Linux
Analysis Report
na.elf
Overview
General Information
Sample name: | na.elf |
Analysis ID: | 1536981 |
MD5: | 2b469f3bfc2ec44ba1e5311c3ba0fc89 |
SHA1: | c6052178faf1184f00fafcb5efcfd13e56c7776e |
SHA256: | 6a775a27f4fbccaad3939817cd3a6fd47a48f99686e559b9ab0c7ed6c6675adf |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1536981 |
Start date and time: | 2024-10-18 13:30:01 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal60.evad.linELF@0/0@0/0 |
- VT rate limit hit for: na.elf
Command: | /tmp/na.elf |
PID: | 6233 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 3 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Program segment: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | EXP/ELF.Agent.F.118 |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.86.155.23 | unknown | Germany | 202322 | EVERYONE-BANDWIDTH-INCDE | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.86.155.23 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Rekoobe | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Rekoobe | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
EVERYONE-BANDWIDTH-INCDE | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Rekoobe | Browse |
| ||
Get hash | malicious | Rekoobe | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Rekoobe | Browse |
| ||
Get hash | malicious | Rekoobe | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Rekoobe | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.961971974039863 |
TrID: |
|
File name: | na.elf |
File size: | 40'324 bytes |
MD5: | 2b469f3bfc2ec44ba1e5311c3ba0fc89 |
SHA1: | c6052178faf1184f00fafcb5efcfd13e56c7776e |
SHA256: | 6a775a27f4fbccaad3939817cd3a6fd47a48f99686e559b9ab0c7ed6c6675adf |
SHA512: | 38a7a071d6289e84ef30c78dbffff4efe84bbeb9e487bb4a3ba19f5d5629f1cb8c16c73c0402be95a706b4f4b2d906f95b281b22a7652cccbc2402df902ff752 |
SSDEEP: | 768:yrqQ4JXTPxcCj3do/vTKRVDkO1HmQcvbG+TqarjEP8ohjlIsA4uVcqgw09f:uqQbCj3do/+fDrJ1cyUqOgkoIsA4u+qC |
TLSH: | FB03E05BCC486AD6EDFFE9525709C9E1F2E01B9DBFF18DAD185ACB02231E968420CD50 |
File Content Preview: | .ELF...........................4.........4. ...(.......................x...x..............k...k...k.................dt.Q................................UPX!..........b...b........V.......?.E.h4...@b........=.a....`..Y...j{.c.HL}.....H..z.q.H.....8ea...... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x9c78 | 0x9c78 | 7.9640 | 0x5 | R E | 0x10000 | ||
LOAD | 0x6b90 | 0x10026b90 | 0x10026b90 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 75
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 18, 2024 13:30:46.157464027 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.162940979 CEST | 3778 | 42472 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.163011074 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.205576897 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.212414980 CEST | 3778 | 42472 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.212464094 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.219590902 CEST | 3778 | 42472 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.985553980 CEST | 3778 | 42472 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.985608101 CEST | 3778 | 42472 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.985634089 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.985811949 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.985904932 CEST | 42472 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.986669064 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.988022089 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 18, 2024 13:30:46.991614103 CEST | 3778 | 42474 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.991667986 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.992672920 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:46.998323917 CEST | 3778 | 42474 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:46.998392105 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.004034996 CEST | 3778 | 42474 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:47.843787909 CEST | 3778 | 42474 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:47.843955040 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.844065905 CEST | 3778 | 42474 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:47.844067097 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.844186068 CEST | 42474 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.844970942 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.849807024 CEST | 3778 | 42476 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:47.849869013 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.851399899 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.856213093 CEST | 3778 | 42476 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:47.856265068 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:47.861300945 CEST | 3778 | 42476 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:48.687397003 CEST | 3778 | 42476 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:48.687464952 CEST | 3778 | 42476 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:48.687541008 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.687541008 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.687668085 CEST | 42476 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.688447952 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.693984985 CEST | 3778 | 42478 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:48.694046021 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.695056915 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.699843884 CEST | 3778 | 42478 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:48.699887991 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:48.706486940 CEST | 3778 | 42478 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:49.548573971 CEST | 3778 | 42478 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:49.548588037 CEST | 3778 | 42478 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:49.548738956 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.548738956 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.548824072 CEST | 42478 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.549599886 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.554637909 CEST | 3778 | 42480 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:49.554692030 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.555713892 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.561628103 CEST | 3778 | 42480 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:49.561672926 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:49.567819118 CEST | 3778 | 42480 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:50.414833069 CEST | 3778 | 42480 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:50.414953947 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.414992094 CEST | 42480 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.415746927 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.421214104 CEST | 3778 | 42482 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:50.421292067 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.422297001 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.427954912 CEST | 3778 | 42482 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:50.428024054 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:50.433159113 CEST | 3778 | 42482 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.327052116 CEST | 3778 | 42482 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.327302933 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.327302933 CEST | 42482 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.327960968 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.348428965 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.348479986 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.349556923 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.358450890 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.358496904 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.363367081 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.891017914 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.896155119 CEST | 3778 | 42486 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.896220922 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.936667919 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.944808006 CEST | 3778 | 42486 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:51.944853067 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:51.958060980 CEST | 3778 | 42486 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:52.619347095 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 18, 2024 13:30:52.751003981 CEST | 3778 | 42486 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:52.751463890 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.751465082 CEST | 42486 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.752027988 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.757502079 CEST | 3778 | 42488 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:52.757594109 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.758301973 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.763214111 CEST | 3778 | 42488 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:52.763269901 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:52.768260956 CEST | 3778 | 42488 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:53.588665962 CEST | 3778 | 42488 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:53.588891029 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.588942051 CEST | 42488 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.589936972 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.594975948 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:53.595060110 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.596124887 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.601125002 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:53.601202965 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:30:53.606343031 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:30:53.899143934 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 18, 2024 13:31:01.358532906 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:31:01.379220963 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:31:01.619937897 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:31:01.620069027 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:31:03.605078936 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:31:03.610155106 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:31:03.852987051 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:31:03.853247881 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:31:07.209327936 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 18, 2024 13:31:19.495682955 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 18, 2024 13:31:23.591160059 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 18, 2024 13:31:48.163907051 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 18, 2024 13:32:01.662806034 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:32:01.668082952 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:32:01.907840967 CEST | 3778 | 42484 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:32:01.908133984 CEST | 42484 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:32:03.901823997 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
Oct 18, 2024 13:32:03.906702995 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:32:04.155832052 CEST | 3778 | 42490 | 45.86.155.23 | 192.168.2.23 |
Oct 18, 2024 13:32:04.156117916 CEST | 42490 | 3778 | 192.168.2.23 | 45.86.155.23 |
System Behavior
Start time (UTC): | 11:30:45 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 11:30:45 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 11:30:45 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 11:30:45 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 11:30:50 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 11:30:50 |
Start date (UTC): | 18/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |