Edit tour
Linux
Analysis Report
dwhdbg.elf
Overview
General Information
Sample name: | dwhdbg.elf |
Analysis ID: | 1544620 |
MD5: | a7eec647038e9a100134b683d0f0d31d |
SHA1: | 85baa63d9fc7e335b9fd57af2bd91f4f1c7b5337 |
SHA256: | 44d54f43424eef8e490a5069d0b39307335762ffe1907714c0338c1a1e7ff7c6 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Gafgyt, Mirai, Okiru
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Yara detected Mirai
Yara detected Okiru
Machine Learning detection for sample
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1544620 |
Start date and time: | 2024-10-29 16:35:27 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | dwhdbg.elf |
Detection: | MAL |
Classification: | mal96.troj.evad.linELF@0/0@8/0 |
- VT rate limit hit for: dwhdbg.elf
Command: | /tmp/dwhdbg.elf |
PID: | 5430 |
Exit Code: | |
Exit Code Info: | |
Killed: | True |
Standard Output: | about to cum inside a femboy btw |
Standard Error: | cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory cant remove reboot function. : No such file or directory |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Click to see the 12 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Click to see the 15 entries |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String: |
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 File Deletion | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
raw.eye-network.ru | 213.232.235.18 | true | false | unknown | |
daisy.ubuntu.com | 162.213.35.25 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
213.232.235.18 | raw.eye-network.ru | Russian Federation | 39824 | ALMANET-ASKZ | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
213.232.235.18 | Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
raw.eye-network.ru | Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| |
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ALMANET-ASKZ | Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| |
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.353607189613862 |
TrID: |
|
File name: | dwhdbg.elf |
File size: | 156'120 bytes |
MD5: | a7eec647038e9a100134b683d0f0d31d |
SHA1: | 85baa63d9fc7e335b9fd57af2bd91f4f1c7b5337 |
SHA256: | 44d54f43424eef8e490a5069d0b39307335762ffe1907714c0338c1a1e7ff7c6 |
SHA512: | 550a48c5899a13314fcfe7f6b38e5ce8e184eefee88d06fc4db3c8f224f6888fc9bf6a79f646c49ef4e3418d57df64e1070b81e8fdfc10e604d32be5a652d28a |
SSDEEP: | 3072:qbhZsLegb9GlgYF+m5KGeLa1TWlpIdwRnX38DYpOgKsb8miAA2:qbhZsLegbslgYF+0qICuYphPA2 |
TLSH: | 44E35B07B4D188FDC4DAC0744BAEA537DD71F0AD0238B26B27D0EE222E5EE315A5DA54 |
File Content Preview: | .ELF..............>.......@.....@.......X_..........@.8...@.......................@.......@.....`.......`.......................h.......h.Q.....h.Q.............................Q.td....................................................H...._....z...H........ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 155480 |
Section Header Size: | 64 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x4000e8 | 0xe8 | 0x13 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x400100 | 0x100 | 0x18aa6 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x418ba6 | 0x18ba6 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x418bc0 | 0x18bc0 | 0x44a0 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x51d068 | 0x1d068 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.dtors | PROGBITS | 0x51d080 | 0x1d080 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.data | PROGBITS | 0x51d0a0 | 0x1d0a0 | 0x8e78 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x525f20 | 0x25f18 | 0x7260 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x25f18 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x1d060 | 0x1d060 | 6.3900 | 0x5 | R E | 0x100000 | .init .text .fini .rodata | |
LOAD | 0x1d068 | 0x51d068 | 0x51d068 | 0x8eb0 | 0x10118 | 0.2564 | 0x6 | RW | 0x100000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 29, 2024 16:36:07.569570065 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:07.575088024 CET | 33966 | 36318 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:07.575139999 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:07.577018976 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:07.582355022 CET | 33966 | 36318 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:07.582401037 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:07.588042021 CET | 33966 | 36318 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:08.496953011 CET | 33966 | 36318 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:08.497030020 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.497071028 CET | 36318 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.531332016 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.536861897 CET | 33966 | 36320 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:08.536917925 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.538866043 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.544234037 CET | 33966 | 36320 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:08.544351101 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:08.549859047 CET | 33966 | 36320 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:09.453860044 CET | 33966 | 36320 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:09.453949928 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.454016924 CET | 36320 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.475337029 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.482384920 CET | 33966 | 36322 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:09.482522964 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.484976053 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.490431070 CET | 33966 | 36322 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:09.498519897 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:09.504673004 CET | 33966 | 36322 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:52.446584940 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Oct 29, 2024 16:36:52.453892946 CET | 33966 | 36322 | 213.232.235.18 | 192.168.2.13 |
Oct 29, 2024 16:36:52.453969002 CET | 36322 | 33966 | 192.168.2.13 | 213.232.235.18 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 29, 2024 16:36:07.547148943 CET | 42501 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:07.558329105 CET | 53 | 42501 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:36:07.560251951 CET | 47528 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:07.568670034 CET | 53 | 47528 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:36:08.499011993 CET | 38302 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:08.520603895 CET | 53 | 38302 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:36:08.522830009 CET | 41128 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:08.530395985 CET | 53 | 41128 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:36:09.455924988 CET | 40822 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:09.464512110 CET | 53 | 40822 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:36:09.466448069 CET | 44755 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 29, 2024 16:36:09.474332094 CET | 53 | 44755 | 8.8.8.8 | 192.168.2.13 |
Oct 29, 2024 16:38:52.516812086 CET | 52368 | 53 | 192.168.2.13 | 1.1.1.1 |
Oct 29, 2024 16:38:52.516942978 CET | 37220 | 53 | 192.168.2.13 | 1.1.1.1 |
Oct 29, 2024 16:38:52.524074078 CET | 53 | 52368 | 1.1.1.1 | 192.168.2.13 |
Oct 29, 2024 16:38:52.524154902 CET | 53 | 37220 | 1.1.1.1 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 29, 2024 16:36:07.547148943 CET | 192.168.2.13 | 8.8.8.8 | 0x649f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:36:07.560251951 CET | 192.168.2.13 | 8.8.8.8 | 0x17b7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:36:08.499011993 CET | 192.168.2.13 | 8.8.8.8 | 0x755b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:36:08.522830009 CET | 192.168.2.13 | 8.8.8.8 | 0x835f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:36:09.455924988 CET | 192.168.2.13 | 8.8.8.8 | 0x589 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:36:09.466448069 CET | 192.168.2.13 | 8.8.8.8 | 0x724a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:38:52.516812086 CET | 192.168.2.13 | 1.1.1.1 | 0xbd98 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 29, 2024 16:38:52.516942978 CET | 192.168.2.13 | 1.1.1.1 | 0x7a3 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 29, 2024 16:36:07.558329105 CET | 8.8.8.8 | 192.168.2.13 | 0x649f | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:36:07.568670034 CET | 8.8.8.8 | 192.168.2.13 | 0x17b7 | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:36:08.520603895 CET | 8.8.8.8 | 192.168.2.13 | 0x755b | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:36:08.530395985 CET | 8.8.8.8 | 192.168.2.13 | 0x835f | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:36:09.464512110 CET | 8.8.8.8 | 192.168.2.13 | 0x589 | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:36:09.474332094 CET | 8.8.8.8 | 192.168.2.13 | 0x724a | No error (0) | 213.232.235.18 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:38:52.524074078 CET | 1.1.1.1 | 192.168.2.13 | 0xbd98 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Oct 29, 2024 16:38:52.524074078 CET | 1.1.1.1 | 192.168.2.13 | 0xbd98 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 15:36:06 |
Start date (UTC): | 29/10/2024 |
Path: | /tmp/dwhdbg.elf |
Arguments: | /tmp/dwhdbg.elf |
File size: | 156120 bytes |
MD5 hash: | a7eec647038e9a100134b683d0f0d31d |
Start time (UTC): | 15:36:06 |
Start date (UTC): | 29/10/2024 |
Path: | /tmp/dwhdbg.elf |
Arguments: | - |
File size: | 156120 bytes |
MD5 hash: | a7eec647038e9a100134b683d0f0d31d |