dumps

SourceRuleDescriptionAuthorStrings
5491.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0x3fd0:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5491.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7712:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5491.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x810c:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5491.1.0000000008048000.0000000008053000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x76e2:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: zerx86.elfVirustotal: Detection: 43%Perma Link
Source: zerx86.elfReversingLabs: Detection: 44%

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: serisbot.geek. [malformed]
Source: global trafficTCP traffic: 192.168.2.14:39058 -> 46.101.69.129:1440
Source: global trafficTCP traffic: 192.168.2.14:47100 -> 46.19.143.10:1440
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: global trafficDNS traffic detected: DNS query: serisbot.geek
Source: global trafficDNS traffic detected: DNS query: serisontop.dyn
Source: global trafficDNS traffic detected: DNS query: serisbot.geek. [malformed]

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: zerx86.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5491.1.0000000008048000.0000000008053000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engineClassification label: mal60.troj.linELF@0/0@22/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1628595 Sample: zerx86.elf Startdate: 03/03/2025 Architecture: LINUX Score: 60 14 serisbot.geek. [malformed] 2->14 16 46.19.143.10, 1440, 47100, 47102 PLI-ASCH Switzerland 2->16 18 2 other IPs or domains 2->18 20 Malicious sample detected (through community Yara rule) 2->20 22 Multi AV Scanner detection for submitted file 2->22 8 zerx86.elf 2->8         started        signatures3 24 Sends malformed DNS queries 14->24 process4 process5 10 zerx86.elf 8->10         started        process6 12 zerx86.elf 10->12         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zerx86.elf44%VirustotalBrowse
zerx86.elf45%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
serisontop.dyn
46.101.69.129
truefalse
    		high
    serisbot.geek
    		139.59.207.216
    		truefalse
      		high
      serisbot.geek. [malformed]
      		unknown
      		unknownfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        46.19.143.10
        		unknownSwitzerland
        		51852PLI-ASCHfalse
        46.101.69.129
        		serisontop.dynNetherlands
        		14061DIGITALOCEAN-ASNUSfalse

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        46.19.143.10zerspc.elfGet hashmaliciousUnknownBrowse
          zerarm5.elfGet hashmaliciousUnknownBrowse
            zerm68k.elfGet hashmaliciousUnknownBrowse
              zermips.elfGet hashmaliciousUnknownBrowse
                zerppc.elfGet hashmaliciousUnknownBrowse
                  zerarm.elfGet hashmaliciousUnknownBrowse
                    zermpsl.elfGet hashmaliciousUnknownBrowse
                      46.101.69.129zerspc.elfGet hashmaliciousUnknownBrowse
                        zerarm5.elfGet hashmaliciousUnknownBrowse
                          zerm68k.elfGet hashmaliciousUnknownBrowse
                            zermips.elfGet hashmaliciousUnknownBrowse
                              zerppc.elfGet hashmaliciousUnknownBrowse
                                zermpsl.elfGet hashmaliciousUnknownBrowse

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  serisbot.geeksplarm.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  serisontop.dynnklppc.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  nabppc.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerarm5.elfGet hashmaliciousUnknownBrowse
                                  • 139.59.207.216
                                  nklsh4.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  jklarm7.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  nabmips.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  splx86.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  nabarm5.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  DIGITALOCEAN-ASNUSsplarm.elfGet hashmaliciousUnknownBrowse
                                  • 157.245.182.62
                                  zerspc.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  zerarm5.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  jklarm7.elfGet hashmaliciousUnknownBrowse
                                  • 142.93.67.189
                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  nabx86.elfGet hashmaliciousUnknownBrowse
                                  • 134.209.44.103
                                  zermips.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  zerppc.elfGet hashmaliciousUnknownBrowse
                                  • 46.101.69.129
                                  splspc.elfGet hashmaliciousUnknownBrowse
                                  • 5.101.107.59
                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                  • 139.59.207.216
                                  PLI-ASCHzerspc.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerarm5.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerm68k.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zermips.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerppc.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zerarm.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  zermpsl.elfGet hashmaliciousUnknownBrowse
                                  • 46.19.143.10
                                  x.tgz.elfGet hashmaliciousUnknownBrowse
                                  • 92.118.39.14
                                  https://konserv-kassa.com/Get hashmaliciousUnknownBrowse
                                  • 179.43.166.54
                                  wow.exeGet hashmaliciousAmadey, GhostRat, GuLoader, LummaC Stealer, XWorm, XmrigBrowse
                                  • 179.43.141.89

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  No created / dropped files found

                                  Static File Info

                                  General

                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                  Entropy (8bit):6.321967504780004
                                  TrID:
                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                  File name:zerx86.elf
                                  File size:45'788 bytes
                                  MD5:7f69d042988dec35a84d496e1e211a1d
                                  SHA1:150b83ee7efa2e5c61f7d6574ffad8b8c1980fb9
                                  SHA256:0d3d353b0c4a7115957e0460998fa3279fb438817b1bbda766987fa9663e04d4
                                  SHA512:ea41cc8079be10a92f0ab4f5388112044075486903aa751225252666ae40c02dda3024c1c57225a0bf4526af12f6b9652226a40624b78a5fbe9312210bd43119
                                  SSDEEP:768:UgNqOCeNleKRrXKFcWsWGSZxdESJg+syLvGgukgPAGYKiN9YiCFB3XBBBBBBBBB3:UgNqOdNleKRrXcdsWbibTuvSkg4GY
                                  TLSH:9C234BC0A953D8F9EC160AB07037FB728B76F07A2159EAC7DB9D9532EC41A01D24718D
                                  File Content Preview:.ELF....................d...4...$.......4. ...(..............................................0...0..................Q.td............................U..S.......w....h....S...[]...$.............U......=.0...t..5....$0.....$0......u........t....h.-..........

                                  Static ELF Info

                                  ELF header

                                  Class:ELF32
                                  Data:2's complement, little endian
                                  Version:1 (current)
                                  Machine:Intel 80386
                                  Version Number:0x1
                                  Type:EXEC (Executable file)
                                  OS/ABI:UNIX - System V
                                  ABI Version:0
                                  Entry Point Address:0x8048164
                                  Flags:0x0
                                  ELF Header Size:52
                                  Program Header Offset:52
                                  Program Header Size:32
                                  Number of Program Headers:3
                                  Section Header Offset:45348
                                  Section Header Size:40
                                  Number of Section Headers:11
                                  Header String Table Index:10

                                  Sections

                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                  NULL0x00x00x00x00x0000
                                  .initPROGBITS0x80480940x940x1c0x00x6AX001
                                  .textPROGBITS0x80480b00xb00xa2760x00x6AX0016
                                  .finiPROGBITS0x80523260xa3260x170x00x6AX001
                                  .rodataPROGBITS0x80523400xa3400xa400x00x2A0032
                                  .ctorsPROGBITS0x80530000xb0000x80x00x3WA004
                                  .dtorsPROGBITS0x80530080xb0080x80x00x3WA004
                                  .jcrPROGBITS0x80530100xb0100x40x00x3WA004
                                  .dataPROGBITS0x80530200xb0200xc00x00x3WA0032
                                  .bssNOBITS0x80530e00xb0e00x6000x00x3WA0032
                                  .shstrtabSTRTAB0x00xb0e00x430x00x0001

                                  Program Segments

                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                  LOAD0x00x80480000x80480000xad800xad806.40040x5R E0x1000.init .text .fini .rodata
                                  LOAD0xb0000x80530000x80530000xe00x6e03.90590x6RW 0x1000.ctors .dtors .jcr .data .bss
                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Mar 3, 2025 23:26:58.109360933 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:26:58.114677906 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:26:58.114758968 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:26:58.114798069 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:26:58.119875908 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:26:58.119970083 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:26:58.125011921 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:27:08.124589920 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:27:08.129765987 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:27:19.497385979 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:27:19.497878075 CET390581440192.168.2.1446.101.69.129
                                  Mar 3, 2025 23:27:19.503143072 CET14403905846.101.69.129192.168.2.14
                                  Mar 3, 2025 23:27:20.518445969 CET471001440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:20.523602962 CET14404710046.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:20.523721933 CET471001440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:20.523777008 CET471001440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:20.528852940 CET14404710046.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:20.528944016 CET471001440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:20.534034967 CET14404710046.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:32.429002047 CET14404710046.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:32.429208040 CET471001440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:32.436223030 CET14404710046.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:33.621851921 CET471021440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:33.627238035 CET14404710246.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:33.627346992 CET471021440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:33.627388954 CET471021440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:33.633186102 CET14404710246.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:33.633251905 CET471021440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:33.638504028 CET14404710246.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:55.107475042 CET14404710246.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:55.108020067 CET471021440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:55.113147020 CET14404710246.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:56.193067074 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:56.198457003 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:56.198538065 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:56.198563099 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:56.203635931 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:27:56.203708887 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:27:56.208791971 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:16.215298891 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:16.220455885 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:17.582081079 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:17.582338095 CET471041440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:17.587399960 CET14404710446.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:19.032824993 CET471061440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:19.037949085 CET14404710646.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:19.038044930 CET471061440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:19.038044930 CET471061440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:19.043116093 CET14404710646.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:19.043168068 CET471061440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:19.048166990 CET14404710646.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:40.442007065 CET14404710646.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:40.442532063 CET471061440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:40.447571993 CET14404710646.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:41.555342913 CET471081440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:41.560455084 CET14404710846.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:41.560590982 CET471081440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:41.560622931 CET471081440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:41.565591097 CET14404710846.19.143.10192.168.2.14
                                  Mar 3, 2025 23:28:41.565655947 CET471081440192.168.2.1446.19.143.10
                                  Mar 3, 2025 23:28:41.570720911 CET14404710846.19.143.10192.168.2.14

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Mar 3, 2025 23:26:58.090528965 CET4209653192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:26:58.109211922 CET5342096194.36.144.87192.168.2.14
                                  Mar 3, 2025 23:27:20.499747038 CET4913753192.168.2.14202.61.197.122
                                  Mar 3, 2025 23:27:20.518302917 CET5349137202.61.197.122192.168.2.14
                                  Mar 3, 2025 23:27:33.431605101 CET3401953192.168.2.14185.181.61.24
                                  Mar 3, 2025 23:27:33.469157934 CET5334019185.181.61.24192.168.2.14
                                  Mar 3, 2025 23:27:33.469435930 CET5887953192.168.2.14185.181.61.24
                                  Mar 3, 2025 23:27:33.506989956 CET5358879185.181.61.24192.168.2.14
                                  Mar 3, 2025 23:27:33.507143021 CET3332653192.168.2.14185.181.61.24
                                  Mar 3, 2025 23:27:33.544819117 CET5333326185.181.61.24192.168.2.14
                                  Mar 3, 2025 23:27:33.545083046 CET3447053192.168.2.14185.181.61.24
                                  Mar 3, 2025 23:27:33.582973957 CET5334470185.181.61.24192.168.2.14
                                  Mar 3, 2025 23:27:33.583168983 CET3872653192.168.2.14185.181.61.24
                                  Mar 3, 2025 23:27:33.621354103 CET5338726185.181.61.24192.168.2.14
                                  Mar 3, 2025 23:27:56.109785080 CET5022553192.168.2.1451.158.108.203
                                  Mar 3, 2025 23:27:56.126593113 CET535022551.158.108.203192.168.2.14
                                  Mar 3, 2025 23:27:56.126817942 CET6007553192.168.2.1451.158.108.203
                                  Mar 3, 2025 23:27:56.142607927 CET536007551.158.108.203192.168.2.14
                                  Mar 3, 2025 23:27:56.142843962 CET3400853192.168.2.1451.158.108.203
                                  Mar 3, 2025 23:27:56.159446955 CET533400851.158.108.203192.168.2.14
                                  Mar 3, 2025 23:27:56.159661055 CET5529753192.168.2.1451.158.108.203
                                  Mar 3, 2025 23:27:56.176326036 CET535529751.158.108.203192.168.2.14
                                  Mar 3, 2025 23:27:56.176532984 CET5215153192.168.2.1451.158.108.203
                                  Mar 3, 2025 23:27:56.192850113 CET535215151.158.108.203192.168.2.14
                                  Mar 3, 2025 23:28:18.584898949 CET5080353192.168.2.14168.235.111.72
                                  Mar 3, 2025 23:28:18.672477007 CET5350803168.235.111.72192.168.2.14
                                  Mar 3, 2025 23:28:18.672857046 CET3579253192.168.2.14168.235.111.72
                                  Mar 3, 2025 23:28:18.762618065 CET5335792168.235.111.72192.168.2.14
                                  Mar 3, 2025 23:28:18.762861967 CET4393853192.168.2.14168.235.111.72
                                  Mar 3, 2025 23:28:18.850505114 CET5343938168.235.111.72192.168.2.14
                                  Mar 3, 2025 23:28:18.850975990 CET3573653192.168.2.14168.235.111.72
                                  Mar 3, 2025 23:28:18.943969011 CET5335736168.235.111.72192.168.2.14
                                  Mar 3, 2025 23:28:18.944658995 CET4852853192.168.2.14168.235.111.72
                                  Mar 3, 2025 23:28:19.032481909 CET5348528168.235.111.72192.168.2.14
                                  Mar 3, 2025 23:28:41.444729090 CET5033153192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:28:41.474277020 CET5350331194.36.144.87192.168.2.14
                                  Mar 3, 2025 23:28:41.474378109 CET4270253192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:28:41.491518974 CET5342702194.36.144.87192.168.2.14
                                  Mar 3, 2025 23:28:41.491581917 CET3914553192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:28:41.514627934 CET5339145194.36.144.87192.168.2.14
                                  Mar 3, 2025 23:28:41.514748096 CET4777653192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:28:41.537822962 CET5347776194.36.144.87192.168.2.14
                                  Mar 3, 2025 23:28:41.537974119 CET4558953192.168.2.14194.36.144.87
                                  Mar 3, 2025 23:28:41.555181980 CET5345589194.36.144.87192.168.2.14

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Mar 3, 2025 23:26:58.090528965 CET192.168.2.14194.36.144.870xb2eStandard query (0)serisbot.geekA (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:20.499747038 CET192.168.2.14202.61.197.1220x96eaStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:33.431605101 CET192.168.2.14185.181.61.240xb7acStandard query (0)serisbot.geek. [malformed]256469false
                                  Mar 3, 2025 23:27:33.469435930 CET192.168.2.14185.181.61.240xb7acStandard query (0)serisbot.geek. [malformed]256469false
                                  Mar 3, 2025 23:27:33.507143021 CET192.168.2.14185.181.61.240xb7acStandard query (0)serisbot.geek. [malformed]256469false
                                  Mar 3, 2025 23:27:33.545083046 CET192.168.2.14185.181.61.240xb7acStandard query (0)serisbot.geek. [malformed]256469false
                                  Mar 3, 2025 23:27:33.583168983 CET192.168.2.14185.181.61.240xb7acStandard query (0)serisbot.geek. [malformed]256469false
                                  Mar 3, 2025 23:27:56.109785080 CET192.168.2.1451.158.108.2030xe53cStandard query (0)serisbot.geek. [malformed]256492false
                                  Mar 3, 2025 23:27:56.126817942 CET192.168.2.1451.158.108.2030xe53cStandard query (0)serisbot.geek. [malformed]256492false
                                  Mar 3, 2025 23:27:56.142843962 CET192.168.2.1451.158.108.2030xe53cStandard query (0)serisbot.geek. [malformed]256492false
                                  Mar 3, 2025 23:27:56.159661055 CET192.168.2.1451.158.108.2030xe53cStandard query (0)serisbot.geek. [malformed]256492false
                                  Mar 3, 2025 23:27:56.176532984 CET192.168.2.1451.158.108.2030xe53cStandard query (0)serisbot.geek. [malformed]256492false
                                  Mar 3, 2025 23:28:18.584898949 CET192.168.2.14168.235.111.720x1d31Standard query (0)serisbot.geek. [malformed]256258false
                                  Mar 3, 2025 23:28:18.672857046 CET192.168.2.14168.235.111.720x1d31Standard query (0)serisbot.geek. [malformed]256258false
                                  Mar 3, 2025 23:28:18.762861967 CET192.168.2.14168.235.111.720x1d31Standard query (0)serisbot.geek. [malformed]256258false
                                  Mar 3, 2025 23:28:18.850975990 CET192.168.2.14168.235.111.720x1d31Standard query (0)serisbot.geek. [malformed]256258false
                                  Mar 3, 2025 23:28:18.944658995 CET192.168.2.14168.235.111.720x1d31Standard query (0)serisbot.geek. [malformed]256259false
                                  Mar 3, 2025 23:28:41.444729090 CET192.168.2.14194.36.144.870x5ef9Standard query (0)serisbot.geek. [malformed]256281false
                                  Mar 3, 2025 23:28:41.474378109 CET192.168.2.14194.36.144.870x5ef9Standard query (0)serisbot.geek. [malformed]256281false
                                  Mar 3, 2025 23:28:41.491581917 CET192.168.2.14194.36.144.870x5ef9Standard query (0)serisbot.geek. [malformed]256281false
                                  Mar 3, 2025 23:28:41.514748096 CET192.168.2.14194.36.144.870x5ef9Standard query (0)serisbot.geek. [malformed]256281false
                                  Mar 3, 2025 23:28:41.537974119 CET192.168.2.14194.36.144.870x5ef9Standard query (0)serisbot.geek. [malformed]256281false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Mar 3, 2025 23:26:58.109211922 CET194.36.144.87192.168.2.140xb2eNo error (0)serisbot.geek139.59.207.216A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:26:58.109211922 CET194.36.144.87192.168.2.140xb2eNo error (0)serisbot.geek46.19.143.10A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:26:58.109211922 CET194.36.144.87192.168.2.140xb2eNo error (0)serisbot.geek46.101.69.129A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:20.518302917 CET202.61.197.122192.168.2.140x96eaNo error (0)serisontop.dyn46.101.69.129A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:20.518302917 CET202.61.197.122192.168.2.140x96eaNo error (0)serisontop.dyn46.19.143.10A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:20.518302917 CET202.61.197.122192.168.2.140x96eaNo error (0)serisontop.dyn139.59.207.216A (IP address)IN (0x0001)false
                                  Mar 3, 2025 23:27:56.126593113 CET51.158.108.203192.168.2.140xe53cFormat error (1)serisbot.geek. [malformed]nonenone256492false
                                  Mar 3, 2025 23:27:56.142607927 CET51.158.108.203192.168.2.140xe53cFormat error (1)serisbot.geek. [malformed]nonenone256492false
                                  Mar 3, 2025 23:27:56.159446955 CET51.158.108.203192.168.2.140xe53cFormat error (1)serisbot.geek. [malformed]nonenone256492false
                                  Mar 3, 2025 23:27:56.176326036 CET51.158.108.203192.168.2.140xe53cFormat error (1)serisbot.geek. [malformed]nonenone256492false
                                  Mar 3, 2025 23:27:56.192850113 CET51.158.108.203192.168.2.140xe53cFormat error (1)serisbot.geek. [malformed]nonenone256492false
                                  Mar 3, 2025 23:28:41.474277020 CET194.36.144.87192.168.2.140x5ef9Format error (1)serisbot.geek. [malformed]nonenone256281false
                                  Mar 3, 2025 23:28:41.491518974 CET194.36.144.87192.168.2.140x5ef9Format error (1)serisbot.geek. [malformed]nonenone256281false
                                  Mar 3, 2025 23:28:41.514627934 CET194.36.144.87192.168.2.140x5ef9Format error (1)serisbot.geek. [malformed]nonenone256281false
                                  Mar 3, 2025 23:28:41.537822962 CET194.36.144.87192.168.2.140x5ef9Format error (1)serisbot.geek. [malformed]nonenone256281false
                                  Mar 3, 2025 23:28:41.555181980 CET194.36.144.87192.168.2.140x5ef9Format error (1)serisbot.geek. [malformed]nonenone256281false

                                  System Behavior

                                  General

                                  Start time (UTC):22:26:57
                                  Start date (UTC):03/03/2025
                                  Path:/tmp/zerx86.elf
                                  Arguments:/tmp/zerx86.elf
                                  File size:45788 bytes
                                  MD5 hash:7f69d042988dec35a84d496e1e211a1d

                                  Chronological Activities


                                  General

                                  Start time (UTC):22:26:57
                                  Start date (UTC):03/03/2025
                                  Path:/tmp/zerx86.elf
                                  Arguments:-
                                  File size:45788 bytes
                                  MD5 hash:7f69d042988dec35a84d496e1e211a1d

                                  Chronological Activities


                                  General

                                  Start time (UTC):22:26:57
                                  Start date (UTC):03/03/2025
                                  Path:/tmp/zerx86.elf
                                  Arguments:-
                                  File size:45788 bytes
                                  MD5 hash:7f69d042988dec35a84d496e1e211a1d