Edit tour
Linux
Analysis Report
arm.elf
Overview
General Information
Sample name: | arm.elf |
Analysis ID: | 1576214 |
MD5: | 6a37dbd9c1b61ff42c42d7bfa7249860 |
SHA1: | 861808e7cf5b90559a649006e39c64d18ef37d3e |
SHA256: | e9a63bdbd303e4f5d91fd6fe0ed094fe87f599d9129d3dc1d4c689259590114e |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1576214 |
Start date and time: | 2024-12-16 16:43:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | arm.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@0/0 |
- VT rate limit hit for: arm.elf
Command: | /tmp/arm.elf |
PID: | 6217 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Infected |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
85.239.34.134 | unknown | Russian Federation | 134121 | RAINBOW-HKRainbownetworklimitedHK | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
85.239.34.134 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RAINBOW-HKRainbownetworklimitedHK | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.2877004568239245 |
TrID: |
|
File name: | arm.elf |
File size: | 80'440 bytes |
MD5: | 6a37dbd9c1b61ff42c42d7bfa7249860 |
SHA1: | 861808e7cf5b90559a649006e39c64d18ef37d3e |
SHA256: | e9a63bdbd303e4f5d91fd6fe0ed094fe87f599d9129d3dc1d4c689259590114e |
SHA512: | 33432bd73e71e89085b70aa7f19a4619fbee9848a680542e93bcacf881c00eac3ebc150e3be1993037ffc72f29feeeba6155435207e1d5778f7b5052fd271e8d |
SSDEEP: | 1536:I+rdyQCOVuFVk57F28xvORcxG5q2q+FKkFtQ+1/wTyJn54N4Kvw5hl:IZQCOVuFwF28xv/Ar/zFtPtwTyJ54xwt |
TLSH: | 35733996F8808B12C6C155B7F71E528C336B43ADD2EE32039E255F613B836670E3B985 |
File Content Preview: | .ELF...a..........(.........4...08......4. ...(......................5...5...............5..............<j..........Q.td..................................-...L."... A..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 79920 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0x104b8 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x18568 | 0x10568 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1857c | 0x1057c | 0x2f9c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.eh_frame | PROGBITS | 0x1c518 | 0x13518 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1c51c | 0x1351c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1c524 | 0x13524 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1c52c | 0x1352c | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1c530 | 0x13530 | 0x290 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1c7c0 | 0x137c0 | 0x6794 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.ARM.attributes | ARM_ATTRIBUTES | 0x0 | 0x137c0 | 0x10 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x137d0 | 0x5d | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x13518 | 0x13518 | 6.3143 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0x13518 | 0x1c518 | 0x1c518 | 0x2a8 | 0x6a3c | 3.3992 | 0x6 | RW | 0x1000 | .eh_frame .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2024 16:43:45.866722107 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Dec 16, 2024 16:43:46.365463018 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:46.485502005 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:46.485563040 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:47.370538950 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:47.490879059 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:47.491099119 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:47.491369963 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:47.611310005 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:48.637259007 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:48.637387991 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:48.637590885 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:48.637906075 CET | 40260 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:48.759438992 CET | 6666 | 40260 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:51.242475986 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Dec 16, 2024 16:43:52.521863937 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Dec 16, 2024 16:43:57.643066883 CET | 40262 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:57.763221025 CET | 6666 | 40262 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:57.763649940 CET | 40262 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:57.764152050 CET | 40262 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:57.884242058 CET | 6666 | 40262 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:58.937536001 CET | 6666 | 40262 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:58.937735081 CET | 6666 | 40262 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:43:58.937743902 CET | 40262 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:58.937823057 CET | 40262 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:43:59.059254885 CET | 6666 | 40262 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:07.367826939 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Dec 16, 2024 16:44:07.944122076 CET | 40264 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:08.065643072 CET | 6666 | 40264 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:08.065881968 CET | 40264 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:08.065978050 CET | 40264 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:08.187717915 CET | 6666 | 40264 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:09.237107038 CET | 6666 | 40264 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:09.237132072 CET | 6666 | 40264 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:09.237461090 CET | 40264 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:09.237595081 CET | 40264 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:09.357808113 CET | 6666 | 40264 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:17.606435061 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Dec 16, 2024 16:44:18.245893002 CET | 40266 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:18.366053104 CET | 6666 | 40266 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:18.366342068 CET | 40266 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:18.366400003 CET | 40266 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:18.486576080 CET | 6666 | 40266 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:19.536910057 CET | 6666 | 40266 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:19.537055016 CET | 6666 | 40266 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:19.537136078 CET | 40266 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:19.537226915 CET | 40266 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:19.657464027 CET | 6666 | 40266 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:23.749517918 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Dec 16, 2024 16:44:28.544465065 CET | 40268 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:28.664572001 CET | 6666 | 40268 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:28.664824009 CET | 40268 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:28.664953947 CET | 40268 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:28.785270929 CET | 6666 | 40268 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:29.846492052 CET | 6666 | 40268 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:29.846637011 CET | 6666 | 40268 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:29.846635103 CET | 40268 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:29.846723080 CET | 40268 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:29.966557026 CET | 6666 | 40268 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:38.852226973 CET | 40270 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:38.982477903 CET | 6666 | 40270 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:38.982604027 CET | 40270 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:38.982655048 CET | 40270 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:39.102644920 CET | 6666 | 40270 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:40.168457031 CET | 6666 | 40270 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:40.168473005 CET | 6666 | 40270 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:40.168580055 CET | 40270 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:40.168643951 CET | 40270 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:40.290544987 CET | 6666 | 40270 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:48.322137117 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Dec 16, 2024 16:44:49.174858093 CET | 40272 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:49.294740915 CET | 6666 | 40272 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:49.294919014 CET | 40272 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:49.294955015 CET | 40272 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:49.414870977 CET | 6666 | 40272 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:50.477772951 CET | 6666 | 40272 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:50.477787018 CET | 6666 | 40272 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:50.477893114 CET | 40272 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:50.478162050 CET | 40272 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:50.598098040 CET | 6666 | 40272 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:59.484780073 CET | 40274 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:59.605995893 CET | 6666 | 40274 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:44:59.606254101 CET | 40274 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:59.606379986 CET | 40274 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:44:59.726407051 CET | 6666 | 40274 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:00.764487028 CET | 6666 | 40274 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:00.764520884 CET | 6666 | 40274 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:00.764745951 CET | 40274 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:00.764801979 CET | 40274 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:00.884743929 CET | 6666 | 40274 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:09.770399094 CET | 40276 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:09.890228033 CET | 6666 | 40276 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:09.890403032 CET | 40276 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:09.890515089 CET | 40276 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:10.010637999 CET | 6666 | 40276 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:11.064476967 CET | 6666 | 40276 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:11.064589024 CET | 6666 | 40276 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:11.064666033 CET | 40276 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:11.064702034 CET | 40276 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:11.184541941 CET | 6666 | 40276 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:20.073539972 CET | 40278 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:20.193710089 CET | 6666 | 40278 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:20.193975925 CET | 40278 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:20.194037914 CET | 40278 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:20.314229965 CET | 6666 | 40278 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:21.362643957 CET | 6666 | 40278 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:21.362668991 CET | 6666 | 40278 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:21.363121033 CET | 40278 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:21.363265991 CET | 40278 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:21.483139992 CET | 6666 | 40278 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:30.375308990 CET | 40280 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:30.499007940 CET | 6666 | 40280 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:30.499208927 CET | 40280 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:30.499286890 CET | 40280 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:30.620356083 CET | 6666 | 40280 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:31.666877031 CET | 6666 | 40280 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:31.666913986 CET | 6666 | 40280 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:31.667073965 CET | 40280 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:31.667131901 CET | 40280 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:31.811398983 CET | 6666 | 40280 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:40.673877954 CET | 40282 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:40.794281960 CET | 6666 | 40282 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:40.794404984 CET | 40282 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:40.794437885 CET | 40282 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:40.914335012 CET | 6666 | 40282 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:41.963613987 CET | 6666 | 40282 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:41.963668108 CET | 6666 | 40282 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:41.963782072 CET | 40282 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:41.963917971 CET | 40282 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:42.083971024 CET | 6666 | 40282 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:50.972589016 CET | 40284 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:51.092694044 CET | 6666 | 40284 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:45:51.092855930 CET | 40284 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:51.092962980 CET | 40284 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:45:51.212712049 CET | 6666 | 40284 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:46:22.758477926 CET | 6666 | 40284 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:46:22.758620977 CET | 40284 | 6666 | 192.168.2.23 | 85.239.34.134 |
Dec 16, 2024 16:46:22.992866039 CET | 6666 | 40284 | 85.239.34.134 | 192.168.2.23 |
Dec 16, 2024 16:46:22.993047953 CET | 40284 | 6666 | 192.168.2.23 | 85.239.34.134 |
System Behavior
Start time (UTC): | 15:43:45 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/arm.elf |
Arguments: | /tmp/arm.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 15:43:45 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 15:43:45 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 15:43:45 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |