Edit tour

Linux Analysis Report
bin.x86_64.elf

Overview

General Information

Sample name:	bin.x86_64.elf
Analysis ID:	1566211
MD5:	b272df9d4e9ffa7261c24087666f253c
SHA1:	1ca18ea438336e210288ad46de5e6f8d4cdd9380
SHA256:	65a4e8fa29613bd400182d6ada5a3034ed1e4f6806f7f57b0e4abfe85ff65a62
Tags:	elfx86_64user-persistny
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1566211
Start date and time:	2024-12-01 18:02:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	bin.x86_64.elf
Detection:	MAL
Classification:	mal76.troj.linELF@0/0@150/0

Warnings

VT rate limit hit for: bin.x86_64.elf

Runtime Messages

Command:	/tmp/bin.x86_64.elf
PID:	6216
Exit Code:
Exit Code Info:
Killed:	True
Standard Output:
Standard Error:	Error during handshake: Bad address Error during handshake: Bad address Error during handshake: Bad address Error during handshake: Bad address Error during handshake: Bad address

Process Tree

system is lnxubuntu20

bin.x86_64.elf (PID: 6216, Parent: 6136, MD5: b272df9d4e9ffa7261c24087666f253c) Arguments: /tmp/bin.x86_64.elf

bin.x86_64.elf New Fork (PID: 6217, Parent: 6216)

bin.x86_64.elf New Fork (PID: 6218, Parent: 6217)

bin.x86_64.elf New Fork (PID: 6219, Parent: 6217)

bin.x86_64.elf New Fork (PID: 6220, Parent: 6217)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
bin.x86_64.elf	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
bin.x86_64.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xe34c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
bin.x86_64.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xeb47:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
bin.x86_64.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xa58e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x10a8c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
bin.x86_64.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x11b82:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
bin.x86_64.elf	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x15eea:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
bin.x86_64.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xe707:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
bin.x86_64.elf	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x11d3e:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
bin.x86_64.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xe9d2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
bin.x86_64.elf	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x11f37:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6216.1.0000000000400000.000000000041b000.r-x.sdmp	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xe34c:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xeb47:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0xa58e:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0x10a8c:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x11b82:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x15eea:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xe707:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x11d3e:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xe9d2:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
6216.1.0000000000400000.000000000041b000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x11f37:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
Process Memory Space: bin.x86_64.elf PID: 6216	JoeSecurity_Mirai_3	Yara detected Mirai	Joe Security
Click to see the 6 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Persistence and Installation Behavior
• Stealing of Sensitive Information
• Remote Access Functionality

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: bin.x86_64.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: bin.x86_64.elf

ReversingLabs: Detection: 39%

Machine Learning detection for sample

Source: bin.x86_64.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.23:42050 -> 62.204.41.39:51515

Source: /tmp/bin.x86_64.elf (PID: 6218)

Socket: 127.0.0.1:45832

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.39

Source: global traffic

DNS traffic detected: DNS query: ggggssss.top

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: bin.x86_64.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16

Source: classification engine

Classification label: mal76.troj.linELF@0/0@150/0

Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1582/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1582/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/3088/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/230/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/230/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/230/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/110/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/110/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/231/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/231/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1579/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1579/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/232/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/232/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/232/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/111/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/111/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/112/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/112/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/233/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/233/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1699/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1699/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/113/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/113/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/234/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/234/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/234/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1335/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1698/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1698/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/114/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/114/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/235/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/235/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1334/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1576/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1576/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/2302/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/115/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/115/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/236/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/236/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/236/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/116/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/116/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/237/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/237/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/237/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/117/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/117/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/118/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/118/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/910/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/119/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/119/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/912/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/912/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/2307/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/2307/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/918/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/918/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1594/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/1594/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/120/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/120/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/121/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/121/stat	Jump to behavior
Source: /tmp/bin.x86_64.elf (PID: 6219)	File opened: /proc/121/cmdline	Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: bin.x86_64.elf, type: SAMPLE
Source: Yara match	File source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bin.x86_64.elf PID: 6216, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: bin.x86_64.elf, type: SAMPLE
Source: Yara match	File source: 6216.1.0000000000400000.000000000041b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bin.x86_64.elf PID: 6216, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
bin.x86_64.elf	39%	ReversingLabs	Linux.Trojan.DDOSAgent
bin.x86_64.elf	100%	Avira	ANDROID/AVE.Mirai.axzdv
bin.x86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ggggssss.top	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
62.204.41.39	unknown	United Kingdom	30798	TNNET-ASTNNetOyMainnetworkFI	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	tftp.elf	Get hash	malicious	Unknown	Browse
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	sora.arm7.elf	Get hash	malicious	Mirai	Browse
	botnet.arm7.elf	Get hash	malicious	Unknown	Browse
	snype.x86.elf	Get hash	malicious	Gafgyt	Browse
	snype.ppc.elf	Get hash	malicious	Gafgyt	Browse
	Mozi.m.elf	Get hash	malicious	Unknown	Browse
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse
91.189.91.42	tftp.elf	Get hash	malicious	Unknown	Browse
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse
	sora.arm7.elf	Get hash	malicious	Mirai	Browse
	botnet.arm7.elf	Get hash	malicious	Unknown	Browse
	snype.x86.elf	Get hash	malicious	Gafgyt	Browse
	snype.ppc.elf	Get hash	malicious	Gafgyt	Browse
	Mozi.m.elf	Get hash	malicious	Unknown	Browse
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse
62.204.41.39	SecuriteInfo.com.Linux.Siggen.9999.26913.14039.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.ELF.DDOSAgent-CF.6640.9775.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Siggen.9999.30839.3607.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.Siggen.9999.27898.12809.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.Siggen.9999.13922.19011.elf	Get hash	malicious	Mirai	Browse
	7ODDqZUCU5.elf	Get hash	malicious	Unknown	Browse
	O5LMElp7DY.elf	Get hash	malicious	Unknown	Browse
	2Ha9uPMBcB.elf	Get hash	malicious	Mirai	Browse
	PKn8EJ3HNe.elf	Get hash	malicious	Mirai	Browse
	6Y0Ijibc43.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	tftp.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	botnet.arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	snype.x86.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	snype.ppc.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	tftp.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	botnet.arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	snype.x86.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	snype.ppc.elf	Get hash	malicious	Gafgyt	Browse	91.189.91.42
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
INIT7CH	tftp.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	m68k.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	botnet.arm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	snype.x86.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	snype.ppc.elf	Get hash	malicious	Gafgyt	Browse	109.202.202.202
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
TNNET-ASTNNetOyMainnetworkFI	qlI3ReINCV.exe	Get hash	malicious	Stealc, Vidar	Browse	62.204.41.163
	owari.arm7.elf	Get hash	malicious	Mirai	Browse	217.112.243.136
	f924c9b8bd3c314ff74ca22b419f1c73c419eb5f3f1fe.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	XOr3Kqyo9n.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	902c290e38203750885b4e32212b22b38b76535f9c694.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	0r9PL33C8E.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	diFAJuvag5.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	Pw2KHOL9Z8.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	713f2eb7941060df0e5c971c3d922ad00f10ee7b4f01e.exe	Get hash	malicious	Stealc	Browse	62.204.41.163
	Tg3sk2wywR.exe	Get hash	malicious	Stealc	Browse	62.204.41.163

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.360889532792225
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	bin.x86_64.elf
File size:	149'280 bytes
MD5:	b272df9d4e9ffa7261c24087666f253c
SHA1:	1ca18ea438336e210288ad46de5e6f8d4cdd9380
SHA256:	65a4e8fa29613bd400182d6ada5a3034ed1e4f6806f7f57b0e4abfe85ff65a62
SHA512:	ce88a8abaa084dee4663bcd37a8cd289e40e527f52f79055e90e2b0c76bb9c69eab956b1ec6dac14e96a2f1d4eeb33f4c1cb3adaa0ebc0db6a87340b3e889a7b
SSDEEP:	3072:JXPF5HEc2mfkVDt+Cg1v3FBy9ljHf1ST2I+wlWJ:NPTH92kTvFCLIq
TLSH:	C8E318077AC18EFFC497D1F04BEA96369931F82D1A34B25B6794FDA10B0DDE02A5D620
File Content Preview:	.ELF..............>.......@.....@........C..........@.8...@.......................@.......@.....(.......(.......................(.......(.Q.....(.Q.....@.......................Q.td....................................................H...._.....i..H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	148448
Section Header Size:	64
Number of Section Headers:	13
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0x16936	0x0	0x6	AX	16
.fini	PROGBITS	0x416a36	0x16a36	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x416a60	0x16a60	0x35c3	0x0	0x2	A	32
.eh_frame	PROGBITS	0x41a024	0x1a024	0x4	0x0	0x2	A	4
.ctors	PROGBITS	0x51a028	0x1a028	0x18	0x0	0x3	WA	8
.dtors	PROGBITS	0x51a040	0x1a040	0x10	0x0	0x3	WA	8
.jcr	PROGBITS	0x51a050	0x1a050	0x8	0x0	0x3	WA	8
.data	PROGBITS	0x51a060	0x1a060	0x9008	0x0	0x3	WA	32
.bss	NOBITS	0x523080	0x23068	0x880b0	0x0	0x3	WA	32
.comment	PROGBITS	0x0	0x23068	0x1320	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x24388	0x56	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1a028	0x1a028	6.4406	0x5	R E	0x100000	.init .text .fini .rodata .eh_frame
LOAD	0x1a028	0x51a028	0x51a028	0x9040	0x91108	0.2587	0x6	RW	0x100000	.ctors .dtors .jcr .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 308
• 51515 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2024 18:02:46.951040983 CET	43928	443	192.168.2.23	91.189.91.42
Dec 1, 2024 18:02:46.968148947 CET	42050	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:47.095320940 CET	51515	42050	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:47.095410109 CET	42050	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:47.597847939 CET	42050	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:47.721797943 CET	51515	42050	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:49.462527990 CET	51515	42050	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:49.462713003 CET	42050	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:49.974544048 CET	42050	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:50.095406055 CET	51515	42050	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:52.582401037 CET	42836	443	192.168.2.23	91.189.91.43
Dec 1, 2024 18:02:54.118056059 CET	42516	80	192.168.2.23	109.202.202.202
Dec 1, 2024 18:02:55.694245100 CET	42052	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:55.819628954 CET	51515	42052	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:55.819719076 CET	42052	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:56.320868969 CET	42052	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:56.448178053 CET	51515	42052	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:58.195916891 CET	51515	42052	62.204.41.39	192.168.2.23
Dec 1, 2024 18:02:58.197432995 CET	42052	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:58.702483892 CET	42052	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:02:58.825004101 CET	51515	42052	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:04.440155029 CET	42054	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:04.566953897 CET	51515	42054	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:04.567034006 CET	42054	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:05.068141937 CET	42054	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:05.188146114 CET	51515	42054	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:06.914843082 CET	51515	42054	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:06.916193008 CET	42054	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:07.420958042 CET	42054	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:07.428133965 CET	43928	443	192.168.2.23	91.189.91.42
Dec 1, 2024 18:03:07.541327953 CET	51515	42054	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:13.148694992 CET	42056	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:13.269025087 CET	51515	42056	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:13.269079924 CET	42056	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:13.770492077 CET	42056	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:13.890439034 CET	51515	42056	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:15.620115042 CET	51515	42056	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:15.622960091 CET	42056	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:16.125601053 CET	42056	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:16.252307892 CET	51515	42056	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:19.714456081 CET	42836	443	192.168.2.23	91.189.91.43
Dec 1, 2024 18:03:21.847618103 CET	42058	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:21.971777916 CET	51515	42058	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:21.971857071 CET	42058	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:22.473581076 CET	42058	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:22.598901987 CET	51515	42058	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:23.813903093 CET	42516	80	192.168.2.23	109.202.202.202
Dec 1, 2024 18:03:24.313128948 CET	51515	42058	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:24.313728094 CET	42058	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:24.819298029 CET	42058	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:24.946166039 CET	51515	42058	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:30.541713953 CET	42060	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:30.665618896 CET	51515	42060	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:30.665728092 CET	42060	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:31.167455912 CET	42060	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:31.287854910 CET	51515	42060	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:33.009028912 CET	51515	42060	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:33.016496897 CET	42060	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:33.516788006 CET	42060	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:33.643809080 CET	51515	42060	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:39.232273102 CET	42062	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:39.355689049 CET	51515	42062	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:39.355792999 CET	42062	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:39.856890917 CET	42062	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:39.978836060 CET	51515	42062	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:41.727787018 CET	51515	42062	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:41.731262922 CET	42062	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:42.234775066 CET	42062	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:42.355109930 CET	51515	42062	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:47.950726986 CET	42064	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:48.077543020 CET	51515	42064	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:48.077681065 CET	42064	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:48.382364988 CET	43928	443	192.168.2.23	91.189.91.42
Dec 1, 2024 18:03:48.579511881 CET	42064	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:48.703587055 CET	51515	42064	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:50.391575098 CET	51515	42064	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:50.394057989 CET	42064	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:50.898751974 CET	42064	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:51.022252083 CET	51515	42064	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:56.616380930 CET	42066	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:56.742650986 CET	51515	42066	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:56.742852926 CET	42066	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:57.244638920 CET	42066	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:57.371295929 CET	51515	42066	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:59.078129053 CET	51515	42066	62.204.41.39	192.168.2.23
Dec 1, 2024 18:03:59.080809116 CET	42066	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:59.585369110 CET	42066	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:03:59.705363989 CET	51515	42066	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:05.302207947 CET	42068	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:05.428479910 CET	51515	42068	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:05.428662062 CET	42068	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:05.930238962 CET	42068	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:06.051781893 CET	51515	42068	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:07.718230009 CET	51515	42068	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:07.719571114 CET	42068	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:08.224723101 CET	42068	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:08.351623058 CET	51515	42068	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:13.947031021 CET	42070	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:14.067050934 CET	51515	42070	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:14.067190886 CET	42070	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:14.568372011 CET	42070	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:14.688471079 CET	51515	42070	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:16.422473907 CET	51515	42070	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:16.426327944 CET	42070	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:16.927767992 CET	42070	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:17.051242113 CET	51515	42070	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:22.644800901 CET	42072	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:22.769195080 CET	51515	42072	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:22.769403934 CET	42072	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:23.270834923 CET	42072	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:23.397886992 CET	51515	42072	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:25.134818077 CET	51515	42072	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:25.137135029 CET	42072	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:25.642658949 CET	42072	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:25.766457081 CET	51515	42072	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:31.383348942 CET	42074	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:31.503942966 CET	51515	42074	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:31.504111052 CET	42074	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:32.005542040 CET	42074	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:32.127815962 CET	51515	42074	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:33.868484974 CET	51515	42074	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:33.871881962 CET	42074	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:34.375737906 CET	42074	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:34.502691984 CET	51515	42074	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:40.093327999 CET	42076	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:40.220304966 CET	51515	42076	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:40.220489025 CET	42076	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:40.721946955 CET	42076	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:40.848953962 CET	51515	42076	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:42.578753948 CET	51515	42076	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:42.582648993 CET	42076	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:43.086112976 CET	42076	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:43.211781025 CET	51515	42076	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:48.804711103 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:48.931606054 CET	51515	42078	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:48.931869030 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:49.433383942 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:49.560342073 CET	51515	42078	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:51.306603909 CET	51515	42078	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:51.309391022 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:51.707245111 CET	51515	42078	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:51.707437038 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:51.812690020 CET	42078	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:51.932719946 CET	51515	42078	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:57.531074047 CET	42080	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:57.651978016 CET	51515	42080	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:57.652273893 CET	42080	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:58.153912067 CET	42080	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:04:58.274657965 CET	51515	42080	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:59.980087996 CET	51515	42080	62.204.41.39	192.168.2.23
Dec 1, 2024 18:04:59.984160900 CET	42080	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:00.488584042 CET	42080	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:00.615448952 CET	51515	42080	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:06.212935925 CET	42082	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:06.339910984 CET	51515	42082	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:06.340037107 CET	42082	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:06.841320992 CET	42082	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:06.968358040 CET	51515	42082	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:08.680605888 CET	51515	42082	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:08.682955027 CET	42082	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:09.184372902 CET	42082	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:09.304425001 CET	51515	42082	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:14.910926104 CET	42084	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:15.037853956 CET	51515	42084	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:15.037957907 CET	42084	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:15.539344072 CET	42084	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:15.659791946 CET	51515	42084	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:17.371064901 CET	51515	42084	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:17.373693943 CET	42084	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:17.874032021 CET	42084	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:17.997071981 CET	51515	42084	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:23.604234934 CET	42086	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:23.730474949 CET	51515	42086	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:23.730827093 CET	42086	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:24.232139111 CET	42086	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:24.352431059 CET	51515	42086	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:26.056641102 CET	51515	42086	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:26.064464092 CET	42086	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:26.560045958 CET	42086	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:26.680026054 CET	51515	42086	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:32.280843973 CET	42088	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:32.400932074 CET	51515	42088	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:32.401149988 CET	42088	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:32.902563095 CET	42088	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:33.022639036 CET	51515	42088	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:34.729827881 CET	51515	42088	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:34.731230974 CET	42088	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:35.231898069 CET	42088	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:35.353662968 CET	51515	42088	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:40.948398113 CET	42090	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:41.068435907 CET	51515	42090	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:41.068592072 CET	42090	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:41.570069075 CET	42090	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:41.693042994 CET	51515	42090	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:43.401676893 CET	51515	42090	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:43.402026892 CET	42090	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:43.904182911 CET	42090	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:44.029305935 CET	51515	42090	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:49.617952108 CET	42092	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:49.744895935 CET	51515	42092	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:49.745090008 CET	42092	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:50.246359110 CET	42092	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:50.373316050 CET	51515	42092	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:52.033231020 CET	51515	42092	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:52.040785074 CET	42092	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:52.535550117 CET	42092	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:52.658107042 CET	51515	42092	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:58.246592999 CET	42094	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:58.373435020 CET	51515	42094	62.204.41.39	192.168.2.23
Dec 1, 2024 18:05:58.373557091 CET	42094	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:58.875005007 CET	42094	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:05:59.001873970 CET	51515	42094	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:00.705301046 CET	51515	42094	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:00.707576036 CET	42094	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:01.208722115 CET	42094	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:01.328808069 CET	51515	42094	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:06.920881987 CET	42096	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:07.047801971 CET	51515	42096	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:07.048001051 CET	42096	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:07.549633980 CET	42096	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:07.675174952 CET	51515	42096	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:09.386415958 CET	51515	42096	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:09.394341946 CET	42096	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:09.889101028 CET	42096	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:10.015960932 CET	51515	42096	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:15.603879929 CET	42098	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:15.730686903 CET	51515	42098	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:15.730953932 CET	42098	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:16.232363939 CET	42098	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:16.359246016 CET	51515	42098	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:18.105449915 CET	51515	42098	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:18.109114885 CET	42098	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:18.608223915 CET	42098	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:18.734709978 CET	51515	42098	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:24.318119049 CET	42100	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:24.444508076 CET	51515	42100	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:24.444650888 CET	42100	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:24.946583033 CET	42100	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:25.066973925 CET	51515	42100	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:26.783538103 CET	51515	42100	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:26.783894062 CET	42100	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:27.286710024 CET	42100	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:27.408571959 CET	51515	42100	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:33.354227066 CET	42102	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:33.481133938 CET	51515	42102	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:33.481214046 CET	42102	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:33.983076096 CET	42102	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:34.109802961 CET	51515	42102	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:35.769371033 CET	51515	42102	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:35.770602942 CET	42102	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:36.272201061 CET	42102	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:36.398737907 CET	51515	42102	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:41.989362001 CET	42104	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:42.109570026 CET	51515	42104	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:42.109685898 CET	42104	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:42.610975981 CET	42104	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:42.736865044 CET	51515	42104	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:44.448510885 CET	51515	42104	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:44.449371099 CET	42104	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:44.951147079 CET	42104	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:45.078051090 CET	51515	42104	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:50.660651922 CET	42106	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:50.780858994 CET	51515	42106	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:50.780953884 CET	42106	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:51.282490969 CET	42106	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:51.409374952 CET	51515	42106	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:53.081248045 CET	51515	42106	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:53.084193945 CET	42106	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:53.584466934 CET	42106	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:53.711307049 CET	51515	42106	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:59.297384977 CET	42108	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:59.424171925 CET	51515	42108	62.204.41.39	192.168.2.23
Dec 1, 2024 18:06:59.424271107 CET	42108	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:06:59.925473928 CET	42108	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:07:00.052387953 CET	51515	42108	62.204.41.39	192.168.2.23
Dec 1, 2024 18:07:01.746828079 CET	51515	42108	62.204.41.39	192.168.2.23
Dec 1, 2024 18:07:01.750931025 CET	42108	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:07:02.249389887 CET	42108	51515	192.168.2.23	62.204.41.39
Dec 1, 2024 18:07:02.371011019 CET	51515	42108	62.204.41.39	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2024 18:02:45.783152103 CET	48758	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:46.386215925 CET	53	48758	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:46.388107061 CET	43958	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:46.533185005 CET	53	43958	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:46.534859896 CET	42541	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:46.678702116 CET	53	42541	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:46.680757999 CET	43697	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:46.824739933 CET	53	43697	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:46.826633930 CET	47199	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:46.967315912 CET	53	47199	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:54.975349903 CET	60207	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:55.120943069 CET	53	60207	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:55.121685028 CET	34430	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:55.273705006 CET	53	34430	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:55.274483919 CET	45947	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:55.411815882 CET	53	45947	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:55.412595987 CET	55532	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:55.554127932 CET	53	55532	1.1.1.1	192.168.2.23
Dec 1, 2024 18:02:55.554873943 CET	34541	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:02:55.693893909 CET	53	34541	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:03.703207016 CET	36969	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:03.853781939 CET	53	36969	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:03.854662895 CET	58274	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:03.999206066 CET	53	58274	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:04.000025034 CET	35681	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:04.145735025 CET	53	35681	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:04.146507025 CET	56399	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:04.291688919 CET	53	56399	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:04.292591095 CET	56311	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:04.439760923 CET	53	56311	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:12.421845913 CET	58338	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:12.573175907 CET	53	58338	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:12.574155092 CET	41064	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:12.712086916 CET	53	41064	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:12.712822914 CET	40870	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:12.856635094 CET	53	40870	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:12.857386112 CET	42480	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:13.004506111 CET	53	42480	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:13.005188942 CET	53121	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:13.148324966 CET	53	53121	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:21.127257109 CET	58616	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:21.269721985 CET	53	58616	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:21.270721912 CET	60131	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:21.410305977 CET	53	60131	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:21.411587954 CET	60555	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:21.552480936 CET	53	60555	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:21.553592920 CET	60448	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:21.701416969 CET	53	60448	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:21.702589035 CET	46804	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:21.846932888 CET	53	46804	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:29.820713043 CET	42803	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:29.958533049 CET	53	42803	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:29.959476948 CET	35427	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:30.100405931 CET	53	35427	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:30.101763010 CET	59042	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:30.246577024 CET	53	59042	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:30.247550011 CET	38896	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:30.399456024 CET	53	38896	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:30.400548935 CET	51021	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:30.540994883 CET	53	51021	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:38.518079996 CET	60582	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:38.658205032 CET	53	60582	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:38.658911943 CET	42104	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:38.801491976 CET	53	42104	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:38.802687883 CET	47158	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:38.943236113 CET	53	47158	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:38.944098949 CET	53431	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:39.085625887 CET	53	53431	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:39.086833000 CET	54247	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:39.231561899 CET	53	54247	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:47.236227989 CET	57142	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:47.378675938 CET	53	57142	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:47.379728079 CET	42074	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:47.524853945 CET	53	42074	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:47.525849104 CET	42603	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:47.665277004 CET	53	42603	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:47.666424036 CET	38733	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:47.804397106 CET	53	38733	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:47.805588961 CET	58702	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:47.950144053 CET	53	58702	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:55.900110006 CET	60174	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:56.044703007 CET	53	60174	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:56.045778036 CET	46115	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:56.185049057 CET	53	46115	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:56.186191082 CET	57995	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:56.325198889 CET	53	57995	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:56.326085091 CET	53898	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:56.470161915 CET	53	53898	1.1.1.1	192.168.2.23
Dec 1, 2024 18:03:56.471432924 CET	36484	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:03:56.615683079 CET	53	36484	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:04.586359978 CET	51814	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:04.728854895 CET	53	51814	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:04.729973078 CET	36500	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:04.875154972 CET	53	36500	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:04.876224041 CET	33479	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:05.021946907 CET	53	33479	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:05.022895098 CET	55071	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:05.160900116 CET	53	55071	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:05.161801100 CET	54768	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:05.301246881 CET	53	54768	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:13.226161957 CET	35484	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:13.370801926 CET	53	35484	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:13.371908903 CET	43621	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:13.514635086 CET	53	43621	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:13.515624046 CET	53001	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:13.659228086 CET	53	53001	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:13.660500050 CET	60337	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:13.806219101 CET	53	60337	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:13.807101011 CET	57093	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:13.946145058 CET	53	57093	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:21.929157972 CET	44802	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:22.072760105 CET	53	44802	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:22.074053049 CET	41276	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:22.211750031 CET	53	41276	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:22.212879896 CET	52323	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:22.357203960 CET	53	52323	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:22.358294964 CET	42752	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:22.499555111 CET	53	42752	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:22.500461102 CET	57273	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:22.644206047 CET	53	57273	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:30.644045115 CET	41332	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:30.788450003 CET	53	41332	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:30.789947033 CET	50306	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:30.931430101 CET	53	50306	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:30.932876110 CET	45846	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:31.074639082 CET	53	45846	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:31.076034069 CET	39915	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:31.232855082 CET	53	39915	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:31.233761072 CET	59113	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:31.382622004 CET	53	59113	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:39.376482964 CET	52178	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:39.521914005 CET	53	52178	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:39.522869110 CET	56441	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:39.667186975 CET	53	56441	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:39.668138027 CET	43677	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:39.805810928 CET	53	43677	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:39.806574106 CET	42247	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:39.946832895 CET	53	42247	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:39.948088884 CET	51117	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:40.092776060 CET	53	51117	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:48.086910963 CET	34078	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:48.232881069 CET	53	34078	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:48.233990908 CET	59127	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:48.378582001 CET	53	59127	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:48.379924059 CET	33698	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:48.525119066 CET	53	33698	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:48.526417017 CET	52428	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:48.664308071 CET	53	52428	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:48.665182114 CET	53922	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:48.803881884 CET	53	53922	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:56.815807104 CET	40898	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:56.955641985 CET	53	40898	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:56.956645012 CET	45399	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:57.099097967 CET	53	45399	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:57.100117922 CET	44677	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:57.244775057 CET	53	44677	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:57.245958090 CET	50272	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:57.391423941 CET	53	50272	1.1.1.1	192.168.2.23
Dec 1, 2024 18:04:57.392787933 CET	58006	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:04:57.530337095 CET	53	58006	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:05.489918947 CET	38523	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:05.634237051 CET	53	38523	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:05.634948015 CET	52786	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:05.781956911 CET	53	52786	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:05.783010006 CET	35389	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:05.925726891 CET	53	35389	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:05.926909924 CET	34121	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:06.064388990 CET	53	34121	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:06.065445900 CET	59749	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:06.212327957 CET	53	59749	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:14.185218096 CET	59729	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:14.329557896 CET	53	59729	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:14.330987930 CET	38658	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:14.474129915 CET	53	38658	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:14.475471020 CET	53086	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:14.617094040 CET	53	53086	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:14.618401051 CET	48357	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:14.762624979 CET	53	48357	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:14.764085054 CET	58361	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:14.909893036 CET	53	58361	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:22.874803066 CET	35723	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:23.019243956 CET	53	35723	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:23.020128965 CET	60698	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:23.164516926 CET	53	60698	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:23.165817022 CET	55191	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:23.313167095 CET	53	55191	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:23.314474106 CET	40231	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:23.458977938 CET	53	40231	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:23.459866047 CET	49249	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:23.603596926 CET	53	49249	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:31.560856104 CET	32835	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:31.703959942 CET	53	32835	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:31.705512047 CET	57816	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:31.847376108 CET	53	57816	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:31.850375891 CET	43324	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:31.991887093 CET	53	43324	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:31.994422913 CET	40100	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:32.139203072 CET	53	40100	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:32.140070915 CET	34913	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:32.280108929 CET	53	34913	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:40.232546091 CET	44436	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:40.369939089 CET	53	44436	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:40.371150017 CET	58644	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:40.509294033 CET	53	58644	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:40.510448933 CET	35656	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:40.653325081 CET	53	35656	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:40.654611111 CET	35243	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:40.799235106 CET	53	35243	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:40.800534964 CET	42115	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:40.947714090 CET	53	42115	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:48.905584097 CET	47692	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:49.052021027 CET	53	47692	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:49.053059101 CET	49336	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:49.193679094 CET	53	49336	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:49.194689989 CET	36757	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:49.332340002 CET	53	36757	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:49.333537102 CET	49671	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:49.471117020 CET	53	49671	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:49.472201109 CET	54457	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:49.617295027 CET	53	54457	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:57.536811113 CET	60369	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:57.676687956 CET	53	60369	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:57.677651882 CET	37972	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:57.814766884 CET	53	37972	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:57.815778017 CET	60422	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:57.956419945 CET	53	60422	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:57.957192898 CET	60838	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:58.100948095 CET	53	60838	1.1.1.1	192.168.2.23
Dec 1, 2024 18:05:58.101758003 CET	45937	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:05:58.245976925 CET	53	45937	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:06.210282087 CET	60009	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:06.350111961 CET	53	60009	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:06.351392031 CET	54870	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:06.495815039 CET	53	54870	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:06.496758938 CET	41266	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:06.642227888 CET	53	41266	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:06.643323898 CET	50610	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:06.781017065 CET	53	50610	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:06.782290936 CET	38753	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:06.920090914 CET	53	38753	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:14.890065908 CET	54273	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:15.034953117 CET	53	54273	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:15.036017895 CET	59103	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:15.178977966 CET	53	59103	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:15.180047989 CET	55290	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:15.318686008 CET	53	55290	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:15.319892883 CET	46446	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:15.457575083 CET	53	46446	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:15.458441973 CET	36242	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:15.603348017 CET	53	36242	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:23.609281063 CET	49101	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:23.753216982 CET	53	49101	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:23.754725933 CET	44710	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:23.893135071 CET	53	44710	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:23.894476891 CET	54883	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:24.033776045 CET	53	54883	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:24.035228014 CET	46178	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:24.173270941 CET	53	46178	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:24.174774885 CET	57119	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:24.317151070 CET	53	57119	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:32.288150072 CET	58783	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:32.781753063 CET	53	58783	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:32.783065081 CET	36442	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:32.923217058 CET	53	36442	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:32.924263954 CET	47507	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:33.064996004 CET	53	47507	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:33.065962076 CET	42522	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:33.207998037 CET	53	42522	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:33.208982944 CET	34376	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:33.353688955 CET	53	34376	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:41.273195028 CET	44556	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:41.419159889 CET	53	44556	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:41.420222044 CET	33108	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:41.560966015 CET	53	33108	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:41.562000990 CET	60990	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:41.699412107 CET	53	60990	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:41.700402975 CET	47349	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:41.844482899 CET	53	47349	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:41.845540047 CET	35820	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:41.988857031 CET	53	35820	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:49.952665091 CET	43270	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:50.090162039 CET	53	43270	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:50.091348886 CET	59169	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:50.228568077 CET	53	59169	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:50.229675055 CET	34620	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:50.369117022 CET	53	34620	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:50.370027065 CET	39471	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:50.514338017 CET	53	39471	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:50.515289068 CET	39126	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:50.660082102 CET	53	39126	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:58.585319996 CET	58992	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:58.729743004 CET	53	58992	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:58.731029987 CET	36307	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:58.874161959 CET	53	36307	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:58.875010014 CET	53101	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:59.012891054 CET	53	53101	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:59.013756990 CET	58065	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:59.151192904 CET	53	58065	1.1.1.1	192.168.2.23
Dec 1, 2024 18:06:59.152426004 CET	55074	53	192.168.2.23	1.1.1.1
Dec 1, 2024 18:06:59.296848059 CET	53	55074	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 1, 2024 18:02:45.783152103 CET	192.168.2.23	1.1.1.1	0x57d9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:46.388107061 CET	192.168.2.23	1.1.1.1	0x57d9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:46.534859896 CET	192.168.2.23	1.1.1.1	0x57d9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:46.680757999 CET	192.168.2.23	1.1.1.1	0x57d9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:46.826633930 CET	192.168.2.23	1.1.1.1	0x57d9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:54.975349903 CET	192.168.2.23	1.1.1.1	0xf980	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:55.121685028 CET	192.168.2.23	1.1.1.1	0xf980	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:55.274483919 CET	192.168.2.23	1.1.1.1	0xf980	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:55.412595987 CET	192.168.2.23	1.1.1.1	0xf980	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:02:55.554873943 CET	192.168.2.23	1.1.1.1	0xf980	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:03.703207016 CET	192.168.2.23	1.1.1.1	0x678f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:03.854662895 CET	192.168.2.23	1.1.1.1	0x678f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:04.000025034 CET	192.168.2.23	1.1.1.1	0x678f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:04.146507025 CET	192.168.2.23	1.1.1.1	0x678f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:04.292591095 CET	192.168.2.23	1.1.1.1	0x678f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:12.421845913 CET	192.168.2.23	1.1.1.1	0xa59f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:12.574155092 CET	192.168.2.23	1.1.1.1	0xa59f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:12.712822914 CET	192.168.2.23	1.1.1.1	0xa59f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:12.857386112 CET	192.168.2.23	1.1.1.1	0xa59f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:13.005188942 CET	192.168.2.23	1.1.1.1	0xa59f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:21.127257109 CET	192.168.2.23	1.1.1.1	0xd08d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:21.270721912 CET	192.168.2.23	1.1.1.1	0xd08d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:21.411587954 CET	192.168.2.23	1.1.1.1	0xd08d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:21.553592920 CET	192.168.2.23	1.1.1.1	0xd08d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:21.702589035 CET	192.168.2.23	1.1.1.1	0xd08d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:29.820713043 CET	192.168.2.23	1.1.1.1	0x81e9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:29.959476948 CET	192.168.2.23	1.1.1.1	0x81e9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:30.101763010 CET	192.168.2.23	1.1.1.1	0x81e9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:30.247550011 CET	192.168.2.23	1.1.1.1	0x81e9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:30.400548935 CET	192.168.2.23	1.1.1.1	0x81e9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:38.518079996 CET	192.168.2.23	1.1.1.1	0x12c9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:38.658911943 CET	192.168.2.23	1.1.1.1	0x12c9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:38.802687883 CET	192.168.2.23	1.1.1.1	0x12c9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:38.944098949 CET	192.168.2.23	1.1.1.1	0x12c9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:39.086833000 CET	192.168.2.23	1.1.1.1	0x12c9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:47.236227989 CET	192.168.2.23	1.1.1.1	0x3456	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:47.379728079 CET	192.168.2.23	1.1.1.1	0x3456	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:47.525849104 CET	192.168.2.23	1.1.1.1	0x3456	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:47.666424036 CET	192.168.2.23	1.1.1.1	0x3456	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:47.805588961 CET	192.168.2.23	1.1.1.1	0x3456	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:55.900110006 CET	192.168.2.23	1.1.1.1	0xcc43	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:56.045778036 CET	192.168.2.23	1.1.1.1	0xcc43	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:56.186191082 CET	192.168.2.23	1.1.1.1	0xcc43	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:56.326085091 CET	192.168.2.23	1.1.1.1	0xcc43	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:03:56.471432924 CET	192.168.2.23	1.1.1.1	0xcc43	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:04.586359978 CET	192.168.2.23	1.1.1.1	0x468c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:04.729973078 CET	192.168.2.23	1.1.1.1	0x468c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:04.876224041 CET	192.168.2.23	1.1.1.1	0x468c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:05.022895098 CET	192.168.2.23	1.1.1.1	0x468c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:05.161801100 CET	192.168.2.23	1.1.1.1	0x468c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:13.226161957 CET	192.168.2.23	1.1.1.1	0x5755	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:13.371908903 CET	192.168.2.23	1.1.1.1	0x5755	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:13.515624046 CET	192.168.2.23	1.1.1.1	0x5755	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:13.660500050 CET	192.168.2.23	1.1.1.1	0x5755	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:13.807101011 CET	192.168.2.23	1.1.1.1	0x5755	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:21.929157972 CET	192.168.2.23	1.1.1.1	0xd6f4	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:22.074053049 CET	192.168.2.23	1.1.1.1	0xd6f4	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:22.212879896 CET	192.168.2.23	1.1.1.1	0xd6f4	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:22.358294964 CET	192.168.2.23	1.1.1.1	0xd6f4	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:22.500461102 CET	192.168.2.23	1.1.1.1	0xd6f4	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:30.644045115 CET	192.168.2.23	1.1.1.1	0x1f66	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:30.789947033 CET	192.168.2.23	1.1.1.1	0x1f66	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:30.932876110 CET	192.168.2.23	1.1.1.1	0x1f66	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:31.076034069 CET	192.168.2.23	1.1.1.1	0x1f66	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:31.233761072 CET	192.168.2.23	1.1.1.1	0x1f66	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:39.376482964 CET	192.168.2.23	1.1.1.1	0xcc84	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:39.522869110 CET	192.168.2.23	1.1.1.1	0xcc84	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:39.668138027 CET	192.168.2.23	1.1.1.1	0xcc84	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:39.806574106 CET	192.168.2.23	1.1.1.1	0xcc84	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:39.948088884 CET	192.168.2.23	1.1.1.1	0xcc84	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:48.086910963 CET	192.168.2.23	1.1.1.1	0x1532	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:48.233990908 CET	192.168.2.23	1.1.1.1	0x1532	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:48.379924059 CET	192.168.2.23	1.1.1.1	0x1532	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:48.526417017 CET	192.168.2.23	1.1.1.1	0x1532	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:48.665182114 CET	192.168.2.23	1.1.1.1	0x1532	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:56.815807104 CET	192.168.2.23	1.1.1.1	0xa727	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:56.956645012 CET	192.168.2.23	1.1.1.1	0xa727	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:57.100117922 CET	192.168.2.23	1.1.1.1	0xa727	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:57.245958090 CET	192.168.2.23	1.1.1.1	0xa727	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:04:57.392787933 CET	192.168.2.23	1.1.1.1	0xa727	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:05.489918947 CET	192.168.2.23	1.1.1.1	0x4f0f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:05.634948015 CET	192.168.2.23	1.1.1.1	0x4f0f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:05.783010006 CET	192.168.2.23	1.1.1.1	0x4f0f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:05.926909924 CET	192.168.2.23	1.1.1.1	0x4f0f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:06.065445900 CET	192.168.2.23	1.1.1.1	0x4f0f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:14.185218096 CET	192.168.2.23	1.1.1.1	0xaacb	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:14.330987930 CET	192.168.2.23	1.1.1.1	0xaacb	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:14.475471020 CET	192.168.2.23	1.1.1.1	0xaacb	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:14.618401051 CET	192.168.2.23	1.1.1.1	0xaacb	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:14.764085054 CET	192.168.2.23	1.1.1.1	0xaacb	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:22.874803066 CET	192.168.2.23	1.1.1.1	0x7a92	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:23.020128965 CET	192.168.2.23	1.1.1.1	0x7a92	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:23.165817022 CET	192.168.2.23	1.1.1.1	0x7a92	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:23.314474106 CET	192.168.2.23	1.1.1.1	0x7a92	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:23.459866047 CET	192.168.2.23	1.1.1.1	0x7a92	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:31.560856104 CET	192.168.2.23	1.1.1.1	0x36df	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:31.705512047 CET	192.168.2.23	1.1.1.1	0x36df	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:31.850375891 CET	192.168.2.23	1.1.1.1	0x36df	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:31.994422913 CET	192.168.2.23	1.1.1.1	0x36df	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:32.140070915 CET	192.168.2.23	1.1.1.1	0x36df	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:40.232546091 CET	192.168.2.23	1.1.1.1	0xa7b8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:40.371150017 CET	192.168.2.23	1.1.1.1	0xa7b8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:40.510448933 CET	192.168.2.23	1.1.1.1	0xa7b8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:40.654611111 CET	192.168.2.23	1.1.1.1	0xa7b8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:40.800534964 CET	192.168.2.23	1.1.1.1	0xa7b8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:48.905584097 CET	192.168.2.23	1.1.1.1	0xb528	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:49.053059101 CET	192.168.2.23	1.1.1.1	0xb528	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:49.194689989 CET	192.168.2.23	1.1.1.1	0xb528	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:49.333537102 CET	192.168.2.23	1.1.1.1	0xb528	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:49.472201109 CET	192.168.2.23	1.1.1.1	0xb528	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:57.536811113 CET	192.168.2.23	1.1.1.1	0x476f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:57.677651882 CET	192.168.2.23	1.1.1.1	0x476f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:57.815778017 CET	192.168.2.23	1.1.1.1	0x476f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:57.957192898 CET	192.168.2.23	1.1.1.1	0x476f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:05:58.101758003 CET	192.168.2.23	1.1.1.1	0x476f	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:06.210282087 CET	192.168.2.23	1.1.1.1	0xe467	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:06.351392031 CET	192.168.2.23	1.1.1.1	0xe467	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:06.496758938 CET	192.168.2.23	1.1.1.1	0xe467	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:06.643323898 CET	192.168.2.23	1.1.1.1	0xe467	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:06.782290936 CET	192.168.2.23	1.1.1.1	0xe467	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:14.890065908 CET	192.168.2.23	1.1.1.1	0x3694	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:15.036017895 CET	192.168.2.23	1.1.1.1	0x3694	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:15.180047989 CET	192.168.2.23	1.1.1.1	0x3694	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:15.319892883 CET	192.168.2.23	1.1.1.1	0x3694	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:15.458441973 CET	192.168.2.23	1.1.1.1	0x3694	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:23.609281063 CET	192.168.2.23	1.1.1.1	0xd63b	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:23.754725933 CET	192.168.2.23	1.1.1.1	0xd63b	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:23.894476891 CET	192.168.2.23	1.1.1.1	0xd63b	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:24.035228014 CET	192.168.2.23	1.1.1.1	0xd63b	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:24.174774885 CET	192.168.2.23	1.1.1.1	0xd63b	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:32.288150072 CET	192.168.2.23	1.1.1.1	0x438d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:32.783065081 CET	192.168.2.23	1.1.1.1	0x438d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:32.924263954 CET	192.168.2.23	1.1.1.1	0x438d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:33.065962076 CET	192.168.2.23	1.1.1.1	0x438d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:33.208982944 CET	192.168.2.23	1.1.1.1	0x438d	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:41.273195028 CET	192.168.2.23	1.1.1.1	0x1fd8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:41.420222044 CET	192.168.2.23	1.1.1.1	0x1fd8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:41.562000990 CET	192.168.2.23	1.1.1.1	0x1fd8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:41.700402975 CET	192.168.2.23	1.1.1.1	0x1fd8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:41.845540047 CET	192.168.2.23	1.1.1.1	0x1fd8	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:49.952665091 CET	192.168.2.23	1.1.1.1	0xdef9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:50.091348886 CET	192.168.2.23	1.1.1.1	0xdef9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:50.229675055 CET	192.168.2.23	1.1.1.1	0xdef9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:50.370027065 CET	192.168.2.23	1.1.1.1	0xdef9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:50.515289068 CET	192.168.2.23	1.1.1.1	0xdef9	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:58.585319996 CET	192.168.2.23	1.1.1.1	0x364c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:58.731029987 CET	192.168.2.23	1.1.1.1	0x364c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:58.875010014 CET	192.168.2.23	1.1.1.1	0x364c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:59.013756990 CET	192.168.2.23	1.1.1.1	0x364c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false
Dec 1, 2024 18:06:59.152426004 CET	192.168.2.23	1.1.1.1	0x364c	Standard query (0)	ggggssss.top	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: bin.x86_64.elf PID: 6216, Parent PID: 6136

General

Start time (UTC):	17:02:44
Start date (UTC):	01/12/2024
Path:	/tmp/bin.x86_64.elf
Arguments:	/tmp/bin.x86_64.elf
File size:	149280 bytes
MD5 hash:	b272df9d4e9ffa7261c24087666f253c

File Activities

File Opened

Directory Enumerated

Process Activities

Process Forked

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6217, Parent PID: 6216

General

Start time (UTC):	17:02:44
Start date (UTC):	01/12/2024
Path:	/tmp/bin.x86_64.elf
Arguments:	-
File size:	149280 bytes
MD5 hash:	b272df9d4e9ffa7261c24087666f253c

Process Activities

Process Forked

Signal Sent

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6218, Parent PID: 6217

General

Start time (UTC):	17:02:44
Start date (UTC):	01/12/2024
Path:	/tmp/bin.x86_64.elf
Arguments:	-
File size:	149280 bytes
MD5 hash:	b272df9d4e9ffa7261c24087666f253c

Network Activities

Socket Listening

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6219, Parent PID: 6217

General

Start time (UTC):	17:02:44
Start date (UTC):	01/12/2024
Path:	/tmp/bin.x86_64.elf
Arguments:	-
File size:	149280 bytes
MD5 hash:	b272df9d4e9ffa7261c24087666f253c

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Thread Sleep

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6220, Parent PID: 6217

General

Start time (UTC):	17:02:44
Start date (UTC):	01/12/2024
Path:	/tmp/bin.x86_64.elf
Arguments:	-
File size:	149280 bytes
MD5 hash:	b272df9d4e9ffa7261c24087666f253c

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report bin.x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

System Behavior

Analysis Process: bin.x86_64.elf PID: 6216, Parent PID: 6136

General

File Activities

File Opened

Directory Enumerated

Process Activities

Process Forked

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6217, Parent PID: 6216

General

Process Activities

Process Forked

Signal Sent

Chronological Activities

Analysis Process: bin.x86_64.elf PID: 6218, Parent PID: 6217

General

Linux Analysis Report
bin.x86_64.elf