Edit tour
Linux
Analysis Report
BWfKcndJCz
Overview
General Information
Sample Name: | BWfKcndJCz |
Analysis ID: | 679622 |
MD5: | 00e2f1330f45468f78497ea8c73e0b3d |
SHA1: | 00562d888ec7a88f8023e8252aef1480234e7c06 |
SHA256: | febec5c5c4719ca23ad04e2f1b7ffe76b81035d5dd79d0eb1f61d9917886e022 |
Tags: | 32elfmirairenesas |
Infos: |
Detection
Mirai
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 679622 |
Start date and time: 06/08/202206:56:04 | 2022-08-06 06:56:04 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | BWfKcndJCz |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal68.troj.lin@0/0@54/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/BWfKcndJCz |
PID: | 6270 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- BWfKcndJCz New Fork (PID: 6272, Parent: 6270)
- BWfKcndJCz New Fork (PID: 6273, Parent: 6270)
- BWfKcndJCz New Fork (PID: 6275, Parent: 6270)
- BWfKcndJCz New Fork (PID: 6277, Parent: 6270)
- BWfKcndJCz New Fork (PID: 6281, Parent: 6277)
- BWfKcndJCz New Fork (PID: 6368, Parent: 6281)
- BWfKcndJCz New Fork (PID: 6282, Parent: 6277)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | .symtab present: |
Source: | SIGKILL sent: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | Classification label: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
40% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
arcticboatz.cz | 46.23.109.40 | true | true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
126.10.188.201 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
191.134.140.164 | unknown | Brazil | 26615 | TIMSABR | false | |
168.185.112.82 | unknown | United States | 2386 | INS-ASUS | false | |
116.169.60.178 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
186.181.146.219 | unknown | Colombia | 27831 | ColombiaMovilCO | false | |
157.203.50.1 | unknown | United Kingdom | 21369 | SEMA-UK-ASGB | false | |
222.80.178.18 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
73.253.134.102 | unknown | United States | 7922 | COMCAST-7922US | false | |
42.79.216.60 | unknown | Taiwan; Republic of China (ROC) | 17421 | EMOME-NETMobileBusinessGroupTW | false | |
176.16.193.37 | unknown | Saudi Arabia | 35819 | MOBILY-ASEtihadEtisalatCompanyMobilySA | false | |
77.23.0.57 | unknown | Germany | 31334 | KABELDEUTSCHLAND-ASDE | false | |
181.154.149.91 | unknown | Colombia | 26611 | COMCELSACO | false | |
113.42.126.196 | unknown | Japan | 17506 | UCOMARTERIANetworksCorporationJP | false | |
27.175.240.67 | unknown | Korea Republic of | 9644 | SKTELECOM-NET-ASSKTelecomKR | false | |
87.208.121.118 | unknown | Netherlands | 13127 | VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo | false | |
199.96.158.138 | unknown | United States | 22062 | GEOSTARUS | false | |
121.86.7.47 | unknown | Japan | 17511 | OPTAGEOPTAGEIncJP | false | |
155.121.107.248 | unknown | United States | 11003 | PANDGUS | false | |
136.119.6.47 | unknown | United States | 15169 | GOOGLEUS | false | |
114.201.214.133 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | false | |
250.16.193.230 | unknown | Reserved | unknown | unknown | false | |
164.213.14.108 | unknown | United States | 3303 | SWISSCOMSwisscomSwitzerlandLtdCH | false | |
222.144.23.95 | unknown | Japan | 4713 | OCNNTTCommunicationsCorporationJP | false | |
163.181.147.225 | unknown | United States | 24429 | TAOBAOZhejiangTaobaoNetworkCoLtdCN | false | |
252.47.3.232 | unknown | Reserved | unknown | unknown | false | |
5.107.206.60 | unknown | United Arab Emirates | 5384 | EMIRATES-INTERNETEmiratesInternetAE | false | |
94.254.235.80 | unknown | Poland | 39603 | P4NETP4UMTSoperatorinPolandPL | false | |
155.48.25.197 | unknown | United States | 16481 | BABSON-GNETUS | false | |
145.85.43.211 | unknown | Netherlands | 1103 | SURFNET-NLSURFnetTheNetherlandsNL | false | |
96.170.253.129 | unknown | United States | 7922 | COMCAST-7922US | false | |
218.167.76.255 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
24.85.18.231 | unknown | Canada | 6327 | SHAWCA | false | |
20.34.247.98 | unknown | United States | 8070 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
4.177.46.104 | unknown | United States | 3356 | LEVEL3US | false | |
8.187.66.174 | unknown | Singapore | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | false | |
158.128.175.63 | unknown | Canada | 721 | DNIC-ASBLK-00721-00726US | false | |
66.33.146.154 | unknown | United States | 7270 | NET2PHONEUS | false | |
8.128.253.249 | unknown | Singapore | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | false | |
202.128.70.152 | unknown | Guam | 3605 | ERX-KUENTOS-ASGuamCablevisionLLCGU | false | |
39.240.223.214 | unknown | Indonesia | 23693 | TELKOMSEL-ASN-IDPTTelekomunikasiSelularID | false | |
245.70.135.90 | unknown | Reserved | unknown | unknown | false | |
110.76.113.93 | unknown | Korea Republic of | 7622 | ASN-KAIST-SALKoreaAdvancedInstituteofScienceandTechno | false | |
248.241.213.22 | unknown | Reserved | unknown | unknown | false | |
191.8.139.153 | unknown | Brazil | 27699 | TELEFONICABRASILSABR | false | |
68.177.52.155 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
166.212.225.201 | unknown | United States | 20057 | ATT-MOBILITY-LLC-AS20057US | false | |
65.90.237.12 | unknown | United States | 3356 | LEVEL3US | false | |
163.98.17.196 | unknown | France | 17816 | CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi | false | |
112.36.133.70 | unknown | China | 24444 | CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany | false | |
171.57.98.160 | unknown | India | 9874 | STARHUB-MOBILEStarHubLtdSG | false | |
12.4.247.94 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
65.154.209.218 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
216.44.168.165 | unknown | United States | 22691 | ISPNET-1US | false | |
40.225.230.46 | unknown | United States | 4249 | LILLY-ASUS | false | |
113.6.156.29 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
18.50.108.142 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
249.178.22.21 | unknown | Reserved | unknown | unknown | false | |
53.252.78.216 | unknown | Germany | 31399 | DAIMLER-ASITIGNGlobalNetworkDE | false | |
74.97.179.131 | unknown | United States | 701 | UUNETUS | false | |
114.199.124.33 | unknown | Indonesia | 24525 | SAP-AS-IDPTSolusiAksesindoPratamaID | false | |
20.65.181.143 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
187.75.183.70 | unknown | Brazil | 27699 | TELEFONICABRASILSABR | false | |
112.27.106.149 | unknown | China | 9808 | CMNET-GDGuangdongMobileCommunicationCoLtdCN | false | |
2.78.125.73 | unknown | Kazakhstan | 29355 | KCELL-ASKZ | false | |
245.183.87.51 | unknown | Reserved | unknown | unknown | false | |
37.132.200.12 | unknown | Spain | 12479 | UNI2-ASES | false | |
181.156.78.251 | unknown | Colombia | 26611 | COMCELSACO | false | |
252.168.83.157 | unknown | Reserved | unknown | unknown | false | |
122.195.233.191 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
255.220.26.136 | unknown | Reserved | unknown | unknown | false | |
105.200.15.254 | unknown | Egypt | 36992 | ETISALAT-MISREG | false | |
197.251.97.122 | unknown | Sudan | 37197 | SUDRENSD | false | |
104.244.106.21 | unknown | United States | 4922 | SHENTELUS | false | |
46.221.241.210 | unknown | Turkey | 15897 | VODAFONETURKEYTR | false | |
106.82.15.179 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
39.149.103.74 | unknown | China | 24445 | CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN | false | |
207.206.52.98 | unknown | United States | 2914 | NTT-COMMUNICATIONS-2914US | false | |
94.121.41.190 | unknown | Turkey | 12978 | DOGAN-ONLINETR | false | |
71.52.220.24 | unknown | United States | 209 | CENTURYLINK-US-LEGACY-QWESTUS | false | |
216.203.226.226 | unknown | United States | 2828 | XO-AS15US | false | |
243.64.140.165 | unknown | Reserved | unknown | unknown | false | |
125.197.52.84 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
169.81.211.206 | unknown | United States | 37611 | AfrihostZA | false | |
87.255.170.252 | unknown | Sweden | 206114 | HOFORSSE | false | |
121.217.223.251 | unknown | Australia | 1221 | ASN-TELSTRATelstraCorporationLtdAU | false | |
86.15.30.45 | unknown | United Kingdom | 5089 | NTLGB | false | |
198.134.219.204 | unknown | Canada | 393348 | SUC-CORP1US | false | |
102.22.168.62 | unknown | unknown | 36924 | GVA-CanalboxBJ | false | |
81.246.236.121 | unknown | Belgium | 5432 | PROXIMUS-ISP-ASBE | false | |
70.230.219.202 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
5.227.152.67 | unknown | Russian Federation | 8580 | SANDYNizhnyNovgorodRussiaRU | false | |
146.217.84.168 | unknown | United States | 20478 | GENMILLSUS | false | |
133.137.4.39 | unknown | Japan | 2497 | IIJInternetInitiativeJapanIncJP | false | |
135.94.207.158 | unknown | United States | 29705 | MOTIVE-COMMUNICATIONS-INCORPORATEDUS | false | |
101.16.254.242 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
217.187.39.197 | unknown | Germany | 6805 | TDDE-ASN1DE | false | |
112.37.66.61 | unknown | China | 24444 | CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany | false | |
158.103.37.247 | unknown | United States | 33170 | MORGAN-STATE-UNIVERSITYUS | false | |
163.84.28.196 | unknown | France | 17816 | CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi | false | |
81.6.84.77 | unknown | Turkey | 15897 | VODAFONETURKEYTR | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.835569254032797 |
TrID: |
|
File name: | BWfKcndJCz |
File size: | 83284 |
MD5: | 00e2f1330f45468f78497ea8c73e0b3d |
SHA1: | 00562d888ec7a88f8023e8252aef1480234e7c06 |
SHA256: | febec5c5c4719ca23ad04e2f1b7ffe76b81035d5dd79d0eb1f61d9917886e022 |
SHA512: | 36cb2b8f8078552a5601484acb176ec6854eafeb1b4b8df43619562944e11a38115e4d2aaf58af3686f7e2c994c142545f5133ad6a42139804f796e618989e52 |
SSDEEP: | 1536:IF9a26mwt/KNb9REbQObIPs3NPXoKA/qUp8KJ8yK6BeCqJvf3JYoU/:IF9OmpNcbWP+NPoppjJtBeHf5XU/ |
TLSH: | D883BFB5C099ADA8C1484AB4BDA58F349313A90485A73EF6E794C35D940BEFDF6093F0 |
File Content Preview: | .ELF..............*.......@.4....C......4. ...(...............@...@.p<..p<..............t<..t<B.t<B..... 3..........Q.td............................././"O.n........#.*@........#.*@L....o&O.n...l..............................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0x11a60 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x411b40 | 0x11b40 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x411b64 | 0x11b64 | 0x210c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x423c74 | 0x13c74 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x423c7c | 0x13c7c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x423c88 | 0x13c88 | 0x6fc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x424384 | 0x14384 | 0x2c10 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x14384 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x13c70 | 0x13c70 | 6.8757 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x13c74 | 0x423c74 | 0x423c74 | 0x710 | 0x3320 | 4.4046 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 6, 2022 06:56:49.966325998 CEST | 57083 | 23 | 192.168.2.23 | 130.178.235.45 |
Aug 6, 2022 06:56:49.966429949 CEST | 57083 | 23 | 192.168.2.23 | 97.254.121.18 |
Aug 6, 2022 06:56:49.966464996 CEST | 57083 | 23 | 192.168.2.23 | 92.51.44.34 |
Aug 6, 2022 06:56:49.966499090 CEST | 57083 | 23 | 192.168.2.23 | 245.199.218.18 |
Aug 6, 2022 06:56:49.966557980 CEST | 57083 | 23 | 192.168.2.23 | 114.32.252.187 |
Aug 6, 2022 06:56:49.966597080 CEST | 57083 | 23 | 192.168.2.23 | 178.88.163.32 |
Aug 6, 2022 06:56:49.966640949 CEST | 57083 | 23 | 192.168.2.23 | 82.134.184.5 |
Aug 6, 2022 06:56:49.966694117 CEST | 57083 | 23 | 192.168.2.23 | 180.208.179.221 |
Aug 6, 2022 06:56:49.966706038 CEST | 57083 | 23 | 192.168.2.23 | 1.21.212.2 |
Aug 6, 2022 06:56:49.966727972 CEST | 57083 | 23 | 192.168.2.23 | 86.252.252.159 |
Aug 6, 2022 06:56:49.966751099 CEST | 57083 | 23 | 192.168.2.23 | 32.21.5.32 |
Aug 6, 2022 06:56:49.966892958 CEST | 57083 | 23 | 192.168.2.23 | 162.109.115.201 |
Aug 6, 2022 06:56:49.966943026 CEST | 57083 | 23 | 192.168.2.23 | 152.123.118.152 |
Aug 6, 2022 06:56:49.966969967 CEST | 57083 | 23 | 192.168.2.23 | 44.187.123.210 |
Aug 6, 2022 06:56:49.967011929 CEST | 57083 | 23 | 192.168.2.23 | 122.154.229.193 |
Aug 6, 2022 06:56:49.967025995 CEST | 57083 | 23 | 192.168.2.23 | 186.67.23.78 |
Aug 6, 2022 06:56:49.967067957 CEST | 57083 | 23 | 192.168.2.23 | 161.109.108.0 |
Aug 6, 2022 06:56:49.967130899 CEST | 57083 | 23 | 192.168.2.23 | 105.3.142.125 |
Aug 6, 2022 06:56:49.967163086 CEST | 57083 | 23 | 192.168.2.23 | 14.143.111.75 |
Aug 6, 2022 06:56:49.967169046 CEST | 57083 | 23 | 192.168.2.23 | 141.13.41.240 |
Aug 6, 2022 06:56:49.967176914 CEST | 57083 | 23 | 192.168.2.23 | 118.173.205.59 |
Aug 6, 2022 06:56:49.967181921 CEST | 57083 | 23 | 192.168.2.23 | 189.227.114.192 |
Aug 6, 2022 06:56:49.967200994 CEST | 57083 | 23 | 192.168.2.23 | 76.63.234.178 |
Aug 6, 2022 06:56:49.967215061 CEST | 57083 | 23 | 192.168.2.23 | 12.227.132.97 |
Aug 6, 2022 06:56:49.967281103 CEST | 57083 | 23 | 192.168.2.23 | 157.116.37.48 |
Aug 6, 2022 06:56:49.967308044 CEST | 57083 | 23 | 192.168.2.23 | 218.47.154.164 |
Aug 6, 2022 06:56:49.967327118 CEST | 57083 | 23 | 192.168.2.23 | 249.102.187.221 |
Aug 6, 2022 06:56:49.967333078 CEST | 57083 | 23 | 192.168.2.23 | 125.133.233.75 |
Aug 6, 2022 06:56:49.967364073 CEST | 57083 | 23 | 192.168.2.23 | 43.5.150.128 |
Aug 6, 2022 06:56:49.967381001 CEST | 57083 | 23 | 192.168.2.23 | 196.32.29.125 |
Aug 6, 2022 06:56:49.967385054 CEST | 57083 | 23 | 192.168.2.23 | 58.160.84.42 |
Aug 6, 2022 06:56:49.967401028 CEST | 57083 | 23 | 192.168.2.23 | 69.136.185.0 |
Aug 6, 2022 06:56:49.967425108 CEST | 57083 | 23 | 192.168.2.23 | 187.71.89.163 |
Aug 6, 2022 06:56:49.967528105 CEST | 57083 | 23 | 192.168.2.23 | 178.109.227.57 |
Aug 6, 2022 06:56:49.967535973 CEST | 57083 | 23 | 192.168.2.23 | 24.213.203.226 |
Aug 6, 2022 06:56:49.967552900 CEST | 57083 | 23 | 192.168.2.23 | 2.25.30.89 |
Aug 6, 2022 06:56:49.967566013 CEST | 57083 | 23 | 192.168.2.23 | 135.211.204.21 |
Aug 6, 2022 06:56:49.967601061 CEST | 57083 | 23 | 192.168.2.23 | 4.55.192.84 |
Aug 6, 2022 06:56:49.967627048 CEST | 57083 | 23 | 192.168.2.23 | 65.184.48.58 |
Aug 6, 2022 06:56:49.967644930 CEST | 57083 | 23 | 192.168.2.23 | 157.226.29.109 |
Aug 6, 2022 06:56:49.967731953 CEST | 57083 | 23 | 192.168.2.23 | 35.139.194.3 |
Aug 6, 2022 06:56:49.967732906 CEST | 57083 | 23 | 192.168.2.23 | 109.49.145.61 |
Aug 6, 2022 06:56:49.967750072 CEST | 57083 | 23 | 192.168.2.23 | 73.20.159.185 |
Aug 6, 2022 06:56:49.967753887 CEST | 57083 | 23 | 192.168.2.23 | 250.130.92.49 |
Aug 6, 2022 06:56:49.967765093 CEST | 57083 | 23 | 192.168.2.23 | 151.214.154.194 |
Aug 6, 2022 06:56:49.967786074 CEST | 57083 | 23 | 192.168.2.23 | 171.112.64.222 |
Aug 6, 2022 06:56:49.967897892 CEST | 57083 | 23 | 192.168.2.23 | 100.146.112.132 |
Aug 6, 2022 06:56:49.967920065 CEST | 57083 | 23 | 192.168.2.23 | 59.208.126.78 |
Aug 6, 2022 06:56:49.967920065 CEST | 57083 | 23 | 192.168.2.23 | 243.215.24.159 |
Aug 6, 2022 06:56:49.968029022 CEST | 57083 | 23 | 192.168.2.23 | 207.23.86.61 |
Aug 6, 2022 06:56:49.968043089 CEST | 57083 | 23 | 192.168.2.23 | 142.231.190.39 |
Aug 6, 2022 06:56:49.968061924 CEST | 57083 | 23 | 192.168.2.23 | 35.242.66.160 |
Aug 6, 2022 06:56:49.968089104 CEST | 57083 | 23 | 192.168.2.23 | 125.144.153.24 |
Aug 6, 2022 06:56:49.968107939 CEST | 57083 | 23 | 192.168.2.23 | 32.53.11.170 |
Aug 6, 2022 06:56:49.968122005 CEST | 57083 | 23 | 192.168.2.23 | 135.79.87.59 |
Aug 6, 2022 06:56:49.968141079 CEST | 57083 | 23 | 192.168.2.23 | 250.234.236.138 |
Aug 6, 2022 06:56:49.968157053 CEST | 57083 | 23 | 192.168.2.23 | 4.16.122.45 |
Aug 6, 2022 06:56:49.968169928 CEST | 57083 | 23 | 192.168.2.23 | 76.231.167.129 |
Aug 6, 2022 06:56:49.968173981 CEST | 57083 | 23 | 192.168.2.23 | 249.26.149.82 |
Aug 6, 2022 06:56:49.968245983 CEST | 57083 | 23 | 192.168.2.23 | 66.66.25.216 |
Aug 6, 2022 06:56:49.968292952 CEST | 57083 | 23 | 192.168.2.23 | 158.162.240.27 |
Aug 6, 2022 06:56:49.968334913 CEST | 57083 | 23 | 192.168.2.23 | 139.180.89.29 |
Aug 6, 2022 06:56:49.968336105 CEST | 57083 | 23 | 192.168.2.23 | 252.53.195.208 |
Aug 6, 2022 06:56:49.968413115 CEST | 57083 | 23 | 192.168.2.23 | 106.224.48.139 |
Aug 6, 2022 06:56:49.968427896 CEST | 57083 | 23 | 192.168.2.23 | 9.214.103.97 |
Aug 6, 2022 06:56:49.968450069 CEST | 57083 | 23 | 192.168.2.23 | 184.7.34.217 |
Aug 6, 2022 06:56:49.968466997 CEST | 57083 | 23 | 192.168.2.23 | 123.131.67.117 |
Aug 6, 2022 06:56:49.968470097 CEST | 57083 | 23 | 192.168.2.23 | 8.219.101.10 |
Aug 6, 2022 06:56:49.968516111 CEST | 57083 | 23 | 192.168.2.23 | 98.7.150.23 |
Aug 6, 2022 06:56:49.968620062 CEST | 57083 | 23 | 192.168.2.23 | 104.230.247.145 |
Aug 6, 2022 06:56:49.968679905 CEST | 57083 | 23 | 192.168.2.23 | 188.96.227.124 |
Aug 6, 2022 06:56:49.968720913 CEST | 57083 | 23 | 192.168.2.23 | 32.40.116.39 |
Aug 6, 2022 06:56:49.968760014 CEST | 57083 | 23 | 192.168.2.23 | 36.0.212.61 |
Aug 6, 2022 06:56:49.968780041 CEST | 57083 | 23 | 192.168.2.23 | 210.117.47.81 |
Aug 6, 2022 06:56:49.968782902 CEST | 57083 | 23 | 192.168.2.23 | 81.65.72.172 |
Aug 6, 2022 06:56:49.968800068 CEST | 57083 | 23 | 192.168.2.23 | 77.88.18.177 |
Aug 6, 2022 06:56:49.968818903 CEST | 57083 | 23 | 192.168.2.23 | 181.23.199.178 |
Aug 6, 2022 06:56:49.968867064 CEST | 57083 | 23 | 192.168.2.23 | 126.136.25.14 |
Aug 6, 2022 06:56:49.968908072 CEST | 57083 | 23 | 192.168.2.23 | 203.189.136.56 |
Aug 6, 2022 06:56:49.968919039 CEST | 57083 | 23 | 192.168.2.23 | 221.255.82.52 |
Aug 6, 2022 06:56:49.968938112 CEST | 57083 | 23 | 192.168.2.23 | 18.50.81.154 |
Aug 6, 2022 06:56:49.968966007 CEST | 57083 | 23 | 192.168.2.23 | 169.40.246.71 |
Aug 6, 2022 06:56:49.969069004 CEST | 57083 | 23 | 192.168.2.23 | 155.124.178.230 |
Aug 6, 2022 06:56:49.969088078 CEST | 57083 | 23 | 192.168.2.23 | 212.67.89.56 |
Aug 6, 2022 06:56:49.969108105 CEST | 57083 | 23 | 192.168.2.23 | 57.112.46.96 |
Aug 6, 2022 06:56:49.969116926 CEST | 57083 | 23 | 192.168.2.23 | 221.197.59.10 |
Aug 6, 2022 06:56:49.969134092 CEST | 57083 | 23 | 192.168.2.23 | 179.92.98.85 |
Aug 6, 2022 06:56:49.969178915 CEST | 57083 | 23 | 192.168.2.23 | 223.106.224.217 |
Aug 6, 2022 06:56:49.969192028 CEST | 57083 | 23 | 192.168.2.23 | 47.77.123.131 |
Aug 6, 2022 06:56:49.969244003 CEST | 57083 | 23 | 192.168.2.23 | 63.93.46.153 |
Aug 6, 2022 06:56:49.969320059 CEST | 57083 | 23 | 192.168.2.23 | 198.79.78.95 |
Aug 6, 2022 06:56:49.969337940 CEST | 57083 | 23 | 192.168.2.23 | 244.76.248.228 |
Aug 6, 2022 06:56:49.969352007 CEST | 57083 | 23 | 192.168.2.23 | 116.203.141.228 |
Aug 6, 2022 06:56:49.969362974 CEST | 57083 | 23 | 192.168.2.23 | 183.138.50.108 |
Aug 6, 2022 06:56:49.969419003 CEST | 57083 | 23 | 192.168.2.23 | 148.36.92.171 |
Aug 6, 2022 06:56:49.969424963 CEST | 57083 | 23 | 192.168.2.23 | 76.127.218.70 |
Aug 6, 2022 06:56:49.969434977 CEST | 57083 | 23 | 192.168.2.23 | 139.175.32.41 |
Aug 6, 2022 06:56:49.969458103 CEST | 57083 | 23 | 192.168.2.23 | 16.101.179.218 |
Aug 6, 2022 06:56:49.969608068 CEST | 57083 | 23 | 192.168.2.23 | 147.175.34.153 |
Aug 6, 2022 06:56:49.969644070 CEST | 57083 | 23 | 192.168.2.23 | 74.230.212.139 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 6, 2022 06:56:50.035624027 CEST | 192.168.2.23 | 8.8.8.8 | 0xf146 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:56:57.084233999 CEST | 192.168.2.23 | 8.8.8.8 | 0xdd64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:56:58.132563114 CEST | 192.168.2.23 | 8.8.8.8 | 0x9804 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:02.187666893 CEST | 192.168.2.23 | 8.8.8.8 | 0x8be8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:07.234935045 CEST | 192.168.2.23 | 8.8.8.8 | 0x431f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:14.354414940 CEST | 192.168.2.23 | 8.8.8.8 | 0x1113 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:15.402242899 CEST | 192.168.2.23 | 8.8.8.8 | 0x7c9f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:17.449896097 CEST | 192.168.2.23 | 8.8.8.8 | 0x63f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:20.496587992 CEST | 192.168.2.23 | 8.8.8.8 | 0xc8ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:29.579412937 CEST | 192.168.2.23 | 8.8.8.8 | 0xe1f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:30.639404058 CEST | 192.168.2.23 | 8.8.8.8 | 0x2212 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:31.685211897 CEST | 192.168.2.23 | 8.8.8.8 | 0x59b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:36.734404087 CEST | 192.168.2.23 | 8.8.8.8 | 0xca8e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:39.782919884 CEST | 192.168.2.23 | 8.8.8.8 | 0x1254 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:43.829257011 CEST | 192.168.2.23 | 8.8.8.8 | 0x8f07 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:50.877547026 CEST | 192.168.2.23 | 8.8.8.8 | 0xce8b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:56.963840961 CEST | 192.168.2.23 | 8.8.8.8 | 0x3ad4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:57:59.011733055 CEST | 192.168.2.23 | 8.8.8.8 | 0x10b5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:08.060539007 CEST | 192.168.2.23 | 8.8.8.8 | 0x784f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:18.121064901 CEST | 192.168.2.23 | 8.8.8.8 | 0x5b45 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:24.170289040 CEST | 192.168.2.23 | 8.8.8.8 | 0x8e38 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:32.217387915 CEST | 192.168.2.23 | 8.8.8.8 | 0x4ed6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:39.265671015 CEST | 192.168.2.23 | 8.8.8.8 | 0x51e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:45.311171055 CEST | 192.168.2.23 | 8.8.8.8 | 0xe41b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:50.361099958 CEST | 192.168.2.23 | 8.8.8.8 | 0x3e43 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:58:58.410478115 CEST | 192.168.2.23 | 8.8.8.8 | 0xc396 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:02.457345009 CEST | 192.168.2.23 | 8.8.8.8 | 0x54dc | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:03.506371021 CEST | 192.168.2.23 | 8.8.8.8 | 0x182d | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:09.588334084 CEST | 192.168.2.23 | 8.8.8.8 | 0x1ae8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:10.634160042 CEST | 192.168.2.23 | 8.8.8.8 | 0x5de8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:12.701220036 CEST | 192.168.2.23 | 8.8.8.8 | 0x83d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:19.747852087 CEST | 192.168.2.23 | 8.8.8.8 | 0x2e36 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:21.797305107 CEST | 192.168.2.23 | 8.8.8.8 | 0x16b | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:30.845122099 CEST | 192.168.2.23 | 8.8.8.8 | 0x9567 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:38.923134089 CEST | 192.168.2.23 | 8.8.8.8 | 0xf027 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:39.379580975 CEST | 192.168.2.23 | 8.8.8.8 | 0xf146 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:44.978177071 CEST | 192.168.2.23 | 8.8.8.8 | 0x306a | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:46.427736044 CEST | 192.168.2.23 | 8.8.8.8 | 0xdd64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:47.476125002 CEST | 192.168.2.23 | 8.8.8.8 | 0x9804 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:51.027462006 CEST | 192.168.2.23 | 8.8.8.8 | 0x7c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:51.521742105 CEST | 192.168.2.23 | 8.8.8.8 | 0x8be8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:55.075078011 CEST | 192.168.2.23 | 8.8.8.8 | 0xdb08 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 06:59:56.571420908 CEST | 192.168.2.23 | 8.8.8.8 | 0x431f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:00.122791052 CEST | 192.168.2.23 | 8.8.8.8 | 0xadd3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:03.619024038 CEST | 192.168.2.23 | 8.8.8.8 | 0x1113 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:04.664781094 CEST | 192.168.2.23 | 8.8.8.8 | 0x7c9f | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:06.173247099 CEST | 192.168.2.23 | 8.8.8.8 | 0xaf08 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:06.712279081 CEST | 192.168.2.23 | 8.8.8.8 | 0x63f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:09.772289991 CEST | 192.168.2.23 | 8.8.8.8 | 0xc8ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:16.231467009 CEST | 192.168.2.23 | 8.8.8.8 | 0x843e | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:18.819293976 CEST | 192.168.2.23 | 8.8.8.8 | 0xe1f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:19.869019032 CEST | 192.168.2.23 | 8.8.8.8 | 0x2212 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:20.925767899 CEST | 192.168.2.23 | 8.8.8.8 | 0x59b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 6, 2022 07:00:22.277837992 CEST | 192.168.2.23 | 8.8.8.8 | 0x737b | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 6, 2022 06:56:50.054846048 CEST | 8.8.8.8 | 192.168.2.23 | 0xf146 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:56:57.103171110 CEST | 8.8.8.8 | 192.168.2.23 | 0xdd64 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:56:58.152157068 CEST | 8.8.8.8 | 192.168.2.23 | 0x9804 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:02.206698895 CEST | 8.8.8.8 | 192.168.2.23 | 0x8be8 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:07.254484892 CEST | 8.8.8.8 | 192.168.2.23 | 0x431f | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:14.373720884 CEST | 8.8.8.8 | 192.168.2.23 | 0x1113 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:15.419578075 CEST | 8.8.8.8 | 192.168.2.23 | 0x7c9f | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:17.467223883 CEST | 8.8.8.8 | 192.168.2.23 | 0x63f0 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:20.548434019 CEST | 8.8.8.8 | 192.168.2.23 | 0xc8ce | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:29.596456051 CEST | 8.8.8.8 | 192.168.2.23 | 0xe1f2 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:30.656332970 CEST | 8.8.8.8 | 192.168.2.23 | 0x2212 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:31.704996109 CEST | 8.8.8.8 | 192.168.2.23 | 0x59b6 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:36.753519058 CEST | 8.8.8.8 | 192.168.2.23 | 0xca8e | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:39.799984932 CEST | 8.8.8.8 | 192.168.2.23 | 0x1254 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:43.848314047 CEST | 8.8.8.8 | 192.168.2.23 | 0x8f07 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:50.896404028 CEST | 8.8.8.8 | 192.168.2.23 | 0xce8b | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:56.982877970 CEST | 8.8.8.8 | 192.168.2.23 | 0x3ad4 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:57:59.031292915 CEST | 8.8.8.8 | 192.168.2.23 | 0x10b5 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:08.092725039 CEST | 8.8.8.8 | 192.168.2.23 | 0x784f | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:18.140161037 CEST | 8.8.8.8 | 192.168.2.23 | 0x5b45 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:24.189546108 CEST | 8.8.8.8 | 192.168.2.23 | 0x8e38 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:32.236618996 CEST | 8.8.8.8 | 192.168.2.23 | 0x4ed6 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:39.282852888 CEST | 8.8.8.8 | 192.168.2.23 | 0x51e9 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:45.330629110 CEST | 8.8.8.8 | 192.168.2.23 | 0xe41b | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:50.380206108 CEST | 8.8.8.8 | 192.168.2.23 | 0x3e43 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:58:58.427586079 CEST | 8.8.8.8 | 192.168.2.23 | 0xc396 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:02.477582932 CEST | 8.8.8.8 | 192.168.2.23 | 0x54dc | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:03.559933901 CEST | 8.8.8.8 | 192.168.2.23 | 0x182d | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:09.605597973 CEST | 8.8.8.8 | 192.168.2.23 | 0x1ae8 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:10.653480053 CEST | 8.8.8.8 | 192.168.2.23 | 0x5de8 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:12.718441963 CEST | 8.8.8.8 | 192.168.2.23 | 0x83d3 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:19.766853094 CEST | 8.8.8.8 | 192.168.2.23 | 0x2e36 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:21.816644907 CEST | 8.8.8.8 | 192.168.2.23 | 0x16b | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:30.864298105 CEST | 8.8.8.8 | 192.168.2.23 | 0x9567 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:38.941890955 CEST | 8.8.8.8 | 192.168.2.23 | 0xf027 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:39.398794889 CEST | 8.8.8.8 | 192.168.2.23 | 0xf146 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:44.998653889 CEST | 8.8.8.8 | 192.168.2.23 | 0x306a | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:46.446966887 CEST | 8.8.8.8 | 192.168.2.23 | 0xdd64 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:47.492810011 CEST | 8.8.8.8 | 192.168.2.23 | 0x9804 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:51.044807911 CEST | 8.8.8.8 | 192.168.2.23 | 0x7c7 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:51.541069031 CEST | 8.8.8.8 | 192.168.2.23 | 0x8be8 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:55.092355967 CEST | 8.8.8.8 | 192.168.2.23 | 0xdb08 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 06:59:56.590563059 CEST | 8.8.8.8 | 192.168.2.23 | 0x431f | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:00.142249107 CEST | 8.8.8.8 | 192.168.2.23 | 0xadd3 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:03.636152983 CEST | 8.8.8.8 | 192.168.2.23 | 0x1113 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:04.682857037 CEST | 8.8.8.8 | 192.168.2.23 | 0x7c9f | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:06.190462112 CEST | 8.8.8.8 | 192.168.2.23 | 0xaf08 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:06.743859053 CEST | 8.8.8.8 | 192.168.2.23 | 0x63f0 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:09.790031910 CEST | 8.8.8.8 | 192.168.2.23 | 0xc8ce | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:16.248883009 CEST | 8.8.8.8 | 192.168.2.23 | 0x843e | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:18.838740110 CEST | 8.8.8.8 | 192.168.2.23 | 0xe1f2 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:19.887870073 CEST | 8.8.8.8 | 192.168.2.23 | 0x2212 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:20.945054054 CEST | 8.8.8.8 | 192.168.2.23 | 0x59b6 | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) | ||
Aug 6, 2022 07:00:22.297184944 CEST | 8.8.8.8 | 192.168.2.23 | 0x737b | No error (0) | 46.23.109.40 | A (IP address) | IN (0x0001) |
System Behavior
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | /tmp/BWfKcndJCz |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:59:38 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time: | 06:56:48 |
Start date: | 06/08/2022 |
Path: | /tmp/BWfKcndJCz |
Arguments: | n/a |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |