Edit tour
Linux
Analysis Report
zerarm.elf
Overview
General Information
Sample name: | zerarm.elf |
Analysis ID: | 1543153 |
MD5: | df8ac01308ab6015e8ab997165338246 |
SHA1: | 14c6d9231087b174c621570e674bed0a7a681633 |
SHA256: | 1dd6b91e5c01b531acda095c662f649638e1a03ec141213504b1193834e89345 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1543153 |
Start date and time: | 2024-10-27 09:56:28 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerarm.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@11/0 |
- VT rate limit hit for: zerarm.elf
Command: | /tmp/zerarm.elf |
PID: | 6263 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | The Peoples Bank of China. |
Standard Error: |
- system is lnxubuntu20
- zerarm.elf New Fork (PID: 6265, Parent: 6263)
- zerarm.elf New Fork (PID: 6267, Parent: 6265)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
yellowchink.pirate | 45.156.86.24 | true | true | unknown | |
burnthe.libre | 45.156.86.24 | true | true | unknown | |
chinklabs.dyn. [malformed] | unknown | unknown | true | unknown | |
burnthe.libre. [malformed] | unknown | unknown | true | unknown | |
netfags.geek. [malformed] | unknown | unknown | true | unknown | |
yellowchink.pirate. [malformed] | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
45.156.86.24 | yellowchink.pirate | Germany | 44592 | SKYLINKNL | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | BlackBasta | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | BlackBasta | Browse | |||
Get hash | malicious | Unknown | Browse | |||
45.156.86.24 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
burnthe.libre | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
yellowchink.pirate | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | BlackBasta | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | BlackBasta | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SKYLINKNL | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | BlackBasta | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.978026723918992 |
TrID: |
|
File name: | zerarm.elf |
File size: | 48'168 bytes |
MD5: | df8ac01308ab6015e8ab997165338246 |
SHA1: | 14c6d9231087b174c621570e674bed0a7a681633 |
SHA256: | 1dd6b91e5c01b531acda095c662f649638e1a03ec141213504b1193834e89345 |
SHA512: | 03edc6d6ed8e10d5f53b91f77783340b07dba253f65e49e901892fcf5320cbccf00a5f51cb71aa5d9a9f64f4078573cf547852d00620af2694510547137a43fa |
SSDEEP: | 768:vic2x0lAcmc4mkM50az5xehsXdT6tQ0tHloK5kcIRBXNq5fvqU1Q6wn:aDxGAdazKhsXdetQ0tdkVBUSn |
TLSH: | 75232881B8819A17C5E4137FF62F428D372523A8E2DF7217DD226F057B8A92F0DA7641 |
File Content Preview: | .ELF...a..........(.........4...p.......4. ...(.....................................................................Q.td..................................-...L."....+..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 47728 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xaea0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x12f50 | 0xaf50 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x12f64 | 0xaf64 | 0x944 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1b8ac | 0xb8ac | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1b8b4 | 0xb8b4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1b8bc | 0xb8bc | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1b8c0 | 0xb8c0 | 0x16c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1ba2c | 0xba2c | 0x178 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xba2c | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xb8a8 | 0xb8a8 | 6.0161 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0xb8ac | 0x1b8ac | 0x1b8ac | 0x180 | 0x2f8 | 0.8447 | 0x6 | RW | 0x8000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 27, 2024 09:57:33.776602030 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 27, 2024 09:57:34.599361897 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:34.605216980 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:34.605282068 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:34.621675014 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:34.627259970 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:34.627317905 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:34.632747889 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:39.151757956 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 27, 2024 09:57:44.630971909 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:44.636375904 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:44.984613895 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:44.985070944 CET | 49448 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:44.990426064 CET | 38241 | 49448 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:46.000602007 CET | 49450 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:46.006968021 CET | 38241 | 49450 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:46.007025957 CET | 49450 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:46.007973909 CET | 49450 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:46.013516903 CET | 38241 | 49450 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:46.013639927 CET | 49450 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:46.018994093 CET | 38241 | 49450 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:55.277488947 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 27, 2024 09:57:56.845746040 CET | 38241 | 49450 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:56.846035957 CET | 49450 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:56.851710081 CET | 38241 | 49450 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:57.863615990 CET | 49452 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:57.870126963 CET | 38241 | 49452 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:57.870300055 CET | 49452 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:57.871459007 CET | 49452 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:57.879492998 CET | 38241 | 49452 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:57:57.881421089 CET | 49452 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:57:57.887810946 CET | 38241 | 49452 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:01.420604944 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 27, 2024 09:58:05.516077995 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 27, 2024 09:58:08.710865974 CET | 38241 | 49452 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:08.711271048 CET | 49452 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:08.716787100 CET | 38241 | 49452 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:09.726670980 CET | 49454 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:09.732090950 CET | 38241 | 49454 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:09.732173920 CET | 49454 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:09.733624935 CET | 49454 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:09.739211082 CET | 38241 | 49454 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:09.739367962 CET | 49454 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:09.744724035 CET | 38241 | 49454 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:20.561188936 CET | 38241 | 49454 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:20.561508894 CET | 49454 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:20.567018032 CET | 38241 | 49454 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:21.661689997 CET | 49456 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:21.667398930 CET | 38241 | 49456 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:21.667638063 CET | 49456 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:21.669260979 CET | 49456 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:21.674807072 CET | 38241 | 49456 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:21.674875021 CET | 49456 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:21.680335045 CET | 38241 | 49456 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:32.475346088 CET | 38241 | 49456 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:32.475856066 CET | 49456 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:32.481462002 CET | 38241 | 49456 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:33.518243074 CET | 49458 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:33.523847103 CET | 38241 | 49458 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:33.523968935 CET | 49458 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:33.525620937 CET | 49458 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:33.531197071 CET | 38241 | 49458 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:33.531348944 CET | 49458 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:33.537398100 CET | 38241 | 49458 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:36.231919050 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 27, 2024 09:58:44.371529102 CET | 38241 | 49458 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:44.372092009 CET | 49458 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:44.378081083 CET | 38241 | 49458 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:45.474652052 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:45.480679035 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:45.480917931 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:45.483294964 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:45.490197897 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:45.490562916 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:45.497330904 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:55.492248058 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:55.497750998 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:55.853400946 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:55.853784084 CET | 49460 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:55.859301090 CET | 38241 | 49460 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:56.948702097 CET | 49462 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:56.957161903 CET | 38241 | 49462 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:56.957297087 CET | 49462 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:56.959075928 CET | 49462 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:56.968121052 CET | 38241 | 49462 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:58:56.968269110 CET | 49462 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:58:56.974102020 CET | 38241 | 49462 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:07.802411079 CET | 38241 | 49462 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:07.802861929 CET | 49462 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:07.808440924 CET | 38241 | 49462 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:08.898263931 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:08.904098034 CET | 38241 | 49464 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:08.904208899 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:08.905034065 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:08.910496950 CET | 38241 | 49464 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:08.910583973 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:08.916533947 CET | 38241 | 49464 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:19.729167938 CET | 38241 | 49464 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:19.729999065 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:19.729999065 CET | 49464 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:19.735637903 CET | 38241 | 49464 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:20.754595995 CET | 49466 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:20.760284901 CET | 38241 | 49466 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:20.760672092 CET | 49466 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:20.762777090 CET | 49466 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:20.768270969 CET | 38241 | 49466 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:20.768362045 CET | 49466 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:20.773765087 CET | 38241 | 49466 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:31.605448008 CET | 38241 | 49466 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:31.605968952 CET | 49466 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:31.611423016 CET | 38241 | 49466 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:32.861500978 CET | 49468 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:32.867511988 CET | 38241 | 49468 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:32.867811918 CET | 49468 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:32.869584084 CET | 49468 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:32.875449896 CET | 38241 | 49468 | 45.156.86.24 | 192.168.2.23 |
Oct 27, 2024 09:59:32.875726938 CET | 49468 | 38241 | 192.168.2.23 | 45.156.86.24 |
Oct 27, 2024 09:59:32.881704092 CET | 38241 | 49468 | 45.156.86.24 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 27, 2024 09:57:34.579862118 CET | 40639 | 53 | 192.168.2.23 | 152.53.15.127 |
Oct 27, 2024 09:57:34.591521978 CET | 53 | 40639 | 152.53.15.127 | 192.168.2.23 |
Oct 27, 2024 09:57:45.988702059 CET | 55054 | 53 | 192.168.2.23 | 194.36.144.87 |
Oct 27, 2024 09:57:45.999748945 CET | 53 | 55054 | 194.36.144.87 | 192.168.2.23 |
Oct 27, 2024 09:57:57.851491928 CET | 46988 | 53 | 192.168.2.23 | 152.53.15.127 |
Oct 27, 2024 09:57:57.862409115 CET | 53 | 46988 | 152.53.15.127 | 192.168.2.23 |
Oct 27, 2024 09:58:09.714509964 CET | 41233 | 53 | 192.168.2.23 | 194.36.144.87 |
Oct 27, 2024 09:58:09.725817919 CET | 53 | 41233 | 194.36.144.87 | 192.168.2.23 |
Oct 27, 2024 09:58:21.565557957 CET | 52275 | 53 | 192.168.2.23 | 168.235.111.72 |
Oct 27, 2024 09:58:21.659780025 CET | 53 | 52275 | 168.235.111.72 | 192.168.2.23 |
Oct 27, 2024 09:58:33.481779099 CET | 40587 | 53 | 192.168.2.23 | 185.181.61.24 |
Oct 27, 2024 09:58:33.515949965 CET | 53 | 40587 | 185.181.61.24 | 192.168.2.23 |
Oct 27, 2024 09:58:45.377672911 CET | 47036 | 53 | 192.168.2.23 | 168.235.111.72 |
Oct 27, 2024 09:58:45.472460032 CET | 53 | 47036 | 168.235.111.72 | 192.168.2.23 |
Oct 27, 2024 09:58:56.857527018 CET | 44617 | 53 | 192.168.2.23 | 168.235.111.72 |
Oct 27, 2024 09:58:56.947201014 CET | 53 | 44617 | 168.235.111.72 | 192.168.2.23 |
Oct 27, 2024 09:59:08.806651115 CET | 38194 | 53 | 192.168.2.23 | 168.235.111.72 |
Oct 27, 2024 09:59:08.897258043 CET | 53 | 38194 | 168.235.111.72 | 192.168.2.23 |
Oct 27, 2024 09:59:20.736555099 CET | 34113 | 53 | 192.168.2.23 | 51.158.108.203 |
Oct 27, 2024 09:59:20.753082991 CET | 53 | 34113 | 51.158.108.203 | 192.168.2.23 |
Oct 27, 2024 09:59:32.610234022 CET | 35065 | 53 | 192.168.2.23 | 185.181.61.24 |
Oct 27, 2024 09:59:32.860107899 CET | 53 | 35065 | 185.181.61.24 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 27, 2024 09:57:34.579862118 CET | 192.168.2.23 | 152.53.15.127 | 0x5ca8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 27, 2024 09:57:45.988702059 CET | 192.168.2.23 | 194.36.144.87 | 0xbf14 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 27, 2024 09:57:57.851491928 CET | 192.168.2.23 | 152.53.15.127 | 0x960a | Standard query (0) | 256 | 405 | false | |
Oct 27, 2024 09:58:09.714509964 CET | 192.168.2.23 | 194.36.144.87 | 0x88ac | Standard query (0) | 256 | 417 | false | |
Oct 27, 2024 09:58:21.565557957 CET | 192.168.2.23 | 168.235.111.72 | 0x427a | Standard query (0) | 256 | 429 | false | |
Oct 27, 2024 09:58:33.481779099 CET | 192.168.2.23 | 185.181.61.24 | 0x71f3 | Standard query (0) | 256 | 441 | false | |
Oct 27, 2024 09:58:45.377672911 CET | 192.168.2.23 | 168.235.111.72 | 0x8030 | Standard query (0) | 256 | 453 | false | |
Oct 27, 2024 09:58:56.857527018 CET | 192.168.2.23 | 168.235.111.72 | 0xc26e | Standard query (0) | 256 | 464 | false | |
Oct 27, 2024 09:59:08.806651115 CET | 192.168.2.23 | 168.235.111.72 | 0xfbc4 | Standard query (0) | 256 | 476 | false | |
Oct 27, 2024 09:59:20.736555099 CET | 192.168.2.23 | 51.158.108.203 | 0xbf0e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 27, 2024 09:59:32.610234022 CET | 192.168.2.23 | 185.181.61.24 | 0x87a4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 27, 2024 09:57:34.591521978 CET | 152.53.15.127 | 192.168.2.23 | 0x5ca8 | No error (0) | 45.156.86.24 | A (IP address) | IN (0x0001) | false | ||
Oct 27, 2024 09:57:45.999748945 CET | 194.36.144.87 | 192.168.2.23 | 0xbf14 | No error (0) | 45.156.86.24 | A (IP address) | IN (0x0001) | false | ||
Oct 27, 2024 09:57:57.862409115 CET | 152.53.15.127 | 192.168.2.23 | 0x960a | Format error (1) | none | none | 256 | 405 | false | |
Oct 27, 2024 09:58:09.725817919 CET | 194.36.144.87 | 192.168.2.23 | 0x88ac | Format error (1) | none | none | 256 | 417 | false | |
Oct 27, 2024 09:59:20.753082991 CET | 51.158.108.203 | 192.168.2.23 | 0xbf0e | No error (0) | 45.156.86.24 | A (IP address) | IN (0x0001) | false | ||
Oct 27, 2024 09:59:32.860107899 CET | 185.181.61.24 | 192.168.2.23 | 0x87a4 | No error (0) | 45.156.86.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 08:57:33 |
Start date (UTC): | 27/10/2024 |
Path: | /tmp/zerarm.elf |
Arguments: | /tmp/zerarm.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 08:57:33 |
Start date (UTC): | 27/10/2024 |
Path: | /tmp/zerarm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 08:57:33 |
Start date (UTC): | 27/10/2024 |
Path: | /tmp/zerarm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |