Edit tour

Linux Analysis Report
8RFfyRrdWT.elf

Overview

General Information

Sample name:	8RFfyRrdWT.elf renamed because original name is a hash value
Original sample name:	72e2005ca58f9bafb342fff906042766.elf
Analysis ID:	1545507
MD5:	72e2005ca58f9bafb342fff906042766
SHA1:	cefb9aea7f27bb907a79a401a986619997d1983b
SHA256:	f60766a94bbda92a2bab16cc02733929bd837fe67f36ed02cf73abeac2b40a31
Tags:	32elfmiraisparc
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545507
Start date and time:	2024-10-30 16:21:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	8RFfyRrdWT.elf renamed because original name is a hash value
Original Sample Name:	72e2005ca58f9bafb342fff906042766.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@75/0

Warnings

VT rate limit hit for: 8RFfyRrdWT.elf

Runtime Messages

Command:	/tmp/8RFfyRrdWT.elf
PID:	5412
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	unstable_is_the_history_of_universe
Standard Error:

Process Tree

system is lnxubuntu20

8RFfyRrdWT.elf (PID: 5412, Parent: 5338, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/8RFfyRrdWT.elf

8RFfyRrdWT.elf New Fork (PID: 5414, Parent: 5412)

8RFfyRrdWT.elf New Fork (PID: 5418, Parent: 5414)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
8RFfyRrdWT.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xaee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb00c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb05c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb070:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5412.1.00007f94ac02c000.00007f94ac02d000.rw-.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x124:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x138:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x160:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x174:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x188:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5412.1.00007f94ac011000.00007f94ac01d000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xaee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xafe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb00c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb05c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb070:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: 8RFfyRrdWT.elf PID: 5412	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x871:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x885:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x899:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8e9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x911:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x925:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x939:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x961:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x975:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x989:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x99d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa01:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 8RFfyRrdWT.elf

ReversingLabs: Detection: 42%

Source: /tmp/8RFfyRrdWT.elf (PID: 5412)

Socket: 127.0.0.1:46157

Jump to behavior

Source: unknown

DNS traffic detected: query: 154.216.20.94 replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.32.184.17

Source: global traffic

DNS traffic detected: DNS query: 154.216.20.94

System Summary

Malicious sample detected (through community Yara rule)

Source: 8RFfyRrdWT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5412.1.00007f94ac02c000.00007f94ac02d000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5412.1.00007f94ac011000.00007f94ac01d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 8RFfyRrdWT.elf PID: 5412, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: 8RFfyRrdWT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5412.1.00007f94ac02c000.00007f94ac02d000.rw-.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5412.1.00007f94ac011000.00007f94ac01d000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 8RFfyRrdWT.elf PID: 5412, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal56.linELF@0/0@75/0

Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/238/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/239/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/5397/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/3770/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/5398/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/240/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/3095/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/241/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/242/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/244/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/245/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/247/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/248/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/249/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/9/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1906/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/20/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/21/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/22/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/23/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/24/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/25/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/5044/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/26/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/27/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/28/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/29/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1482/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/490/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1480/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/250/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/371/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/130/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/251/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/131/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/252/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/132/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/253/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/254/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1238/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/134/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/255/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/256/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/257/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/378/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/3413/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/258/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/259/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/8RFfyRrdWT.elf (PID: 5418)	File opened: /proc/936/cmdline	Jump to behavior

Source: /tmp/8RFfyRrdWT.elf (PID: 5412)

Queries kernel information via 'uname':

Jump to behavior

Source: 8RFfyRrdWT.elf, 5412.1.0000561048241000.00005610482a6000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: 8RFfyRrdWT.elf, 5412.1.0000561048241000.00005610482a6000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/sparc
Source: 8RFfyRrdWT.elf, 5412.1.00007ffd1afe4000.00007ffd1b005000.rw-.sdmp	Binary or memory string: A=Dx86_64/usr/bin/qemu-sparc/tmp/8RFfyRrdWT.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/8RFfyRrdWT.elf
Source: 8RFfyRrdWT.elf, 5412.1.00007ffd1afe4000.00007ffd1b005000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
8RFfyRrdWT.elf	42%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
154.216.20.94	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
217.32.184.17	unknown	United Kingdom		6871	PLUSNETUKInternetServiceProviderGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
217.32.184.17	vhsr56PI3r.elf	Get hash	malicious	Unknown	Browse
	TXVo7pIaEB.elf	Get hash	malicious	Unknown	Browse
	CaKRRsqLWL.elf	Get hash	malicious	Unknown	Browse
	7GxZ3z6CMA.elf	Get hash	malicious	Unknown	Browse
	sora.arm.elf	Get hash	malicious	Unknown	Browse
	sora.mips.elf	Get hash	malicious	Unknown	Browse
	sora.mpsl.elf	Get hash	malicious	Unknown	Browse
	sora.x86.elf	Get hash	malicious	Unknown	Browse
	sh4.elf	Get hash	malicious	Unknown	Browse
	debug.dbg.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PLUSNETUKInternetServiceProviderGB	vhsr56PI3r.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	TXVo7pIaEB.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	CaKRRsqLWL.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	7GxZ3z6CMA.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	sora.arm.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	sora.mips.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	sora.mpsl.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	sora.x86.elf	Get hash	malicious	Unknown	Browse	217.32.184.17
	jew.mpsl.elf	Get hash	malicious	Mirai	Browse	143.159.228.252
	arm5.elf	Get hash	malicious	Unknown	Browse	84.93.57.1

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.082206220382103
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	8RFfyRrdWT.elf
File size:	48'848 bytes
MD5:	72e2005ca58f9bafb342fff906042766
SHA1:	cefb9aea7f27bb907a79a401a986619997d1983b
SHA256:	f60766a94bbda92a2bab16cc02733929bd837fe67f36ed02cf73abeac2b40a31
SHA512:	b2847ca2bc9da7a6a13a53cd6f4b4a2c5b37d6ce3026b7436e778954f11a6bb235570b5298d13fc7bdaf5b1ff20b5a5711350a925b7af98392f59402238fa843
SSDEEP:	768:3BoBCKHvxxNDs+trBy1ZBpUc7X8slf4AQjqO++PWuVOw4:3B8zHvxnjrBy1/pUcT8sSAQj4+uq4
TLSH:	CD232A35BA761F17C0D168B521FB4B6876F146CE26A8CA4E3DB20D9EFF618406503AF4
File Content Preview:	.ELF...........................4...@.....4. ...(.......................................................4............dt.Q................................@..(....@.+<................#.....a...`.....!....."...@.....".........`......$"..."...@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	48448
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0xad28	0x0	0x6	AX	4
.fini	PROGBITS	0x1add8	0xadd8	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x1adf0	0xadf0	0xcd8	0x0	0x2	A	8
.ctors	PROGBITS	0x2bacc	0xbacc	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x2bad4	0xbad4	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x2bae0	0xbae0	0x220	0x0	0x3	WA	8
.bss	NOBITS	0x2bd00	0xbd00	0x190	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xbd00	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0xbac8	0xbac8	6.1135	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xbacc	0x2bacc	0x2bacc	0x234	0x3c4	2.9620	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 30, 2024 16:22:46.587678909 CET	37068	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:46.593059063 CET	23	37068	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:46.593113899 CET	37068	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:46.596103907 CET	37068	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:46.601624012 CET	23	37068	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:46.601666927 CET	37068	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:46.607033014 CET	23	37068	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:55.078583002 CET	23	37068	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:55.078943014 CET	37068	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:55.084552050 CET	23	37068	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:55.123159885 CET	37070	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:55.128524065 CET	23	37070	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:55.128592014 CET	37070	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:55.129170895 CET	37070	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:55.134521008 CET	23	37070	217.32.184.17	192.168.2.13
Oct 30, 2024 16:22:55.134601116 CET	37070	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:22:55.139986038 CET	23	37070	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:03.603796959 CET	23	37070	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:03.603971004 CET	37070	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:03.609442949 CET	23	37070	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:03.645944118 CET	37072	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:03.651391983 CET	23	37072	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:03.651467085 CET	37072	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:03.652054071 CET	37072	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:03.657382011 CET	23	37072	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:03.657428026 CET	37072	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:03.662934065 CET	23	37072	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:12.145670891 CET	23	37072	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:12.145982981 CET	37072	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:12.153146982 CET	23	37072	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:12.193511009 CET	37074	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:12.198940992 CET	23	37074	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:12.199006081 CET	37074	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:12.199613094 CET	37074	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:12.205461979 CET	23	37074	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:12.205518961 CET	37074	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:12.211191893 CET	23	37074	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:20.702850103 CET	23	37074	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:20.703154087 CET	37074	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:20.708656073 CET	23	37074	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:20.757117987 CET	37076	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:20.762557030 CET	23	37076	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:20.762645960 CET	37076	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:20.763504982 CET	37076	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:20.768942118 CET	23	37076	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:20.769012928 CET	37076	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:20.774406910 CET	23	37076	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:29.254738092 CET	23	37076	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:29.254991055 CET	37076	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:29.260647058 CET	23	37076	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:29.300962925 CET	37078	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:29.306516886 CET	23	37078	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:29.306608915 CET	37078	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:29.307447910 CET	37078	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:29.313057899 CET	23	37078	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:29.313123941 CET	37078	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:29.318701029 CET	23	37078	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:37.803114891 CET	23	37078	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:37.803435087 CET	37078	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:37.810652971 CET	23	37078	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:37.850707054 CET	37080	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:37.856472015 CET	23	37080	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:37.856534004 CET	37080	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:37.857180119 CET	37080	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:37.863605976 CET	23	37080	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:37.863655090 CET	37080	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:37.870242119 CET	23	37080	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:46.344074965 CET	23	37080	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:46.344737053 CET	37080	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:46.350373030 CET	23	37080	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:46.390769958 CET	37082	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:46.396224976 CET	23	37082	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:46.396286964 CET	37082	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:46.396837950 CET	37082	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:46.402605057 CET	23	37082	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:46.402653933 CET	37082	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:46.408210039 CET	23	37082	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:54.873209000 CET	23	37082	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:54.873605967 CET	37082	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:54.879380941 CET	23	37082	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:54.918545961 CET	37084	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:54.924037933 CET	23	37084	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:54.924159050 CET	37084	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:54.924885035 CET	37084	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:54.930567026 CET	23	37084	217.32.184.17	192.168.2.13
Oct 30, 2024 16:23:54.930625916 CET	37084	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:23:54.936826944 CET	23	37084	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:03.487349033 CET	23	37084	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:03.487642050 CET	37084	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:03.493591070 CET	23	37084	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:03.538548946 CET	37086	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:03.544440985 CET	23	37086	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:03.544539928 CET	37086	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:03.545397997 CET	37086	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:03.550846100 CET	23	37086	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:03.550895929 CET	37086	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:03.556566954 CET	23	37086	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:12.050628901 CET	23	37086	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:12.051136971 CET	37086	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:12.056565046 CET	23	37086	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:12.093909979 CET	37088	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:12.099309921 CET	23	37088	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:12.099428892 CET	37088	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:12.100198030 CET	37088	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:12.105573893 CET	23	37088	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:12.105629921 CET	37088	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:12.113136053 CET	23	37088	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:20.589932919 CET	23	37088	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:20.590161085 CET	37088	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:20.595797062 CET	23	37088	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:20.633625031 CET	37090	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:20.639451027 CET	23	37090	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:20.639523029 CET	37090	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:20.640208960 CET	37090	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:20.645982027 CET	23	37090	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:20.646045923 CET	37090	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:20.651498079 CET	23	37090	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:29.130831003 CET	23	37090	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:29.131011963 CET	37090	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:29.136420965 CET	23	37090	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:29.173718929 CET	37092	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:29.179119110 CET	23	37092	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:29.179188967 CET	37092	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:29.179747105 CET	37092	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:29.185450077 CET	23	37092	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:29.185497046 CET	37092	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:29.190918922 CET	23	37092	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:37.659410954 CET	23	37092	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:37.659744978 CET	37092	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:37.665198088 CET	23	37092	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:37.704087019 CET	37094	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:37.709403038 CET	23	37094	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:37.709486008 CET	37094	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:37.710120916 CET	37094	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:37.715430021 CET	23	37094	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:37.715486050 CET	37094	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:37.720762968 CET	23	37094	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:46.186145067 CET	23	37094	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:46.186554909 CET	37094	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:46.191967964 CET	23	37094	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:46.232714891 CET	37096	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:46.238176107 CET	23	37096	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:46.238388062 CET	37096	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:46.238939047 CET	37096	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:46.244288921 CET	23	37096	217.32.184.17	192.168.2.13
Oct 30, 2024 16:24:46.244412899 CET	37096	23	192.168.2.13	217.32.184.17
Oct 30, 2024 16:24:46.249790907 CET	23	37096	217.32.184.17	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 30, 2024 16:22:46.526479959 CET	55510	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:46.534171104 CET	53	55510	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:46.536000013 CET	57393	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:46.543768883 CET	53	57393	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:46.551937103 CET	36527	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:46.560094118 CET	53	36527	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:46.568427086 CET	35414	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:46.576227903 CET	53	35414	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:46.578541040 CET	35352	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:46.586136103 CET	53	35352	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:55.079936028 CET	52114	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:55.087599993 CET	53	52114	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:55.088258028 CET	55094	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:55.095614910 CET	53	55094	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:55.096362114 CET	42060	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:55.103931904 CET	53	42060	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:55.104573011 CET	47399	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:55.114751101 CET	53	47399	8.8.8.8	192.168.2.13
Oct 30, 2024 16:22:55.115354061 CET	56826	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:22:55.122858047 CET	53	56826	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:03.604722023 CET	60954	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:03.612960100 CET	53	60954	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:03.613660097 CET	39034	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:03.621026039 CET	53	39034	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:03.621710062 CET	60329	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:03.629415035 CET	53	60329	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:03.630038977 CET	45361	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:03.637494087 CET	53	45361	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:03.638112068 CET	38522	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:03.645633936 CET	53	38522	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:12.146962881 CET	53692	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:12.154937029 CET	53	53692	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:12.155757904 CET	46414	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:12.164872885 CET	53	46414	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:12.165709972 CET	48910	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:12.174416065 CET	53	48910	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:12.175187111 CET	53295	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:12.184381008 CET	53	53295	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:12.185103893 CET	34258	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:12.193092108 CET	53	34258	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:20.704646111 CET	36419	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:20.712259054 CET	53	36419	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:20.713258982 CET	55923	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:20.721508980 CET	53	55923	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:20.722424984 CET	37949	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:20.730483055 CET	53	37949	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:20.731091022 CET	55290	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:20.738913059 CET	53	55290	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:20.739531040 CET	40731	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:20.756752968 CET	53	40731	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:29.255974054 CET	40032	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:29.263624907 CET	53	40032	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:29.264544964 CET	53067	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:29.272664070 CET	53	53067	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:29.273583889 CET	35000	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:29.281577110 CET	53	35000	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:29.282566071 CET	56520	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:29.290754080 CET	53	56520	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:29.291661978 CET	49498	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:29.300508022 CET	53	49498	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:37.804591894 CET	55813	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:37.813570023 CET	53	55813	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:37.814587116 CET	60902	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:37.822484970 CET	53	60902	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:37.823375940 CET	43296	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:37.833065033 CET	53	43296	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:37.833926916 CET	49194	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:37.841703892 CET	53	49194	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:37.842551947 CET	37128	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:37.850361109 CET	53	37128	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:46.345634937 CET	59459	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:46.353590012 CET	53	59459	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:46.354299068 CET	42961	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:46.362977982 CET	53	42961	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:46.364126921 CET	50138	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:46.371736050 CET	53	50138	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:46.372549057 CET	33055	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:46.380625010 CET	53	33055	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:46.381458044 CET	43133	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:46.390419960 CET	53	43133	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:54.874372959 CET	49866	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:54.881877899 CET	53	49866	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:54.882776022 CET	47892	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:54.890746117 CET	53	47892	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:54.891447067 CET	54817	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:54.899434090 CET	53	54817	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:54.900190115 CET	55090	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:54.907911062 CET	53	55090	8.8.8.8	192.168.2.13
Oct 30, 2024 16:23:54.908631086 CET	51026	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:23:54.918150902 CET	53	51026	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:03.488759995 CET	44114	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:03.500910044 CET	53	44114	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:03.501703024 CET	41443	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:03.510473013 CET	53	41443	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:03.511173964 CET	41766	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:03.519413948 CET	53	41766	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:03.520275116 CET	60910	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:03.528368950 CET	53	60910	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:03.529236078 CET	55746	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:03.538079023 CET	53	55746	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:12.052077055 CET	53471	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:12.059695005 CET	53	53471	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:12.060470104 CET	37598	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:12.068063974 CET	53	37598	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:12.068881989 CET	40359	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:12.076467037 CET	53	40359	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:12.077209949 CET	55529	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:12.085011959 CET	53	55529	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:12.085817099 CET	57725	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:12.093410015 CET	53	57725	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:20.591033936 CET	42477	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:20.599351883 CET	53	42477	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:20.600055933 CET	38603	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:20.607884884 CET	53	38603	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:20.608572006 CET	48161	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:20.616223097 CET	53	48161	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:20.616966009 CET	56863	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:20.624743938 CET	53	56863	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:20.625719070 CET	45283	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:20.633145094 CET	53	45283	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:29.131731987 CET	52819	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:29.139581919 CET	53	52819	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:29.140235901 CET	53952	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:29.147707939 CET	53	53952	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:29.148318052 CET	37678	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:29.156039000 CET	53	37678	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:29.156611919 CET	39306	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:29.164690018 CET	53	39306	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:29.165278912 CET	59484	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:29.173408985 CET	53	59484	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:37.660399914 CET	41646	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:37.668658972 CET	53	41646	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:37.669416904 CET	60206	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:37.677551985 CET	53	60206	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:37.678200960 CET	40494	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:37.686120033 CET	53	40494	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:37.687079906 CET	54475	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:37.695101976 CET	53	54475	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:37.695766926 CET	55194	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:37.703747034 CET	53	55194	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:46.187290907 CET	40706	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:46.195673943 CET	53	40706	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:46.196321011 CET	37858	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:46.204185963 CET	53	37858	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:46.204832077 CET	56431	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:46.214128971 CET	53	56431	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:46.214745045 CET	50083	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:46.223581076 CET	53	50083	8.8.8.8	192.168.2.13
Oct 30, 2024 16:24:46.224186897 CET	35254	53	192.168.2.13	8.8.8.8
Oct 30, 2024 16:24:46.232323885 CET	53	35254	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 30, 2024 16:22:46.526479959 CET	192.168.2.13	8.8.8.8	0x3b2	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.536000013 CET	192.168.2.13	8.8.8.8	0x3b2	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.551937103 CET	192.168.2.13	8.8.8.8	0x3b2	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.568427086 CET	192.168.2.13	8.8.8.8	0x3b2	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.578541040 CET	192.168.2.13	8.8.8.8	0x3b2	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.079936028 CET	192.168.2.13	8.8.8.8	0x31d0	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.088258028 CET	192.168.2.13	8.8.8.8	0x31d0	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.096362114 CET	192.168.2.13	8.8.8.8	0x31d0	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.104573011 CET	192.168.2.13	8.8.8.8	0x31d0	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.115354061 CET	192.168.2.13	8.8.8.8	0x31d0	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.604722023 CET	192.168.2.13	8.8.8.8	0xd54c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.613660097 CET	192.168.2.13	8.8.8.8	0xd54c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.621710062 CET	192.168.2.13	8.8.8.8	0xd54c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.630038977 CET	192.168.2.13	8.8.8.8	0xd54c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.638112068 CET	192.168.2.13	8.8.8.8	0xd54c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.146962881 CET	192.168.2.13	8.8.8.8	0x83a8	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.155757904 CET	192.168.2.13	8.8.8.8	0x83a8	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.165709972 CET	192.168.2.13	8.8.8.8	0x83a8	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.175187111 CET	192.168.2.13	8.8.8.8	0x83a8	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.185103893 CET	192.168.2.13	8.8.8.8	0x83a8	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.704646111 CET	192.168.2.13	8.8.8.8	0xc491	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.713258982 CET	192.168.2.13	8.8.8.8	0xc491	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.722424984 CET	192.168.2.13	8.8.8.8	0xc491	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.731091022 CET	192.168.2.13	8.8.8.8	0xc491	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.739531040 CET	192.168.2.13	8.8.8.8	0xc491	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.255974054 CET	192.168.2.13	8.8.8.8	0x29	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.264544964 CET	192.168.2.13	8.8.8.8	0x29	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.273583889 CET	192.168.2.13	8.8.8.8	0x29	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.282566071 CET	192.168.2.13	8.8.8.8	0x29	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.291661978 CET	192.168.2.13	8.8.8.8	0x29	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.804591894 CET	192.168.2.13	8.8.8.8	0x1a0b	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.814587116 CET	192.168.2.13	8.8.8.8	0x1a0b	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.823375940 CET	192.168.2.13	8.8.8.8	0x1a0b	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.833926916 CET	192.168.2.13	8.8.8.8	0x1a0b	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.842551947 CET	192.168.2.13	8.8.8.8	0x1a0b	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.345634937 CET	192.168.2.13	8.8.8.8	0xe44c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.354299068 CET	192.168.2.13	8.8.8.8	0xe44c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.364126921 CET	192.168.2.13	8.8.8.8	0xe44c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.372549057 CET	192.168.2.13	8.8.8.8	0xe44c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.381458044 CET	192.168.2.13	8.8.8.8	0xe44c	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.874372959 CET	192.168.2.13	8.8.8.8	0xa57e	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.882776022 CET	192.168.2.13	8.8.8.8	0xa57e	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.891447067 CET	192.168.2.13	8.8.8.8	0xa57e	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.900190115 CET	192.168.2.13	8.8.8.8	0xa57e	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.908631086 CET	192.168.2.13	8.8.8.8	0xa57e	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.488759995 CET	192.168.2.13	8.8.8.8	0xef80	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.501703024 CET	192.168.2.13	8.8.8.8	0xef80	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.511173964 CET	192.168.2.13	8.8.8.8	0xef80	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.520275116 CET	192.168.2.13	8.8.8.8	0xef80	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.529236078 CET	192.168.2.13	8.8.8.8	0xef80	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.052077055 CET	192.168.2.13	8.8.8.8	0xad75	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.060470104 CET	192.168.2.13	8.8.8.8	0xad75	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.068881989 CET	192.168.2.13	8.8.8.8	0xad75	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.077209949 CET	192.168.2.13	8.8.8.8	0xad75	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.085817099 CET	192.168.2.13	8.8.8.8	0xad75	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.591033936 CET	192.168.2.13	8.8.8.8	0xb166	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.600055933 CET	192.168.2.13	8.8.8.8	0xb166	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.608572006 CET	192.168.2.13	8.8.8.8	0xb166	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.616966009 CET	192.168.2.13	8.8.8.8	0xb166	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.625719070 CET	192.168.2.13	8.8.8.8	0xb166	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.131731987 CET	192.168.2.13	8.8.8.8	0x7a42	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.140235901 CET	192.168.2.13	8.8.8.8	0x7a42	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.148318052 CET	192.168.2.13	8.8.8.8	0x7a42	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.156611919 CET	192.168.2.13	8.8.8.8	0x7a42	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.165278912 CET	192.168.2.13	8.8.8.8	0x7a42	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.660399914 CET	192.168.2.13	8.8.8.8	0x7a7	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.669416904 CET	192.168.2.13	8.8.8.8	0x7a7	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.678200960 CET	192.168.2.13	8.8.8.8	0x7a7	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.687079906 CET	192.168.2.13	8.8.8.8	0x7a7	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.695766926 CET	192.168.2.13	8.8.8.8	0x7a7	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.187290907 CET	192.168.2.13	8.8.8.8	0x11d3	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.196321011 CET	192.168.2.13	8.8.8.8	0x11d3	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.204832077 CET	192.168.2.13	8.8.8.8	0x11d3	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.214745045 CET	192.168.2.13	8.8.8.8	0x11d3	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.224186897 CET	192.168.2.13	8.8.8.8	0x11d3	Standard query (0)	154.216.20.94	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 30, 2024 16:22:46.534171104 CET	8.8.8.8	192.168.2.13	0x3b2	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.543768883 CET	8.8.8.8	192.168.2.13	0x3b2	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.560094118 CET	8.8.8.8	192.168.2.13	0x3b2	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.576227903 CET	8.8.8.8	192.168.2.13	0x3b2	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:46.586136103 CET	8.8.8.8	192.168.2.13	0x3b2	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.087599993 CET	8.8.8.8	192.168.2.13	0x31d0	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.095614910 CET	8.8.8.8	192.168.2.13	0x31d0	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.103931904 CET	8.8.8.8	192.168.2.13	0x31d0	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.114751101 CET	8.8.8.8	192.168.2.13	0x31d0	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:22:55.122858047 CET	8.8.8.8	192.168.2.13	0x31d0	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.612960100 CET	8.8.8.8	192.168.2.13	0xd54c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.621026039 CET	8.8.8.8	192.168.2.13	0xd54c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.629415035 CET	8.8.8.8	192.168.2.13	0xd54c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.637494087 CET	8.8.8.8	192.168.2.13	0xd54c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:03.645633936 CET	8.8.8.8	192.168.2.13	0xd54c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.154937029 CET	8.8.8.8	192.168.2.13	0x83a8	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.164872885 CET	8.8.8.8	192.168.2.13	0x83a8	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.174416065 CET	8.8.8.8	192.168.2.13	0x83a8	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.184381008 CET	8.8.8.8	192.168.2.13	0x83a8	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:12.193092108 CET	8.8.8.8	192.168.2.13	0x83a8	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.712259054 CET	8.8.8.8	192.168.2.13	0xc491	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.721508980 CET	8.8.8.8	192.168.2.13	0xc491	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.730483055 CET	8.8.8.8	192.168.2.13	0xc491	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.738913059 CET	8.8.8.8	192.168.2.13	0xc491	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:20.756752968 CET	8.8.8.8	192.168.2.13	0xc491	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.263624907 CET	8.8.8.8	192.168.2.13	0x29	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.272664070 CET	8.8.8.8	192.168.2.13	0x29	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.281577110 CET	8.8.8.8	192.168.2.13	0x29	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.290754080 CET	8.8.8.8	192.168.2.13	0x29	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:29.300508022 CET	8.8.8.8	192.168.2.13	0x29	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.813570023 CET	8.8.8.8	192.168.2.13	0x1a0b	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.822484970 CET	8.8.8.8	192.168.2.13	0x1a0b	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.833065033 CET	8.8.8.8	192.168.2.13	0x1a0b	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.841703892 CET	8.8.8.8	192.168.2.13	0x1a0b	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:37.850361109 CET	8.8.8.8	192.168.2.13	0x1a0b	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.353590012 CET	8.8.8.8	192.168.2.13	0xe44c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.362977982 CET	8.8.8.8	192.168.2.13	0xe44c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.371736050 CET	8.8.8.8	192.168.2.13	0xe44c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.380625010 CET	8.8.8.8	192.168.2.13	0xe44c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:46.390419960 CET	8.8.8.8	192.168.2.13	0xe44c	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.881877899 CET	8.8.8.8	192.168.2.13	0xa57e	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.890746117 CET	8.8.8.8	192.168.2.13	0xa57e	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.899434090 CET	8.8.8.8	192.168.2.13	0xa57e	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.907911062 CET	8.8.8.8	192.168.2.13	0xa57e	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:23:54.918150902 CET	8.8.8.8	192.168.2.13	0xa57e	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.500910044 CET	8.8.8.8	192.168.2.13	0xef80	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.510473013 CET	8.8.8.8	192.168.2.13	0xef80	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.519413948 CET	8.8.8.8	192.168.2.13	0xef80	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.528368950 CET	8.8.8.8	192.168.2.13	0xef80	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:03.538079023 CET	8.8.8.8	192.168.2.13	0xef80	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.059695005 CET	8.8.8.8	192.168.2.13	0xad75	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.068063974 CET	8.8.8.8	192.168.2.13	0xad75	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.076467037 CET	8.8.8.8	192.168.2.13	0xad75	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.085011959 CET	8.8.8.8	192.168.2.13	0xad75	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:12.093410015 CET	8.8.8.8	192.168.2.13	0xad75	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.599351883 CET	8.8.8.8	192.168.2.13	0xb166	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.607884884 CET	8.8.8.8	192.168.2.13	0xb166	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.616223097 CET	8.8.8.8	192.168.2.13	0xb166	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.624743938 CET	8.8.8.8	192.168.2.13	0xb166	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:20.633145094 CET	8.8.8.8	192.168.2.13	0xb166	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.139581919 CET	8.8.8.8	192.168.2.13	0x7a42	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.147707939 CET	8.8.8.8	192.168.2.13	0x7a42	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.156039000 CET	8.8.8.8	192.168.2.13	0x7a42	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.164690018 CET	8.8.8.8	192.168.2.13	0x7a42	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:29.173408985 CET	8.8.8.8	192.168.2.13	0x7a42	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.668658972 CET	8.8.8.8	192.168.2.13	0x7a7	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.677551985 CET	8.8.8.8	192.168.2.13	0x7a7	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.686120033 CET	8.8.8.8	192.168.2.13	0x7a7	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.695101976 CET	8.8.8.8	192.168.2.13	0x7a7	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:37.703747034 CET	8.8.8.8	192.168.2.13	0x7a7	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.195673943 CET	8.8.8.8	192.168.2.13	0x11d3	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.204185963 CET	8.8.8.8	192.168.2.13	0x11d3	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.214128971 CET	8.8.8.8	192.168.2.13	0x11d3	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.223581076 CET	8.8.8.8	192.168.2.13	0x11d3	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false
Oct 30, 2024 16:24:46.232323885 CET	8.8.8.8	192.168.2.13	0x11d3	Name error (3)	154.216.20.94	none	none	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: 8RFfyRrdWT.elf PID: 5412, Parent PID: 5338

General

Start time (UTC):	15:22:45
Start date (UTC):	30/10/2024
Path:	/tmp/8RFfyRrdWT.elf
Arguments:	/tmp/8RFfyRrdWT.elf
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: 8RFfyRrdWT.elf PID: 5414, Parent PID: 5412

General

Start time (UTC):	15:22:46
Start date (UTC):	30/10/2024
Path:	/tmp/8RFfyRrdWT.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Chronological Activities

Analysis Process: 8RFfyRrdWT.elf PID: 5418, Parent PID: 5414

General

Start time (UTC):	15:22:46
Start date (UTC):	30/10/2024
Path:	/tmp/8RFfyRrdWT.elf
Arguments:	-
File size:	4379400 bytes
MD5 hash:	7dc1c0e23cd5e102bb12e5c29403410e

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report 8RFfyRrdWT.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: 8RFfyRrdWT.elf PID: 5412, Parent PID: 5338

General

Chronological Activities

Analysis Process: 8RFfyRrdWT.elf PID: 5414, Parent PID: 5412

General

Chronological Activities

Analysis Process: 8RFfyRrdWT.elf PID: 5418, Parent PID: 5414

General

Chronological Activities

Linux Analysis Report
8RFfyRrdWT.elf