Edit tour

Linux Analysis Report
hmips.elf

Overview

General Information

Sample name:	hmips.elf
Analysis ID:	1560543
MD5:	ce323c1c93bea312257bf9aa50e7ee7f
SHA1:	6d604dd65453e13321925f9134cabe7389fcaa83
SHA256:	c1f461309b9ace5a785ee2f430d9bf0da7f9978a9a947f7da21c4f97401f3393
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560543
Start date and time:	2024-11-21 22:58:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	hmips.elf
Detection:	MAL
Classification:	mal52.troj.linELF@0/0@39/0

Warnings

VT rate limit hit for: hmips.elf

Runtime Messages

Command:	/tmp/hmips.elf
PID:	5430
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:

Process Tree

system is lnxubuntu20

hmips.elf (PID: 5430, Parent: 5354, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/hmips.elf

hmips.elf New Fork (PID: 5432, Parent: 5430)

hmips.elf New Fork (PID: 5476, Parent: 5432)

hmips.elf New Fork (PID: 5433, Parent: 5430)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: hmips.elf

ReversingLabs: Detection: 13%

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 5.39.254.71 ports 24809,0,2,4,8,9
Source: global traffic	TCP traffic: 27.102.118.110 ports 17587,0,2,25580,5,8,1628
Source: global traffic	TCP traffic: 31.13.248.89 ports 3,4,9,4349,7848,12855,1911
Source: global traffic	TCP traffic: 81.29.149.178 ports 5618,1,5,6,8,10043

Source: global traffic	TCP traffic: 192.168.2.13:58474 -> 193.233.193.45:5618
Source: global traffic	TCP traffic: 192.168.2.13:58912 -> 81.29.149.178:5618
Source: global traffic	TCP traffic: 192.168.2.13:57924 -> 31.13.248.89:4349
Source: global traffic	TCP traffic: 192.168.2.13:45048 -> 27.102.118.110:25580
Source: global traffic	TCP traffic: 192.168.2.13:53120 -> 5.39.254.71:24809
Source: global traffic	TCP traffic: 192.168.2.13:59848 -> 88.151.195.22:19173
Source: global traffic	TCP traffic: 192.168.2.13:33332 -> 89.32.41.42:16161
Source: global traffic	TCP traffic: 192.168.2.13:44532 -> 107.189.8.204:11903
Source: global traffic	TCP traffic: 192.168.2.13:43512 -> 27.102.118.111:9405
Source: global traffic	TCP traffic: 192.168.2.13:58986 -> 209.141.49.186:24880
Source: global traffic	TCP traffic: 192.168.2.13:42632 -> 103.136.150.114:13385

Source: /tmp/hmips.elf (PID: 5430)

Socket: 127.0.0.1:1172

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.193.45
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.193.45
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.193.45
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.193.45
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.193.45
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 81.29.149.178
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 5.39.254.71
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 27.102.118.110
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 89.32.41.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.32.41.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.32.41.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.32.41.42
Source: unknown	TCP traffic detected without corresponding DNS query: 89.32.41.42
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 107.189.8.204
Source: unknown	TCP traffic detected without corresponding DNS query: 88.151.195.22
Source: unknown	TCP traffic detected without corresponding DNS query: 31.13.248.89

Source: global traffic

DNS traffic detected: DNS query: kingstonwikkerink.dyn

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal52.troj.linELF@0/0@39/0

Source: /tmp/hmips.elf (PID: 5430)

Queries kernel information via 'uname':

Jump to behavior

Source: hmips.elf, 5430.1.00007ffeca4e1000.00007ffeca502000.rw-.sdmp, hmips.elf, 5432.1.00007ffeca4e1000.00007ffeca502000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/hmips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/hmips.elf
Source: hmips.elf, 5430.1.0000558386307000.00005583863af000.rw-.sdmp, hmips.elf, 5432.1.0000558386307000.00005583863af000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: hmips.elf, 5430.1.0000558386307000.00005583863af000.rw-.sdmp, hmips.elf, 5432.1.0000558386307000.00005583863af000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: hmips.elf, 5432.1.0000558386307000.00005583863af000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: hmips.elf, 5430.1.00007ffeca4e1000.00007ffeca502000.rw-.sdmp, hmips.elf, 5432.1.00007ffeca4e1000.00007ffeca502000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: hmips.elf, 5432.1.0000558386307000.00005583863af000.rw-.sdmp	Binary or memory string: U0!/usr/bin/vmtoolsd

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
hmips.elf	13%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kingstonwikkerink.dyn	unknown	unknown	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
5.39.254.71	unknown	United Kingdom	30938	ABSTATIONwwwabstationnetGB	true
193.233.193.45	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
27.102.118.110	unknown	Korea Republic of	45996	GNJ-AS-KRDAOUTECHNOLOGYKR	true
27.102.118.111	unknown	Korea Republic of	45996	GNJ-AS-KRDAOUTECHNOLOGYKR	false
31.13.248.89	unknown	Bulgaria	34224	NETERRA-ASBG	true
107.189.8.204	unknown	United States	53667	PONYNETUS	false
209.141.49.186	unknown	United States	53667	PONYNETUS	false
88.151.195.22	unknown	Azerbaijan	15723	AZERONLINEAZ	false
103.136.150.114	unknown	Hong Kong	46261	QUICKPACKETUS	false
81.29.149.178	unknown	Switzerland	39616	COMUNICA_IT_SERVICESCH	true
89.32.41.42	unknown	Romania	48874	HOSTMAZEHOSTMAZERO	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
107.189.8.204	ppc.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
5.39.254.71	mips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
193.233.193.45	mips.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	hmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	nsharm5.elf	Get hash	malicious	Unknown	Browse
	nsharm.elf	Get hash	malicious	Unknown	Browse
27.102.118.110	arm5.elf	Get hash	malicious	Unknown	Browse
27.102.118.110	ppc.elf	Get hash	malicious	Unknown	Browse
27.102.118.111	arm7.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
31.13.248.89	arm7.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ABSTATIONwwwabstationnetGB	mips.elf	Get hash	malicious	Unknown	Browse	5.39.254.71
	arm7.elf	Get hash	malicious	Unknown	Browse	5.39.254.71
	https://blacksaltys.com	Get hash	malicious	Unknown	Browse	5.144.179.245
	https://packedbrick.com	Get hash	malicious	Unknown	Browse	5.144.179.245
	harm5.elf	Get hash	malicious	Unknown	Browse	5.39.254.71
	ppc.elf	Get hash	malicious	Unknown	Browse	5.39.254.71
	SecuriteInfo.com.Linux.Siggen.9999.21530.5221.elf	Get hash	malicious	Mirai	Browse	103.101.86.128
	SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exe	Get hash	malicious	Cryptbot, Neoreklami	Browse	31.192.244.36
	yLfAxBEcuo.exe	Get hash	malicious	Cryptbot, Vidar, Xmrig	Browse	31.192.244.36
	arm4-20240623-2204.elf	Get hash	malicious	Mirai	Browse	5.178.104.13
GNJ-AS-KRDAOUTECHNOLOGYKR	arm7.elf	Get hash	malicious	Unknown	Browse	27.102.118.111
	x86.elf	Get hash	malicious	Unknown	Browse	27.102.118.111
	arm5.elf	Get hash	malicious	Unknown	Browse	27.102.118.110
	ppc.elf	Get hash	malicious	Unknown	Browse	27.102.118.111
	sh4.elf	Get hash	malicious	Mirai	Browse	14.129.24.157
	nuklear.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	1.18.64.186
	arm5.elf	Get hash	malicious	Mirai	Browse	1.17.85.123
	sh4.elf	Get hash	malicious	Mirai	Browse	1.17.85.151
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	115.71.116.179
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	27.102.158.214
FREE-NET-ASFREEnetEU	mips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	x86.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	owari.mips.elf	Get hash	malicious	Unknown	Browse	147.45.234.212
	pdusf6w2SJ.exe	Get hash	malicious	RedLine	Browse	147.45.44.221
	ppc.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	hmips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	file.exe	Get hash	malicious	DanaBot	Browse	193.233.232.101
	xd.spc.elf	Get hash	malicious	Mirai	Browse	193.233.234.114
	RECIBO TRANSFERENCIA#0000078.exe	Get hash	malicious	Unknown	Browse	193.233.203.63
	RECIBO TRANSFERENCIA#0000078.exe	Get hash	malicious	Unknown	Browse	193.233.203.63

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.3123338762477195
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	hmips.elf
File size:	72'768 bytes
MD5:	ce323c1c93bea312257bf9aa50e7ee7f
SHA1:	6d604dd65453e13321925f9134cabe7389fcaa83
SHA256:	c1f461309b9ace5a785ee2f430d9bf0da7f9978a9a947f7da21c4f97401f3393
SHA512:	6713b1536dfdc384674a1f545754186603d664bc45fe3c7b74d996fec21b000ca86289dfd3fca1c2ee5e8ae6f945d7201f8b1fc768d6276a943c864639a3e0d0
SSDEEP:	1536:S9MnBpip6Gp6k/63wTFjSD/iEeFlXem8Yewbef:2CBpqW/ipldbef
TLSH:	D863C85E6E728FEDF26CC33447B74A31A7A923D523E09685E2ACD2101F7024D585FBA4
File Content Preview:	.ELF.....................@.`...4.........4. ...(.............@...@...........................E...E........Zh........dt.Q............................<...'..L...!'.......................<...'..(...!... ....'9... ......................<...'......!........'9.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	72208
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0xee80	0x0	0x6	AX	16
.fini	PROGBITS	0x40efa0	0xefa0	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x40f000	0xf000	0x16c0	0x0	0x2	A	16
.ctors	PROGBITS	0x451000	0x11000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x451008	0x11008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x451014	0x11014	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x451020	0x11020	0x3c8	0x0	0x3	WA	16
.got	PROGBITS	0x4513f0	0x113f0	0x5bc	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x4519ac	0x119ac	0x20	0x0	0x10000003	WAp	4
.bss	NOBITS	0x4519d0	0x119ac	0x5098	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xc2a	0x119ac	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x119ac	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x106c0	0x106c0	5.4854	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x11000	0x451000	0x451000	0x9ac	0x5a68	3.5220	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 22:59:20.447724104 CET	58474	5618	192.168.2.13	193.233.193.45
Nov 21, 2024 22:59:20.567248106 CET	5618	58474	193.233.193.45	192.168.2.13
Nov 21, 2024 22:59:20.567379951 CET	58474	5618	192.168.2.13	193.233.193.45
Nov 21, 2024 22:59:20.567614079 CET	58474	5618	192.168.2.13	193.233.193.45
Nov 21, 2024 22:59:20.609474897 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:20.687758923 CET	5618	58474	193.233.193.45	192.168.2.13
Nov 21, 2024 22:59:20.687967062 CET	58474	5618	192.168.2.13	193.233.193.45
Nov 21, 2024 22:59:20.729343891 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:20.729484081 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:20.729799032 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:20.807773113 CET	5618	58474	193.233.193.45	192.168.2.13
Nov 21, 2024 22:59:20.849767923 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:20.849972010 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:20.969594955 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:23.117976904 CET	5618	58474	193.233.193.45	192.168.2.13
Nov 21, 2024 22:59:23.118582010 CET	58474	5618	192.168.2.13	193.233.193.45
Nov 21, 2024 22:59:23.238327026 CET	5618	58474	193.233.193.45	192.168.2.13
Nov 21, 2024 22:59:28.624519110 CET	57924	4349	192.168.2.13	31.13.248.89
Nov 21, 2024 22:59:28.744126081 CET	4349	57924	31.13.248.89	192.168.2.13
Nov 21, 2024 22:59:28.744319916 CET	57924	4349	192.168.2.13	31.13.248.89
Nov 21, 2024 22:59:28.744426966 CET	57924	4349	192.168.2.13	31.13.248.89
Nov 21, 2024 22:59:28.864121914 CET	4349	57924	31.13.248.89	192.168.2.13
Nov 21, 2024 22:59:28.864273071 CET	57924	4349	192.168.2.13	31.13.248.89
Nov 21, 2024 22:59:28.984507084 CET	4349	57924	31.13.248.89	192.168.2.13
Nov 21, 2024 22:59:30.740144014 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:30.859802961 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:31.030260086 CET	4349	57924	31.13.248.89	192.168.2.13
Nov 21, 2024 22:59:31.030563116 CET	57924	4349	192.168.2.13	31.13.248.89
Nov 21, 2024 22:59:31.150214911 CET	4349	57924	31.13.248.89	192.168.2.13
Nov 21, 2024 22:59:36.298198938 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:36.417922974 CET	25580	45048	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:36.418308020 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:36.418361902 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:36.537980080 CET	25580	45048	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:36.538137913 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:36.657744884 CET	25580	45048	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:38.377289057 CET	25580	45048	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:38.377454042 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:38.377700090 CET	45048	25580	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:42.745002985 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:42.745682001 CET	58912	5618	192.168.2.13	81.29.149.178
Nov 21, 2024 22:59:42.865328074 CET	5618	58912	81.29.149.178	192.168.2.13
Nov 21, 2024 22:59:44.114712000 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:44.234286070 CET	24809	53120	5.39.254.71	192.168.2.13
Nov 21, 2024 22:59:44.234402895 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:44.234472990 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:44.354193926 CET	24809	53120	5.39.254.71	192.168.2.13
Nov 21, 2024 22:59:44.354300022 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:44.474062920 CET	24809	53120	5.39.254.71	192.168.2.13
Nov 21, 2024 22:59:45.683851004 CET	24809	53120	5.39.254.71	192.168.2.13
Nov 21, 2024 22:59:45.683984995 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:45.684046030 CET	53120	24809	192.168.2.13	5.39.254.71
Nov 21, 2024 22:59:48.262748957 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:48.382283926 CET	1628	48348	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:48.382508993 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:48.382556915 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:48.502217054 CET	1628	48348	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:48.502448082 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:48.622142076 CET	1628	48348	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:50.286791086 CET	1628	48348	27.102.118.110	192.168.2.13
Nov 21, 2024 22:59:50.286950111 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:50.287100077 CET	48348	1628	192.168.2.13	27.102.118.110
Nov 21, 2024 22:59:51.200540066 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 22:59:51.320071936 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 22:59:51.320319891 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 22:59:51.320362091 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 22:59:51.439964056 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 22:59:51.440150023 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 22:59:51.559650898 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 22:59:55.548516989 CET	33332	16161	192.168.2.13	89.32.41.42
Nov 21, 2024 22:59:55.668059111 CET	16161	33332	89.32.41.42	192.168.2.13
Nov 21, 2024 22:59:55.668210030 CET	33332	16161	192.168.2.13	89.32.41.42
Nov 21, 2024 22:59:55.668251038 CET	33332	16161	192.168.2.13	89.32.41.42
Nov 21, 2024 22:59:55.788022995 CET	16161	33332	89.32.41.42	192.168.2.13
Nov 21, 2024 22:59:55.788161039 CET	33332	16161	192.168.2.13	89.32.41.42
Nov 21, 2024 22:59:55.908744097 CET	16161	33332	89.32.41.42	192.168.2.13
Nov 21, 2024 22:59:58.075498104 CET	16161	33332	89.32.41.42	192.168.2.13
Nov 21, 2024 22:59:58.075761080 CET	33332	16161	192.168.2.13	89.32.41.42
Nov 21, 2024 22:59:58.195453882 CET	16161	33332	89.32.41.42	192.168.2.13
Nov 21, 2024 23:00:01.330683947 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 23:00:01.450320959 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 23:00:03.819960117 CET	44532	11903	192.168.2.13	107.189.8.204
Nov 21, 2024 23:00:03.939435005 CET	11903	44532	107.189.8.204	192.168.2.13
Nov 21, 2024 23:00:03.939551115 CET	44532	11903	192.168.2.13	107.189.8.204
Nov 21, 2024 23:00:03.939584970 CET	44532	11903	192.168.2.13	107.189.8.204
Nov 21, 2024 23:00:04.059063911 CET	11903	44532	107.189.8.204	192.168.2.13
Nov 21, 2024 23:00:04.059168100 CET	44532	11903	192.168.2.13	107.189.8.204
Nov 21, 2024 23:00:04.178734064 CET	11903	44532	107.189.8.204	192.168.2.13
Nov 21, 2024 23:00:13.301295042 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 23:00:13.301904917 CET	59848	19173	192.168.2.13	88.151.195.22
Nov 21, 2024 23:00:13.421520948 CET	19173	59848	88.151.195.22	192.168.2.13
Nov 21, 2024 23:00:18.715925932 CET	55494	12855	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:18.835457087 CET	12855	55494	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:18.835709095 CET	55494	12855	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:18.835772991 CET	55494	12855	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:18.955256939 CET	12855	55494	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:18.955473900 CET	55494	12855	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:19.074995041 CET	12855	55494	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:21.093133926 CET	12855	55494	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:21.093379021 CET	55494	12855	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:21.213419914 CET	12855	55494	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:25.824605942 CET	11903	44532	107.189.8.204	192.168.2.13
Nov 21, 2024 23:00:25.825063944 CET	44532	11903	192.168.2.13	107.189.8.204
Nov 21, 2024 23:00:25.944628000 CET	11903	44532	107.189.8.204	192.168.2.13
Nov 21, 2024 23:00:26.354862928 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:26.474462986 CET	9405	43512	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:26.474663973 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:26.474773884 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:26.594214916 CET	9405	43512	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:26.594420910 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:26.713943958 CET	9405	43512	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:28.323535919 CET	9405	43512	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:28.323741913 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:28.323877096 CET	43512	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:31.328315020 CET	60410	7848	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:31.447870970 CET	7848	60410	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:31.448034048 CET	60410	7848	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:31.448086977 CET	60410	7848	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:31.567831039 CET	7848	60410	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:31.567949057 CET	60410	7848	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:31.687520981 CET	7848	60410	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:33.735141993 CET	7848	60410	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:33.735342979 CET	60410	7848	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:33.854831934 CET	7848	60410	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:34.312252045 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:34.431814909 CET	9405	43516	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:34.431929111 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:34.432049990 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:34.551594973 CET	9405	43516	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:34.551728010 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:34.671175003 CET	9405	43516	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:36.265355110 CET	9405	43516	27.102.118.111	192.168.2.13
Nov 21, 2024 23:00:36.265533924 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:36.265692949 CET	43516	9405	192.168.2.13	27.102.118.111
Nov 21, 2024 23:00:39.349642038 CET	41492	1911	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:39.469425917 CET	1911	41492	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:39.469541073 CET	41492	1911	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:39.469583988 CET	41492	1911	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:39.589112997 CET	1911	41492	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:39.589206934 CET	41492	1911	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:39.708837032 CET	1911	41492	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:41.670160055 CET	58986	24880	192.168.2.13	209.141.49.186
Nov 21, 2024 23:00:41.749417067 CET	1911	41492	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:41.749681950 CET	41492	1911	192.168.2.13	31.13.248.89
Nov 21, 2024 23:00:41.789777040 CET	24880	58986	209.141.49.186	192.168.2.13
Nov 21, 2024 23:00:41.789921999 CET	58986	24880	192.168.2.13	209.141.49.186
Nov 21, 2024 23:00:41.789953947 CET	58986	24880	192.168.2.13	209.141.49.186
Nov 21, 2024 23:00:41.869168043 CET	1911	41492	31.13.248.89	192.168.2.13
Nov 21, 2024 23:00:41.909446001 CET	24880	58986	209.141.49.186	192.168.2.13
Nov 21, 2024 23:00:41.909588099 CET	58986	24880	192.168.2.13	209.141.49.186
Nov 21, 2024 23:00:42.029046059 CET	24880	58986	209.141.49.186	192.168.2.13
Nov 21, 2024 23:00:47.013561010 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:47.133184910 CET	13385	42632	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:47.133328915 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:47.133373976 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:47.254134893 CET	13385	42632	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:47.254348993 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:47.373888016 CET	13385	42632	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:49.107274055 CET	13385	42632	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:49.107598066 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:49.107703924 CET	42632	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:55.104029894 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:55.223594904 CET	13385	42634	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:55.223824024 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:55.223912954 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:55.345683098 CET	13385	42634	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:55.345943928 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:55.465693951 CET	13385	42634	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:57.144855976 CET	13385	42634	103.136.150.114	192.168.2.13
Nov 21, 2024 23:00:57.145508051 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:00:57.145607948 CET	42634	13385	192.168.2.13	103.136.150.114
Nov 21, 2024 23:01:02.563258886 CET	59174	10043	192.168.2.13	81.29.149.178
Nov 21, 2024 23:01:02.757034063 CET	10043	59174	81.29.149.178	192.168.2.13
Nov 21, 2024 23:01:02.757391930 CET	59174	10043	192.168.2.13	81.29.149.178
Nov 21, 2024 23:01:02.757442951 CET	59174	10043	192.168.2.13	81.29.149.178
Nov 21, 2024 23:01:02.880542040 CET	10043	59174	81.29.149.178	192.168.2.13
Nov 21, 2024 23:01:02.880785942 CET	59174	10043	192.168.2.13	81.29.149.178
Nov 21, 2024 23:01:03.000380039 CET	10043	59174	81.29.149.178	192.168.2.13
Nov 21, 2024 23:01:03.730468988 CET	24880	58986	209.141.49.186	192.168.2.13
Nov 21, 2024 23:01:03.730691910 CET	58986	24880	192.168.2.13	209.141.49.186
Nov 21, 2024 23:01:03.851058960 CET	24880	58986	209.141.49.186	192.168.2.13
Nov 21, 2024 23:01:08.978449106 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:09.098042011 CET	17587	37824	27.102.118.110	192.168.2.13
Nov 21, 2024 23:01:09.098241091 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:09.098241091 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:09.217976093 CET	17587	37824	27.102.118.110	192.168.2.13
Nov 21, 2024 23:01:09.218143940 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:09.337845087 CET	17587	37824	27.102.118.110	192.168.2.13
Nov 21, 2024 23:01:10.985713005 CET	17587	37824	27.102.118.110	192.168.2.13
Nov 21, 2024 23:01:10.985966921 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:10.986052990 CET	37824	17587	192.168.2.13	27.102.118.110
Nov 21, 2024 23:01:16.645239115 CET	33406	3689	192.168.2.13	89.32.41.42
Nov 21, 2024 23:01:16.764940977 CET	3689	33406	89.32.41.42	192.168.2.13
Nov 21, 2024 23:01:16.765041113 CET	33406	3689	192.168.2.13	89.32.41.42
Nov 21, 2024 23:01:16.765136003 CET	33406	3689	192.168.2.13	89.32.41.42
Nov 21, 2024 23:01:16.888005972 CET	3689	33406	89.32.41.42	192.168.2.13
Nov 21, 2024 23:01:16.888158083 CET	33406	3689	192.168.2.13	89.32.41.42
Nov 21, 2024 23:01:17.007891893 CET	3689	33406	89.32.41.42	192.168.2.13
Nov 21, 2024 23:01:19.084656954 CET	3689	33406	89.32.41.42	192.168.2.13
Nov 21, 2024 23:01:19.085082054 CET	33406	3689	192.168.2.13	89.32.41.42
Nov 21, 2024 23:01:19.204706907 CET	3689	33406	89.32.41.42	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 22:59:14.883960962 CET	38561	53	192.168.2.13	152.53.15.127
Nov 21, 2024 22:59:15.041172028 CET	57325	53	192.168.2.13	152.53.15.127
Nov 21, 2024 22:59:15.126764059 CET	53	38561	152.53.15.127	192.168.2.13
Nov 21, 2024 22:59:15.130647898 CET	50322	53	192.168.2.13	109.91.184.21
Nov 21, 2024 22:59:15.280873060 CET	53	57325	152.53.15.127	192.168.2.13
Nov 21, 2024 22:59:15.282028913 CET	37346	53	192.168.2.13	109.91.184.21
Nov 21, 2024 22:59:20.136857986 CET	57879	53	192.168.2.13	168.235.111.72
Nov 21, 2024 22:59:20.287934065 CET	49205	53	192.168.2.13	168.235.111.72
Nov 21, 2024 22:59:20.446589947 CET	53	57879	168.235.111.72	192.168.2.13
Nov 21, 2024 22:59:20.608336926 CET	53	49205	168.235.111.72	192.168.2.13
Nov 21, 2024 22:59:28.122987032 CET	36439	53	192.168.2.13	51.158.108.203
Nov 21, 2024 22:59:28.363692045 CET	53	36439	51.158.108.203	192.168.2.13
Nov 21, 2024 22:59:28.366085052 CET	46736	53	192.168.2.13	185.181.61.24
Nov 21, 2024 22:59:28.623152018 CET	53	46736	185.181.61.24	192.168.2.13
Nov 21, 2024 22:59:36.034006119 CET	56721	53	192.168.2.13	185.181.61.24
Nov 21, 2024 22:59:36.297255993 CET	53	56721	185.181.61.24	192.168.2.13
Nov 21, 2024 22:59:43.380321980 CET	59327	53	192.168.2.13	152.53.15.127
Nov 21, 2024 22:59:43.623464108 CET	53	59327	152.53.15.127	192.168.2.13
Nov 21, 2024 22:59:43.624929905 CET	41236	53	192.168.2.13	152.53.15.127
Nov 21, 2024 22:59:43.868621111 CET	53	41236	152.53.15.127	192.168.2.13
Nov 21, 2024 22:59:43.870131969 CET	37865	53	192.168.2.13	81.169.136.222
Nov 21, 2024 22:59:44.113665104 CET	53	37865	81.169.136.222	192.168.2.13
Nov 21, 2024 22:59:47.749612093 CET	57411	53	192.168.2.13	51.158.108.203
Nov 21, 2024 22:59:47.998147011 CET	53	57411	51.158.108.203	192.168.2.13
Nov 21, 2024 22:59:47.999562025 CET	56157	53	192.168.2.13	185.181.61.24
Nov 21, 2024 22:59:48.261967897 CET	53	56157	185.181.61.24	192.168.2.13
Nov 21, 2024 22:59:50.686997890 CET	43161	53	192.168.2.13	51.158.108.203
Nov 21, 2024 22:59:50.937634945 CET	53	43161	51.158.108.203	192.168.2.13
Nov 21, 2024 22:59:50.939214945 CET	57075	53	192.168.2.13	185.181.61.24
Nov 21, 2024 22:59:51.199181080 CET	53	57075	185.181.61.24	192.168.2.13
Nov 21, 2024 22:59:55.289710045 CET	59333	53	192.168.2.13	185.181.61.24
Nov 21, 2024 22:59:55.547832966 CET	53	59333	185.181.61.24	192.168.2.13
Nov 21, 2024 23:00:03.078586102 CET	35519	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:03.326812983 CET	53	35519	152.53.15.127	192.168.2.13
Nov 21, 2024 23:00:03.328269005 CET	37201	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:03.572490931 CET	53	37201	152.53.15.127	192.168.2.13
Nov 21, 2024 23:00:03.574060917 CET	38305	53	192.168.2.13	81.169.136.222
Nov 21, 2024 23:00:03.819365025 CET	53	38305	81.169.136.222	192.168.2.13
Nov 21, 2024 23:00:18.305870056 CET	60807	53	192.168.2.13	168.138.12.137
Nov 21, 2024 23:00:18.714605093 CET	53	60807	168.138.12.137	192.168.2.13
Nov 21, 2024 23:00:26.096510887 CET	54002	53	192.168.2.13	185.181.61.24
Nov 21, 2024 23:00:26.354024887 CET	53	54002	185.181.61.24	192.168.2.13
Nov 21, 2024 23:00:30.827941895 CET	44417	53	192.168.2.13	51.158.108.203
Nov 21, 2024 23:00:31.067693949 CET	53	44417	51.158.108.203	192.168.2.13
Nov 21, 2024 23:00:31.070194960 CET	45880	53	192.168.2.13	185.181.61.24
Nov 21, 2024 23:00:31.327210903 CET	53	45880	185.181.61.24	192.168.2.13
Nov 21, 2024 23:00:33.327052116 CET	42997	53	192.168.2.13	194.36.144.87
Nov 21, 2024 23:00:33.573055029 CET	53	42997	194.36.144.87	192.168.2.13
Nov 21, 2024 23:00:33.574357033 CET	36265	53	192.168.2.13	194.36.144.87
Nov 21, 2024 23:00:33.814503908 CET	53	36265	194.36.144.87	192.168.2.13
Nov 21, 2024 23:00:33.815629005 CET	36412	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:34.061899900 CET	53	36412	152.53.15.127	192.168.2.13
Nov 21, 2024 23:00:34.063622952 CET	44768	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:34.311239958 CET	53	44768	152.53.15.127	192.168.2.13
Nov 21, 2024 23:00:38.737332106 CET	59452	53	192.168.2.13	168.138.12.137
Nov 21, 2024 23:00:39.348965883 CET	53	59452	168.138.12.137	192.168.2.13
Nov 21, 2024 23:00:41.268630028 CET	40683	53	192.168.2.13	168.138.12.137
Nov 21, 2024 23:00:41.669116020 CET	53	40683	168.138.12.137	192.168.2.13
Nov 21, 2024 23:00:46.752161980 CET	46028	53	192.168.2.13	185.181.61.24
Nov 21, 2024 23:00:47.012341022 CET	53	46028	185.181.61.24	192.168.2.13
Nov 21, 2024 23:00:54.110953093 CET	47939	53	192.168.2.13	194.36.144.87
Nov 21, 2024 23:00:54.359894991 CET	53	47939	194.36.144.87	192.168.2.13
Nov 21, 2024 23:00:54.361588001 CET	56964	53	192.168.2.13	194.36.144.87
Nov 21, 2024 23:00:54.604057074 CET	53	56964	194.36.144.87	192.168.2.13
Nov 21, 2024 23:00:54.605854988 CET	36280	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:54.854918957 CET	53	36280	152.53.15.127	192.168.2.13
Nov 21, 2024 23:00:54.856816053 CET	59841	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:00:55.102647066 CET	53	59841	152.53.15.127	192.168.2.13
Nov 21, 2024 23:01:02.149090052 CET	51787	53	192.168.2.13	168.138.12.137
Nov 21, 2024 23:01:02.561942101 CET	53	51787	168.138.12.137	192.168.2.13
Nov 21, 2024 23:01:08.733515978 CET	50111	53	192.168.2.13	81.169.136.222
Nov 21, 2024 23:01:08.977267981 CET	53	50111	81.169.136.222	192.168.2.13
Nov 21, 2024 23:01:15.989634037 CET	41702	53	192.168.2.13	152.53.15.127
Nov 21, 2024 23:01:16.233207941 CET	53	41702	152.53.15.127	192.168.2.13
Nov 21, 2024 23:01:16.235105038 CET	53105	53	192.168.2.13	168.138.12.137
Nov 21, 2024 23:01:16.643915892 CET	53	53105	168.138.12.137	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 21, 2024 22:59:14.883960962 CET	192.168.2.13	152.53.15.127	0xbaaf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:15.041172028 CET	192.168.2.13	152.53.15.127	0xbaaf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:15.130647898 CET	192.168.2.13	109.91.184.21	0x4583	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:15.282028913 CET	192.168.2.13	109.91.184.21	0x4583	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:20.136857986 CET	192.168.2.13	168.235.111.72	0x8b77	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:20.287934065 CET	192.168.2.13	168.235.111.72	0x8b77	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:28.122987032 CET	192.168.2.13	51.158.108.203	0x5f3c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:28.366085052 CET	192.168.2.13	185.181.61.24	0x49dd	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:36.034006119 CET	192.168.2.13	185.181.61.24	0x75cd	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:43.380321980 CET	192.168.2.13	152.53.15.127	0xf1e3	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:43.624929905 CET	192.168.2.13	152.53.15.127	0xc803	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:43.870131969 CET	192.168.2.13	81.169.136.222	0x9377	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:47.749612093 CET	192.168.2.13	51.158.108.203	0x5f3c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:47.999562025 CET	192.168.2.13	185.181.61.24	0x49dd	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:50.686997890 CET	192.168.2.13	51.158.108.203	0xc74e	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:50.939214945 CET	192.168.2.13	185.181.61.24	0x868b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 22:59:55.289710045 CET	192.168.2.13	185.181.61.24	0x75cd	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:03.078586102 CET	192.168.2.13	152.53.15.127	0xf1e3	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:03.328269005 CET	192.168.2.13	152.53.15.127	0xc803	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:03.574060917 CET	192.168.2.13	81.169.136.222	0x9377	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:18.305870056 CET	192.168.2.13	168.138.12.137	0xb495	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:26.096510887 CET	192.168.2.13	185.181.61.24	0xe191	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:30.827941895 CET	192.168.2.13	51.158.108.203	0xc74e	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:31.070194960 CET	192.168.2.13	185.181.61.24	0x868b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:33.327052116 CET	192.168.2.13	194.36.144.87	0x9239	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:33.574357033 CET	192.168.2.13	194.36.144.87	0x292d	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:33.815629005 CET	192.168.2.13	152.53.15.127	0xc3df	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:34.063622952 CET	192.168.2.13	152.53.15.127	0x610a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:38.737332106 CET	192.168.2.13	168.138.12.137	0xb495	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:41.268630028 CET	192.168.2.13	168.138.12.137	0x677c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:46.752161980 CET	192.168.2.13	185.181.61.24	0xe191	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:54.110953093 CET	192.168.2.13	194.36.144.87	0x9239	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:54.361588001 CET	192.168.2.13	194.36.144.87	0x292d	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:54.605854988 CET	192.168.2.13	152.53.15.127	0xc3df	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:00:54.856816053 CET	192.168.2.13	152.53.15.127	0x610a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:01:02.149090052 CET	192.168.2.13	168.138.12.137	0x677c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:01:08.733515978 CET	192.168.2.13	81.169.136.222	0xb45b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:01:15.989634037 CET	192.168.2.13	152.53.15.127	0xaa6c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Nov 21, 2024 23:01:16.235105038 CET	192.168.2.13	168.138.12.137	0x4de5	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: hmips.elf PID: 5430, Parent PID: 5354

General

Start time (UTC):	21:59:14
Start date (UTC):	21/11/2024
Path:	/tmp/hmips.elf
Arguments:	/tmp/hmips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: hmips.elf PID: 5432, Parent PID: 5430

General

Start time (UTC):	21:59:14
Start date (UTC):	21/11/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: hmips.elf PID: 5476, Parent PID: 5432

General

Start time (UTC):	21:59:14
Start date (UTC):	21/11/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: hmips.elf PID: 5433, Parent PID: 5430

General

Start time (UTC):	21:59:14
Start date (UTC):	21/11/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report hmips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

System Behavior

Analysis Process: hmips.elf PID: 5430, Parent PID: 5354

General

Chronological Activities

Analysis Process: hmips.elf PID: 5432, Parent PID: 5430

General

Chronological Activities

Analysis Process: hmips.elf PID: 5476, Parent PID: 5432

General

Chronological Activities

Analysis Process: hmips.elf PID: 5433, Parent PID: 5430

General

Chronological Activities

Linux Analysis Report
hmips.elf