Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1531520
MD5:	2f3100a46d67292d3e0caf054a793f90
SHA1:	2733069745143335af2beddae489566ebbf956c6
SHA256:	562e3f945ebef261ba9efc6bcc74ebf83e9bd4213f774878c54a4a3620676ff4
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample contains strings that are user agent strings indicative of HTTP manipulation

Sample has stripped symbol table

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531520
Start date and time:	2024-10-11 10:59:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@48/0

Runtime Messages

Command:	/tmp/na.elf
PID:	6267
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	eshay
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 6267, Parent: 6192, MD5: 2f3100a46d67292d3e0caf054a793f90) Arguments: /tmp/na.elf

na.elf New Fork (PID: 6268, Parent: 6267)

dash New Fork (PID: 6276, Parent: 4331)

rm (PID: 6276, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi

dash New Fork (PID: 6277, Parent: 4331)

rm (PID: 6277, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
na.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0x5c2d:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08

Memory Dumps

Source	Rule	Description	Author	Strings
6267.1.0000000008048000.0000000008054000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0x5c2d:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf	Virustotal: Detection: 21%			Perma Link
Source: na.elf	ReversingLabs: Detection: 28%

Machine Learning detection for sample

Source: na.elf

Joe Sandbox ML: detected

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 154.213.192.29 ports 0,33403,3,4,9,33409
Source: global traffic	TCP traffic: 5.206.227.62 ports 0,33402,2,3,4,33408,33406
Source: global traffic	TCP traffic: 81.4.109.66 ports 0,33402,2,3,4,33406

Source: global traffic	TCP traffic: 192.168.2.23:49342 -> 5.206.227.62:33402
Source: global traffic	TCP traffic: 192.168.2.23:57116 -> 154.213.192.29:33409
Source: global traffic	TCP traffic: 192.168.2.23:54296 -> 81.4.109.66:33402
Source: global traffic	TCP traffic: 192.168.2.23:46874 -> 38.43.93.83:33402
Source: global traffic	TCP traffic: 192.168.2.23:42664 -> 107.161.24.95:33403

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic	DNS traffic detected: DNS query: srv6.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv4.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv8.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv10.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv3.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv9.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv2.pty.su
Source: global traffic	DNS traffic detected: DNS query: srv5.pty.su

Source: unknown	Network traffic detected: HTTP traffic on port 39266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39266
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6267.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6267.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26

Source: classification engine

Classification label: mal72.troj.linELF@0/0@48/0

Source: /usr/bin/dash (PID: 6276)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi			Jump to behavior
Source: /usr/bin/dash (PID: 6277)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi			Jump to behavior

Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Source: Initial sample	User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	2 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	21%	Virustotal		Browse
na.elf	29%	ReversingLabs	Linux.Backdoor.Mirai
na.elf	100%	Avira	EXP/ELF.Mirai.Bot.Hua.d
na.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
srv9.pty.su	8%	Virustotal	Browse
srv3.pty.su	8%	Virustotal	Browse
srv6.pty.su	8%	Virustotal	Browse
srv5.pty.su	8%	Virustotal	Browse
srv8.pty.su	8%	Virustotal	Browse
srv2.pty.su	7%	Virustotal	Browse
srv4.pty.su	7%	Virustotal	Browse
srv10.pty.su	8%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
srv9.pty.su	38.43.93.83	true	false	8%, Virustotal, Browse	unknown
srv3.pty.su	81.4.109.66	true	true	8%, Virustotal, Browse	unknown
srv6.pty.su	5.206.227.62	true	true	8%, Virustotal, Browse	unknown
srv5.pty.su	107.161.24.95	true	false	8%, Virustotal, Browse	unknown
srv8.pty.su	154.213.192.29	true	true	8%, Virustotal, Browse	unknown
srv2.pty.su	unknown	unknown	true	7%, Virustotal, Browse	unknown
srv10.pty.su	unknown	unknown	true	8%, Virustotal, Browse	unknown
srv4.pty.su	unknown	unknown	true	7%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
5.206.227.62	srv6.pty.su	Portugal	49349	DOTSIPT	true
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
154.213.192.29	srv8.pty.su	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	true
38.43.93.83	srv9.pty.su	United States	174	COGENT-174US	false
107.161.24.95	srv5.pty.su	United States	3842	RAMNODEUS	false
81.4.109.66	srv3.pty.su	Netherlands	198203	ASN-ROUTELABELNL	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
5.206.227.62	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
34.249.145.219	na.elf	Get hash	malicious	Unknown	Browse
	9BXz5oZUMh.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Gafgyt, Mirai, Okiru	Browse
	na.elf	Get hash	malicious	Mirai, Okiru	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
154.213.192.29	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
38.43.93.83	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
107.161.24.95	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
81.4.109.66	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
srv9.pty.su	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
srv6.pty.su	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
srv5.pty.su	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
	na.elf	Get hash	malicious	Unknown	Browse	107.161.24.95
	na.elf	Get hash	malicious	Unknown	Browse	107.161.24.95
	na.elf	Get hash	malicious	Unknown	Browse	107.161.24.95
	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
	na.elf	Get hash	malicious	Unknown	Browse	107.161.24.95
	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
	na.elf	Get hash	malicious	Mirai	Browse	107.161.24.95
srv3.pty.su	na.elf	Get hash	malicious	Mirai	Browse	81.4.109.66
	na.elf	Get hash	malicious	Mirai	Browse	81.4.109.66
	na.elf	Get hash	malicious	Mirai	Browse	81.4.109.66
	na.elf	Get hash	malicious	Mirai	Browse	81.4.109.66
	na.elf	Get hash	malicious	Unknown	Browse	81.4.109.66
srv8.pty.su	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
POWERLINE-AS-APPOWERLINEDATACENTERHK	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	156.250.157.119
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	156.242.206.26
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Unknown	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
	na.elf	Get hash	malicious	Mirai	Browse	154.213.192.29
COGENT-174US	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	EKTEDIR.exe	Get hash	malicious	FormBook	Browse	206.119.82.148
	na.elf	Get hash	malicious	Mirai	Browse	38.212.110.167
	PI-4009832-2024.xlam.xlsx	Get hash	malicious	Unknown	Browse	154.38.187.47
	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Mirai	Browse	38.43.93.83
	na.elf	Get hash	malicious	Unknown	Browse	38.43.93.83
	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Get hash	malicious	FormBook	Browse	154.23.184.194
	na.elf	Get hash	malicious	Mirai	Browse	38.63.117.247
DOTSIPT	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Mirai	Browse	5.206.227.62
	na.elf	Get hash	malicious	Unknown	Browse	5.206.227.62
	mEUynxeOFV.exe	Get hash	malicious	Unknown	Browse	185.11.145.254
AMAZON-02US	na.elf	Get hash	malicious	Mirai	Browse	108.145.0.225
	na.elf	Get hash	malicious	Unknown	Browse	52.195.249.19
	EKTEDIR.exe	Get hash	malicious	FormBook	Browse	76.223.67.189
	na.elf	Get hash	malicious	Unknown	Browse	34.243.160.129
	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Get hash	malicious	FormBook	Browse	76.223.54.146
	na.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	na.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	na.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	na.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://clicks.trx-hub.com/xid/pmc_0aaa4_wwd?q=https://aussiebongs.com/#aHdheXVuLmxlZSRoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	34.248.166.153

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.539513980903169
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	na.elf
File size:	47'908 bytes
MD5:	2f3100a46d67292d3e0caf054a793f90
SHA1:	2733069745143335af2beddae489566ebbf956c6
SHA256:	562e3f945ebef261ba9efc6bcc74ebf83e9bd4213f774878c54a4a3620676ff4
SHA512:	2998193ed59b34935b407d0303a015afee53c8c663c7e139276487a8e8006fed9ba29fa3f3e13682e0ba9fc18a124b5febc419cb31e567b697d0d55ee65745fd
SSDEEP:	768:FJ1NFGfrJJLh4bsZ13fhDytRlIIbfr5K+SJCRQQ2x0IQSXRmWoTmhMMqtTQwPMxg:z10DLh4bsbxOIIbs+S6+x0IQSXRmWDMi
TLSH:	E8235BC2EA86C5F4EC5305F1607B63429B31D6329528EB47CBA53C36EC137819A1B3AD
File Content Preview:	.ELF....................h...4...........4. ...(.....................\|...\|....................F...F.......'..........Q.td............................U..S............h........[]...$.............U......=`I...t..1.....F......F......u........t...$\|6.........`I

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048168
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	47508
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0x9d11	0x0	0x6	AX	16
.fini	PROGBITS	0x8051dc1	0x9dc1	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8051de0	0x9de0	0x189c	0x0	0x2	A	32
.ctors	PROGBITS	0x8054680	0xb680	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8054688	0xb688	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80546a0	0xb6a0	0x2b4	0x0	0x3	WA	32
.bss	NOBITS	0x8054960	0xb954	0x24a0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0xb954	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0xb67c	0xb67c	6.5838	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0xb680	0x8054680	0x8054680	0x2d4	0x2780	3.6025	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 11:01:07.434830904 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 11, 2024 11:01:08.287966967 CEST	49342	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:08.292911053 CEST	33402	49342	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:08.292983055 CEST	49342	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:08.293050051 CEST	49342	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:08.298495054 CEST	33402	49342	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:08.298561096 CEST	49342	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:08.303514004 CEST	33402	49342	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:08.940087080 CEST	33402	49342	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:08.940495014 CEST	49342	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:08.945487022 CEST	33402	49342	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:09.978895903 CEST	49344	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:09.983820915 CEST	33402	49344	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:09.983897924 CEST	49344	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:09.983937979 CEST	49344	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:09.988831043 CEST	33402	49344	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:09.988917112 CEST	49344	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:09.993967056 CEST	33402	49344	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:10.642941952 CEST	33402	49344	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:10.643444061 CEST	49344	33402	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:10.648883104 CEST	33402	49344	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:11.655033112 CEST	57116	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:11.660206079 CEST	33409	57116	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:11.660314083 CEST	57116	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:11.660314083 CEST	57116	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:11.665375948 CEST	33409	57116	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:11.665468931 CEST	57116	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:11.670572996 CEST	33409	57116	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:12.352468014 CEST	33409	57116	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:12.352833986 CEST	57116	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:12.357867002 CEST	33409	57116	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:13.405951023 CEST	57118	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:13.410897970 CEST	33409	57118	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:13.410979033 CEST	57118	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:13.411025047 CEST	57118	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:13.415930033 CEST	33409	57118	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:13.415990114 CEST	57118	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:13.420955896 CEST	33409	57118	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:14.077096939 CEST	33409	57118	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:14.077601910 CEST	57118	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:14.082596064 CEST	33409	57118	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:15.171261072 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:15.176351070 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:15.176420927 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:15.176441908 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:15.181444883 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:15.181504011 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:15.186476946 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:23.924875021 CEST	443	39266	34.249.145.219	192.168.2.23
Oct 11, 2024 11:01:23.925313950 CEST	39266	443	192.168.2.23	34.249.145.219
Oct 11, 2024 11:01:23.930433035 CEST	443	39266	34.249.145.219	192.168.2.23
Oct 11, 2024 11:01:25.185225964 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:25.190182924 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:27.655977964 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 11, 2024 11:01:27.655977964 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 11, 2024 11:01:36.548372030 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:36.548846960 CEST	54296	33402	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:36.553785086 CEST	33402	54296	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:37.564953089 CEST	46874	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:37.570379972 CEST	33402	46874	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:37.570614100 CEST	46874	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:37.570614100 CEST	46874	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:37.575757980 CEST	33402	46874	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:37.575870037 CEST	46874	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:37.580832958 CEST	33402	46874	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:38.275531054 CEST	33402	46874	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:38.275950909 CEST	46874	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:38.280925035 CEST	33402	46874	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:39.319103003 CEST	46876	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:39.324259043 CEST	33402	46876	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:39.324527979 CEST	46876	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:39.324752092 CEST	46876	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:39.329570055 CEST	33402	46876	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:39.329660892 CEST	46876	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:39.334494114 CEST	33402	46876	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:40.004658937 CEST	33402	46876	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:40.005426884 CEST	46876	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:40.010508060 CEST	33402	46876	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:41.047032118 CEST	46878	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:41.051976919 CEST	33402	46878	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:41.052239895 CEST	46878	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:41.052239895 CEST	46878	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:41.057163954 CEST	33402	46878	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:41.057238102 CEST	46878	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:41.062199116 CEST	33402	46878	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:41.713179111 CEST	33402	46878	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:41.713538885 CEST	46878	33402	192.168.2.23	38.43.93.83
Oct 11, 2024 11:01:41.718612909 CEST	33402	46878	38.43.93.83	192.168.2.23
Oct 11, 2024 11:01:42.727927923 CEST	57068	33406	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:42.733397961 CEST	33406	57068	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:42.733701944 CEST	57068	33406	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:42.733702898 CEST	57068	33406	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:42.738972902 CEST	33406	57068	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:42.739161968 CEST	57068	33406	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:42.744863033 CEST	33406	57068	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:43.382734060 CEST	33406	57068	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:43.383404970 CEST	57068	33406	192.168.2.23	5.206.227.62
Oct 11, 2024 11:01:43.389024019 CEST	33406	57068	5.206.227.62	192.168.2.23
Oct 11, 2024 11:01:44.401415110 CEST	57130	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:44.407948971 CEST	33409	57130	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:44.408011913 CEST	57130	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:44.408030987 CEST	57130	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:44.412982941 CEST	33409	57130	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:44.413041115 CEST	57130	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:44.418152094 CEST	33409	57130	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:45.092291117 CEST	33409	57130	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:45.092731953 CEST	57130	33409	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:45.097661972 CEST	33409	57130	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:46.121522903 CEST	48046	33403	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:46.126765013 CEST	33403	48046	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:46.126859903 CEST	48046	33403	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:46.126879930 CEST	48046	33403	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:46.132456064 CEST	33403	48046	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:46.132755995 CEST	48046	33403	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:46.138098001 CEST	33403	48046	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:46.793848038 CEST	33403	48046	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:46.794294119 CEST	48046	33403	192.168.2.23	154.213.192.29
Oct 11, 2024 11:01:46.800221920 CEST	33403	48046	154.213.192.29	192.168.2.23
Oct 11, 2024 11:01:47.834485054 CEST	39578	33406	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:47.839886904 CEST	33406	39578	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:47.840245962 CEST	39578	33406	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:47.840245962 CEST	39578	33406	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:47.845586061 CEST	33406	39578	81.4.109.66	192.168.2.23
Oct 11, 2024 11:01:47.845876932 CEST	39578	33406	192.168.2.23	81.4.109.66
Oct 11, 2024 11:01:47.851305962 CEST	33406	39578	81.4.109.66	192.168.2.23
Oct 11, 2024 11:02:08.610511065 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 11, 2024 11:02:09.204662085 CEST	33406	39578	81.4.109.66	192.168.2.23
Oct 11, 2024 11:02:09.205250025 CEST	39578	33406	192.168.2.23	81.4.109.66
Oct 11, 2024 11:02:09.210587025 CEST	33406	39578	81.4.109.66	192.168.2.23
Oct 11, 2024 11:02:10.221206903 CEST	42664	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:10.226716995 CEST	33403	42664	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:10.227052927 CEST	42664	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:10.227054119 CEST	42664	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:10.232928038 CEST	33403	42664	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:10.233248949 CEST	42664	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:10.238620996 CEST	33403	42664	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:31.581924915 CEST	33403	42664	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:31.582370996 CEST	42664	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:31.587852001 CEST	33403	42664	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:32.625173092 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:32.630429983 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:32.630682945 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:32.630682945 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:32.635891914 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:32.636077881 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:32.641247988 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:42.639476061 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:42.646332026 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:53.985963106 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:53.986481905 CEST	42666	33403	192.168.2.23	107.161.24.95
Oct 11, 2024 11:02:53.992022038 CEST	33403	42666	107.161.24.95	192.168.2.23
Oct 11, 2024 11:02:55.022526979 CEST	48556	33408	192.168.2.23	5.206.227.62
Oct 11, 2024 11:02:55.027371883 CEST	33408	48556	5.206.227.62	192.168.2.23
Oct 11, 2024 11:02:55.027436018 CEST	48556	33408	192.168.2.23	5.206.227.62
Oct 11, 2024 11:02:55.027458906 CEST	48556	33408	192.168.2.23	5.206.227.62
Oct 11, 2024 11:02:55.032366991 CEST	33408	48556	5.206.227.62	192.168.2.23
Oct 11, 2024 11:02:55.032413960 CEST	48556	33408	192.168.2.23	5.206.227.62
Oct 11, 2024 11:02:55.037213087 CEST	33408	48556	5.206.227.62	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 11:01:08.272905111 CEST	59881	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:08.279758930 CEST	53	59881	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:08.280175924 CEST	47163	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:08.287842989 CEST	53	47163	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:09.941926956 CEST	49299	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:09.949506998 CEST	53	49299	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:09.949647903 CEST	52985	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:09.956794977 CEST	53	52985	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:09.956926107 CEST	51850	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:09.963953018 CEST	53	51850	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:09.964025021 CEST	52470	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:09.971064091 CEST	53	52470	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:09.971230984 CEST	48307	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:09.978804111 CEST	53	48307	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:11.645718098 CEST	42592	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:11.654912949 CEST	53	42592	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:13.354518890 CEST	55298	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:13.375000000 CEST	53	55298	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:13.375171900 CEST	51401	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:13.383603096 CEST	53	51401	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:13.383706093 CEST	43696	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:13.390794992 CEST	53	43696	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:13.390903950 CEST	52646	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:13.398020029 CEST	53	52646	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:13.398164988 CEST	46041	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:13.405843019 CEST	53	46041	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:15.080032110 CEST	42357	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:15.149341106 CEST	53	42357	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:15.149507999 CEST	42996	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:15.156785011 CEST	53	42996	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:15.156929970 CEST	35109	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:15.163731098 CEST	53	35109	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:15.163798094 CEST	58887	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:15.171116114 CEST	53	58887	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:37.553556919 CEST	43121	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:37.564413071 CEST	53	43121	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:39.279825926 CEST	50834	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:39.286720037 CEST	53	50834	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:39.286999941 CEST	44884	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:39.294203043 CEST	53	44884	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:39.294439077 CEST	52023	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:39.301953077 CEST	53	52023	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:39.302189112 CEST	58022	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:39.310996056 CEST	53	58022	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:39.311568022 CEST	55909	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:39.318698883 CEST	53	55909	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:41.009660006 CEST	53068	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:41.016673088 CEST	53	53068	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:41.016894102 CEST	34035	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:41.023998022 CEST	53	34035	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:41.024255037 CEST	33998	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:41.031277895 CEST	53	33998	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:41.031470060 CEST	56875	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:41.038856983 CEST	53	56875	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:41.038965940 CEST	37417	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:41.046468973 CEST	53	37417	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:42.715919018 CEST	33926	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:42.727709055 CEST	53	33926	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:44.386436939 CEST	47479	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:44.393712997 CEST	53	47479	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:44.393841982 CEST	54518	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:44.401256084 CEST	53	54518	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:46.095057964 CEST	49391	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:46.102324963 CEST	53	49391	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:46.102459908 CEST	35874	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:46.121354103 CEST	53	35874	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:47.797220945 CEST	36587	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:47.805048943 CEST	53	36587	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:47.805228949 CEST	36213	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:47.812967062 CEST	53	36213	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:47.813332081 CEST	60391	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:47.821150064 CEST	53	60391	8.8.8.8	192.168.2.23
Oct 11, 2024 11:01:47.821389914 CEST	45110	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:01:47.834043026 CEST	53	45110	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:10.208493948 CEST	34416	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:10.220927000 CEST	53	34416	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:32.585443974 CEST	40906	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:32.593597889 CEST	53	40906	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:32.593728065 CEST	58057	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:32.601273060 CEST	53	58057	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:32.601667881 CEST	41016	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:32.608971119 CEST	53	41016	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:32.609186888 CEST	53441	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:32.617460012 CEST	53	53441	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:32.617636919 CEST	59825	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:32.624799967 CEST	53	59825	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:54.987925053 CEST	60557	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:54.995090008 CEST	53	60557	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:54.995182037 CEST	54576	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:55.002083063 CEST	53	54576	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:55.002140999 CEST	39652	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:55.009012938 CEST	53	39652	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:55.009078979 CEST	40890	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:55.015557051 CEST	53	40890	8.8.8.8	192.168.2.23
Oct 11, 2024 11:02:55.015620947 CEST	46450	53	192.168.2.23	8.8.8.8
Oct 11, 2024 11:02:55.022450924 CEST	53	46450	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 11, 2024 11:01:08.272905111 CEST	192.168.2.23	8.8.8.8	0xcb53	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:08.280175924 CEST	192.168.2.23	8.8.8.8	0xcb53	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.941926956 CEST	192.168.2.23	8.8.8.8	0xda89	Standard query (0)	srv4.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.949647903 CEST	192.168.2.23	8.8.8.8	0xda89	Standard query (0)	srv4.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.956926107 CEST	192.168.2.23	8.8.8.8	0xda89	Standard query (0)	srv4.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.964025021 CEST	192.168.2.23	8.8.8.8	0xda89	Standard query (0)	srv4.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.971230984 CEST	192.168.2.23	8.8.8.8	0xda89	Standard query (0)	srv4.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:11.645718098 CEST	192.168.2.23	8.8.8.8	0xc757	Standard query (0)	srv8.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.354518890 CEST	192.168.2.23	8.8.8.8	0x6798	Standard query (0)	srv10.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.375171900 CEST	192.168.2.23	8.8.8.8	0x6798	Standard query (0)	srv10.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.383706093 CEST	192.168.2.23	8.8.8.8	0x6798	Standard query (0)	srv10.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.390903950 CEST	192.168.2.23	8.8.8.8	0x6798	Standard query (0)	srv10.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.398164988 CEST	192.168.2.23	8.8.8.8	0x6798	Standard query (0)	srv10.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.080032110 CEST	192.168.2.23	8.8.8.8	0x103	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.149507999 CEST	192.168.2.23	8.8.8.8	0x103	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.156929970 CEST	192.168.2.23	8.8.8.8	0x103	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.163798094 CEST	192.168.2.23	8.8.8.8	0x103	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:37.553556919 CEST	192.168.2.23	8.8.8.8	0x2add	Standard query (0)	srv9.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.279825926 CEST	192.168.2.23	8.8.8.8	0x59e1	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.286999941 CEST	192.168.2.23	8.8.8.8	0x59e1	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.294439077 CEST	192.168.2.23	8.8.8.8	0x59e1	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.302189112 CEST	192.168.2.23	8.8.8.8	0x59e1	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.311568022 CEST	192.168.2.23	8.8.8.8	0x59e1	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.009660006 CEST	192.168.2.23	8.8.8.8	0x4afd	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.016894102 CEST	192.168.2.23	8.8.8.8	0x4afd	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.024255037 CEST	192.168.2.23	8.8.8.8	0x4afd	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.031470060 CEST	192.168.2.23	8.8.8.8	0x4afd	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.038965940 CEST	192.168.2.23	8.8.8.8	0x4afd	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:42.715919018 CEST	192.168.2.23	8.8.8.8	0xb7cf	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:44.386436939 CEST	192.168.2.23	8.8.8.8	0xa12c	Standard query (0)	srv8.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:44.393841982 CEST	192.168.2.23	8.8.8.8	0xa12c	Standard query (0)	srv8.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:46.095057964 CEST	192.168.2.23	8.8.8.8	0xad1e	Standard query (0)	srv8.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:46.102459908 CEST	192.168.2.23	8.8.8.8	0xad1e	Standard query (0)	srv8.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.797220945 CEST	192.168.2.23	8.8.8.8	0xb29c	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.805228949 CEST	192.168.2.23	8.8.8.8	0xb29c	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.813332081 CEST	192.168.2.23	8.8.8.8	0xb29c	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.821389914 CEST	192.168.2.23	8.8.8.8	0xb29c	Standard query (0)	srv3.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:10.208493948 CEST	192.168.2.23	8.8.8.8	0x3e05	Standard query (0)	srv5.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.585443974 CEST	192.168.2.23	8.8.8.8	0xf60c	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.593728065 CEST	192.168.2.23	8.8.8.8	0xf60c	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.601667881 CEST	192.168.2.23	8.8.8.8	0xf60c	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.609186888 CEST	192.168.2.23	8.8.8.8	0xf60c	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.617636919 CEST	192.168.2.23	8.8.8.8	0xf60c	Standard query (0)	srv2.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:54.987925053 CEST	192.168.2.23	8.8.8.8	0x9420	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:54.995182037 CEST	192.168.2.23	8.8.8.8	0x9420	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.002140999 CEST	192.168.2.23	8.8.8.8	0x9420	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.009078979 CEST	192.168.2.23	8.8.8.8	0x9420	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.015620947 CEST	192.168.2.23	8.8.8.8	0x9420	Standard query (0)	srv6.pty.su	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 11, 2024 11:01:08.279758930 CEST	8.8.8.8	192.168.2.23	0xcb53	Name error (3)	srv6.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:08.287842989 CEST	8.8.8.8	192.168.2.23	0xcb53	No error (0)	srv6.pty.su		5.206.227.62	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.949506998 CEST	8.8.8.8	192.168.2.23	0xda89	Name error (3)	srv4.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.956794977 CEST	8.8.8.8	192.168.2.23	0xda89	Name error (3)	srv4.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.963953018 CEST	8.8.8.8	192.168.2.23	0xda89	Name error (3)	srv4.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.971064091 CEST	8.8.8.8	192.168.2.23	0xda89	Name error (3)	srv4.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:09.978804111 CEST	8.8.8.8	192.168.2.23	0xda89	Name error (3)	srv4.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:11.654912949 CEST	8.8.8.8	192.168.2.23	0xc757	No error (0)	srv8.pty.su		154.213.192.29	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.375000000 CEST	8.8.8.8	192.168.2.23	0x6798	Name error (3)	srv10.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.383603096 CEST	8.8.8.8	192.168.2.23	0x6798	Name error (3)	srv10.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.390794992 CEST	8.8.8.8	192.168.2.23	0x6798	Name error (3)	srv10.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.398020029 CEST	8.8.8.8	192.168.2.23	0x6798	Name error (3)	srv10.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:13.405843019 CEST	8.8.8.8	192.168.2.23	0x6798	Name error (3)	srv10.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.149341106 CEST	8.8.8.8	192.168.2.23	0x103	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.156785011 CEST	8.8.8.8	192.168.2.23	0x103	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.163731098 CEST	8.8.8.8	192.168.2.23	0x103	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:15.171116114 CEST	8.8.8.8	192.168.2.23	0x103	No error (0)	srv3.pty.su		81.4.109.66	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:37.564413071 CEST	8.8.8.8	192.168.2.23	0x2add	No error (0)	srv9.pty.su		38.43.93.83	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.286720037 CEST	8.8.8.8	192.168.2.23	0x59e1	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.294203043 CEST	8.8.8.8	192.168.2.23	0x59e1	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.301953077 CEST	8.8.8.8	192.168.2.23	0x59e1	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.310996056 CEST	8.8.8.8	192.168.2.23	0x59e1	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:39.318698883 CEST	8.8.8.8	192.168.2.23	0x59e1	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.016673088 CEST	8.8.8.8	192.168.2.23	0x4afd	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.023998022 CEST	8.8.8.8	192.168.2.23	0x4afd	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.031277895 CEST	8.8.8.8	192.168.2.23	0x4afd	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.038856983 CEST	8.8.8.8	192.168.2.23	0x4afd	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:41.046468973 CEST	8.8.8.8	192.168.2.23	0x4afd	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:42.727709055 CEST	8.8.8.8	192.168.2.23	0xb7cf	No error (0)	srv6.pty.su		5.206.227.62	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:44.393712997 CEST	8.8.8.8	192.168.2.23	0xa12c	Name error (3)	srv8.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:44.401256084 CEST	8.8.8.8	192.168.2.23	0xa12c	No error (0)	srv8.pty.su		154.213.192.29	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:46.102324963 CEST	8.8.8.8	192.168.2.23	0xad1e	Name error (3)	srv8.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:46.121354103 CEST	8.8.8.8	192.168.2.23	0xad1e	No error (0)	srv8.pty.su		154.213.192.29	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.805048943 CEST	8.8.8.8	192.168.2.23	0xb29c	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.812967062 CEST	8.8.8.8	192.168.2.23	0xb29c	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.821150064 CEST	8.8.8.8	192.168.2.23	0xb29c	Name error (3)	srv3.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:01:47.834043026 CEST	8.8.8.8	192.168.2.23	0xb29c	No error (0)	srv3.pty.su		81.4.109.66	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:10.220927000 CEST	8.8.8.8	192.168.2.23	0x3e05	No error (0)	srv5.pty.su		107.161.24.95	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.593597889 CEST	8.8.8.8	192.168.2.23	0xf60c	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.601273060 CEST	8.8.8.8	192.168.2.23	0xf60c	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.608971119 CEST	8.8.8.8	192.168.2.23	0xf60c	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.617460012 CEST	8.8.8.8	192.168.2.23	0xf60c	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:32.624799967 CEST	8.8.8.8	192.168.2.23	0xf60c	Name error (3)	srv2.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:54.995090008 CEST	8.8.8.8	192.168.2.23	0x9420	Name error (3)	srv6.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.002083063 CEST	8.8.8.8	192.168.2.23	0x9420	Name error (3)	srv6.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.009012938 CEST	8.8.8.8	192.168.2.23	0x9420	Name error (3)	srv6.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.015557051 CEST	8.8.8.8	192.168.2.23	0x9420	Name error (3)	srv6.pty.su	none	none	A (IP address)	IN (0x0001)	false
Oct 11, 2024 11:02:55.022450924 CEST	8.8.8.8	192.168.2.23	0x9420	No error (0)	srv6.pty.su		5.206.227.62	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 6267, Parent PID: 6192

General

Start time (UTC):	09:01:07
Start date (UTC):	11/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	47908 bytes
MD5 hash:	2f3100a46d67292d3e0caf054a793f90

Chronological Activities

Analysis Process: na.elf PID: 6268, Parent PID: 6267

General

Start time (UTC):	09:01:07
Start date (UTC):	11/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	47908 bytes
MD5 hash:	2f3100a46d67292d3e0caf054a793f90

Chronological Activities

Analysis Process: dash PID: 6276, Parent PID: 4331

General

Start time (UTC):	09:01:22
Start date (UTC):	11/10/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6276, Parent PID: 4331

General

Start time (UTC):	09:01:22
Start date (UTC):	11/10/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6277, Parent PID: 4331

General

Start time (UTC):	09:01:22
Start date (UTC):	11/10/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6277, Parent PID: 4331

General

Start time (UTC):	09:01:22
Start date (UTC):	11/10/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.AOju9JqPDo /tmp/tmp.m1GeB190NJ /tmp/tmp.x6dFidEYqi
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Stealing of Sensitive Information

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: na.elf PID: 6267, Parent PID: 6192

General

Chronological Activities

Analysis Process: na.elf PID: 6268, Parent PID: 6267

General

Chronological Activities

Analysis Process: dash PID: 6276, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6276, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6277, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6277, Parent PID: 4331

General

Chronological Activities

Linux Analysis Report
na.elf