Edit tour
Linux
Analysis Report
main_spc.elf
Overview
General Information
| Sample name: | main_spc.elf |
| Analysis ID: | 1729420 |
| Has dependencies: | false |
| MD5: | 0b47d6ab8a374baf39c172422f6dd82d |
| SHA1: | a9f9ac76e36f0c3317135563ad1824cc0f3b371e |
| SHA256: | 37f30121f556886c5759abfe78dd62ccc4be42c55b3c3dd077b5a5b4a4b0c92a |
| Tags: | elfMiraiuser-abuse_ch |
| Infos: |  |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
HTTP GET or POST without a user agent
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1729420 |
| Start date and time: | 2025-07-06 08:12:47 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 42s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | main_spc.elf |
| Detection: | MAL |
| Classification: | mal56.linELF@0/0@4/0 |
| Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Command: | /tmp/main_spc.elf |
| PID: | 5496 |
| Exit Code: | 255 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: | /lib/ld-uClibc.so.0: No such file or directory |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
| Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
| Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | String containing 'busybox' found: | ||
| Source: | String containing 'busybox' found: | ||
| Source: | .symtab present: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
Internet| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 25% | Virustotal | Browse | ||
| 28% | ReversingLabs | Linux.Worm.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| daisy.ubuntu.com | 162.213.35.24 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 162.213.35.24 | daisy.ubuntu.com | United States | 41231 | CANONICAL-ASGB | false | |
| 169.254.169.254 | unknown | Reserved | 6966 | USDOSUS | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 162.213.35.24 | Get hash | malicious | Xmrig | Browse | ||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Xmrig | Browse | |||
| 169.254.169.254 | Get hash | malicious | Xmrig | Browse | ||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse | |||
| Get hash | malicious | Mirai, Xmrig | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| daisy.ubuntu.com | Get hash | malicious | Xmrig | Browse |
| |
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| USDOSUS | Get hash | malicious | Xmrig | Browse |
| |
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 5.993241071596354 |
| TrID: |
|
| File name: | main_spc.elf |
| File size: | 36'200 bytes |
| MD5: | 0b47d6ab8a374baf39c172422f6dd82d |
| SHA1: | a9f9ac76e36f0c3317135563ad1824cc0f3b371e |
| SHA256: | 37f30121f556886c5759abfe78dd62ccc4be42c55b3c3dd077b5a5b4a4b0c92a |
| SHA512: | 1eb70098bf31cd0effb33287d71d69a2a48ed4e33dc9fcd8ad134989090cbc2d0cc5fd8fcb9365e910565b4b4a7929153bb2c9a047094c596619cf85d33b7c4d |
| SSDEEP: | 768:aaR3brp2jy4xTHl/shmJT84mli9wHRz8Q+wTPIDwNMO5TsSH7Nv:aaR3brp2jy4xTHl/shmJT87i9wHRzT+o |
| TLSH: | 54F23A1276792F13C0D666B611BB5F4279A52BCCA390C58FBD720C6FEDA12112C16EF8 |
| File Content Preview: | .ELF....................... ...4.........4. ...(...........4...4...4...................................................................8...8...............<...<...<......V................P...P...P................dt.Q............................/lib/ld-uCl |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 6 |
| Section Header Offset: | 35480 |
| Section Header Size: | 40 |
| Number of Section Headers: | 18 |
| Header String Table Index: | 17 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .interp | PROGBITS | 0x100f4 | 0xf4 | 0x14 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .hash | HASH | 0x10108 | 0x108 | 0x238 | 0x4 | 0x2 | A | 3 | 0 | 4 |
| .dynsym | DYNSYM | 0x10340 | 0x340 | 0x490 | 0x10 | 0x2 | A | 4 | 1 | 4 |
| .dynstr | STRTAB | 0x107d0 | 0x7d0 | 0x255 | 0x0 | 0x2 | A | 0 | 0 | 1 |
| .rela.plt | RELA | 0x10a28 | 0xa28 | 0x2e8 | 0xc | 0x2 | A | 3 | 14 | 4 |
| .init | PROGBITS | 0x10d10 | 0xd10 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .text | PROGBITS | 0x10d2c | 0xd2c | 0x6cd8 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .fini | PROGBITS | 0x17a04 | 0x7a04 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x17a18 | 0x7a18 | 0xb20 | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .ctors | PROGBITS | 0x2853c | 0x853c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x28544 | 0x8544 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dynamic | DYNAMIC | 0x28550 | 0x8550 | 0xb8 | 0x8 | 0x3 | WA | 4 | 0 | 4 |
| .got | PROGBITS | 0x28608 | 0x8608 | 0x4 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
| .plt | PROGBITS | 0x2860c | 0x860c | 0x31c | 0xc | 0x7 | WAX | 0 | 0 | 4 |
| .data | PROGBITS | 0x28928 | 0x8928 | 0xfc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .bss | NOBITS | 0x28a28 | 0x8a24 | 0x5198 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .shstrtab | STRTAB | 0x0 | 0x8a24 | 0x74 | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| PHDR | 0x34 | 0x10034 | 0x10034 | 0xc0 | 0xc0 | 2.2543 | 0x5 | R E | 0x4 | ||
| INTERP | 0xf4 | 0x100f4 | 0x100f4 | 0x14 | 0x14 | 3.6842 | 0x4 | R | 0x1 | /lib/ld-uClibc.so.0 | .interp |
| LOAD | 0x0 | 0x10000 | 0x10000 | 0x8538 | 0x8538 | 6.0761 | 0x5 | R E | 0x10000 | .interp .hash .dynsym .dynstr .rela.plt .init .text .fini .rodata | |
| LOAD | 0x853c | 0x2853c | 0x2853c | 0x4e8 | 0x5684 | 3.8037 | 0x7 | RWE | 0x10000 | .ctors .dtors .dynamic .got .plt .data .bss | |
| DYNAMIC | 0x8550 | 0x28550 | 0x28550 | 0xb8 | 0xb8 | 2.0656 | 0x6 | RW | 0x4 | .dynamic | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
| Type | Meta | Value | Tag |
|---|---|---|---|
| DT_NEEDED | sharedlib | libpthread.so.0 | 0x1 |
| DT_NEEDED | sharedlib | libc.so.0 | 0x1 |
| DT_INIT | value | 0x10d10 | 0xc |
| DT_FINI | value | 0x17a04 | 0xd |
| DT_HASH | value | 0x10108 | 0x4 |
| DT_STRTAB | value | 0x107d0 | 0x5 |
| DT_SYMTAB | value | 0x10340 | 0x6 |
| DT_STRSZ | bytes | 597 | 0xa |
| DT_SYMENT | bytes | 16 | 0xb |
| DT_DEBUG | value | 0x0 | 0x15 |
| DT_PLTGOT | value | 0x2860c | 0x3 |
| DT_PLTRELSZ | bytes | 744 | 0x2 |
| DT_PLTREL | pltrel | DT_RELA | 0x14 |
| DT_JMPREL | value | 0x10a28 | 0x17 |
| DT_RELA | value | 0x10a28 | 0x7 |
| DT_RELASZ | bytes | 744 | 0x8 |
| DT_RELAENT | bytes | 12 | 0x9 |
| DT_NULL | value | 0x0 | 0x0 |
| Name | Version Info Name | Version Info File Name | Section Name | Value | Size | Symbol Type | Symbol Bind | Symbol Visibility | Ndx |
|---|---|---|---|---|---|---|---|---|---|
| .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | |||
| _Jv_RegisterClasses | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __bss_start | .dynsym | 0x28a24 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
| __deregister_frame_info | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __errno_location | .dynsym | 0x28870 | 8 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __register_frame_info | .dynsym | 0x0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_UNDEF | ||
| __sysv_signal | .dynsym | 0x28750 | 136 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| __uClibc_main | .dynsym | 0x287f8 | 544 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| _edata | .dynsym | 0x28a24 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
| _end | .dynsym | 0x2dbc0 | 0 | NOTYPE | <unknown> | DEFAULT | SHN_ABS | ||
| _fini | .dynsym | 0x17a04 | 8 | FUNC | <unknown> | DEFAULT | 8 | ||
| _init | .dynsym | 0x10d10 | 8 | FUNC | <unknown> | DEFAULT | 6 | ||
| _start | .dynsym | 0x10e20 | 56 | FUNC | <unknown> | DEFAULT | 7 | ||
| accept | .dynsym | 0x28744 | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| atoi | .dynsym | 0x28888 | 24 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| bind | .dynsym | 0x28774 | 36 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| calloc | .dynsym | 0x2875c | 112 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| chdir | .dynsym | 0x2878c | 68 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| clock | .dynsym | 0x288ac | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| close | .dynsym | 0x288f4 | 48 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| closedir | .dynsym | 0x288d0 | 148 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| connect | .dynsym | 0x28654 | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| exit | .dynsym | 0x2887c | 164 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| fclose | .dynsym | 0x2881c | 368 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| fcntl | .dynsym | 0x288dc | 80 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| fgets | .dynsym | 0x2869c | 116 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| fopen | .dynsym | 0x28804 | 24 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| fork | .dynsym | 0x287ec | 376 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| free | .dynsym | 0x28900 | 280 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| getpid | .dynsym | 0x28690 | 64 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| getppid | .dynsym | 0x28834 | 64 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| getsockname | .dynsym | 0x28918 | 76 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| getsockopt | .dynsym | 0x28864 | 84 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| inet_addr | .dynsym | 0x28780 | 40 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| inet_ntoa | .dynsym | 0x28828 | 52 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| kill | .dynsym | 0x28768 | 72 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| malloc | .dynsym | 0x286d8 | 376 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| memcpy | .dynsym | 0x286b4 | 4212 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| memset | .dynsym | 0x28810 | 416 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| open | .dynsym | 0x288a0 | 80 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| opendir | .dynsym | 0x28858 | 260 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| perror | .dynsym | 0x286c0 | 116 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| prctl | .dynsym | 0x286a8 | 84 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| pthread_create | .dynsym | 0x28660 | 212 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| pthread_join | .dynsym | 0x288e8 | 548 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| ptrace | .dynsym | 0x28840 | 176 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| rand | .dynsym | 0x287b0 | 16 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| read | .dynsym | 0x0 | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| readdir | .dynsym | 0x28720 | 184 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| readlink | .dynsym | 0x286cc | 76 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| realloc | .dynsym | 0x287e0 | 316 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| recv | .dynsym | 0x28648 | 60 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| recvfrom | .dynsym | 0x286fc | 68 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| remove | .dynsym | 0x286e4 | 76 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| select | .dynsym | 0x28714 | 84 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| send | .dynsym | 0x28738 | 60 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sendto | .dynsym | 0x287d4 | 68 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| setsid | .dynsym | 0x288c4 | 64 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| setsockopt | .dynsym | 0x28798 | 44 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sigaddset | .dynsym | 0x2872c | 56 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sigemptyset | .dynsym | 0x2866c | 32 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| signal | .dynsym | 0x287bc | 204 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sigprocmask | .dynsym | 0x2890c | 140 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| sleep | .dynsym | 0x286f0 | 428 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| snprintf | .dynsym | 0x28678 | 48 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| socket | .dynsym | 0x28708 | 76 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strchr | .dynsym | 0x288b8 | 524 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strcpy | .dynsym | 0x2863c | 804 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strlen | .dynsym | 0x28894 | 120 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| strstr | .dynsym | 0x287a4 | 288 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| time | .dynsym | 0x2884c | 72 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| unlink | .dynsym | 0x287c8 | 68 | FUNC | <unknown> | DEFAULT | SHN_UNDEF | ||
| usleep | .dynsym | 0x28684 | 72 | FUNC | <unknown> | DEFAULT | SHN_UNDEF |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 6, 2025 08:16:39.332276106 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:39.419617891 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:39.419686079 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:39.419738054 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:39.419738054 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:39.507213116 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:39.507224083 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:39.507711887 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:39.507724047 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:39.507766962 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:39.507766962 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:41.507112980 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:16:41.507230043 CEST | 34814 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:16:41.592947006 CEST | 53 | 34814 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:20.114756107 CEST | 49266 | 80 | 192.168.2.13 | 169.254.169.254 |
| Jul 6, 2025 08:17:21.144870996 CEST | 49266 | 80 | 192.168.2.13 | 169.254.169.254 |
| Jul 6, 2025 08:17:23.160876036 CEST | 49266 | 80 | 192.168.2.13 | 169.254.169.254 |
| Jul 6, 2025 08:17:40.526170015 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.611624956 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:40.611866951 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.611866951 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.612186909 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.697310925 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:40.697479963 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:40.697632074 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:40.699446917 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.699446917 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:40.702627897 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:40.702665091 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:40.702737093 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.633835077 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.633867979 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.752527952 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.752913952 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.752914906 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.752943039 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.754597902 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.754597902 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.754611969 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.754622936 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.754961014 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.755033016 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757024050 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757080078 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757160902 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757160902 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757549047 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757613897 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757631063 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757643938 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757652044 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757725000 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757725000 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757736921 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757742882 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757749081 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757749081 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757761002 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757766962 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757777929 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757783890 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:41.757803917 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757826090 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.757826090 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:41.758341074 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.699402094 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.699728966 CEST | 34818 | 53 | 192.168.2.13 | 8.8.8.8 |
| Jul 6, 2025 08:17:42.765952110 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.766022921 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.766083002 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.766133070 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:42.766133070 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:42.766133070 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:42.770690918 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:42.771034002 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.771887064 CEST | 38440 | 443 | 192.168.2.13 | 162.213.35.24 |
| Jul 6, 2025 08:17:42.771894932 CEST | 443 | 38440 | 162.213.35.24 | 192.168.2.13 |
| Jul 6, 2025 08:17:42.785047054 CEST | 53 | 34818 | 8.8.8.8 | 192.168.2.13 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jul 6, 2025 08:16:39.419738054 CEST | 192.168.2.13 | 8.8.8.8 | 0x7621 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 6, 2025 08:16:39.419738054 CEST | 192.168.2.13 | 8.8.8.8 | 0xe635 | Standard query (0) | 28 | IN (0x0001) | false | |
| Jul 6, 2025 08:17:40.611866951 CEST | 192.168.2.13 | 8.8.8.8 | 0x45a1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jul 6, 2025 08:17:40.612186909 CEST | 192.168.2.13 | 8.8.8.8 | 0xb5d4 | Standard query (0) | 28 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jul 6, 2025 08:16:39.507724047 CEST | 8.8.8.8 | 192.168.2.13 | 0x7621 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
| Jul 6, 2025 08:16:39.507724047 CEST | 8.8.8.8 | 192.168.2.13 | 0x7621 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
| Jul 6, 2025 08:17:40.697479963 CEST | 8.8.8.8 | 192.168.2.13 | 0x45a1 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
| Jul 6, 2025 08:17:40.697479963 CEST | 8.8.8.8 | 192.168.2.13 | 0x45a1 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.13 | 38440 | 162.213.35.24 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-07-06 06:17:41 UTC | 307 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:41 UTC | 1460 | OUT | |
| 2025-07-06 06:17:42 UTC | 286 | IN |
System Behavior
| Start time (UTC): | 06:13:52 |
| Start date (UTC): | 06/07/2025 |
| Path: | /tmp/main_spc.elf |
| Arguments: | /tmp/main_spc.elf |
| File size: | 4379400 bytes |
| MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
| Start time (UTC): | 06:16:38 |
| Start date (UTC): | 06/07/2025 |
| Path: | /usr/bin/python3.8 |
| Arguments: | - |
| File size: | 5490352 bytes |
| MD5 hash: | 69f442c3e33b5f9a66b722c29ad89435 |
| Start time (UTC): | 06:16:38 |
| Start date (UTC): | 06/07/2025 |
| Path: | /bin/dpkg |
| Arguments: | dpkg --print-architecture |
| File size: | 309944 bytes |
| MD5 hash: | 5e18156b434fc45062eec2f28b9147be |