Edit tour
Linux
Analysis Report
sh4.elf
Overview
General Information
Sample name: | sh4.elf |
Analysis ID: | 1576254 |
MD5: | d71954b6eb39392c4c4a6f15c5454311 |
SHA1: | e4e888e4c0347946283525773347280e0e0ebf3d |
SHA256: | 0b3788848dcd2124648d12e647fa65b97bce0dc3d32f17c8fe81d02daeddf19b |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Mirai
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1576254 |
Start date and time: | 2024-12-16 17:26:57 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | sh4.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@2/0 |
- VT rate limit hit for: sh4.elf
Command: | /tmp/sh4.elf |
PID: | 5431 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Infected |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
85.239.34.134 | unknown | Russian Federation | 134121 | RAINBOW-HKRainbownetworklimitedHK | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
85.239.34.134 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RAINBOW-HKRainbownetworklimitedHK | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.91980805403923 |
TrID: |
|
File name: | sh4.elf |
File size: | 75'108 bytes |
MD5: | d71954b6eb39392c4c4a6f15c5454311 |
SHA1: | e4e888e4c0347946283525773347280e0e0ebf3d |
SHA256: | 0b3788848dcd2124648d12e647fa65b97bce0dc3d32f17c8fe81d02daeddf19b |
SHA512: | 5d329abdbda6de0f315482ac73dcbf4c21d79c5fb52f29391ce75dd0332293313a6ca9e7596ea1a1afeeb1468310893a32370d8c3e94c75815359c61c712cfcb |
SSDEEP: | 1536:q4tEzX9A132+Jh/72NcEljKsjGeoisu5hZ:oq1b/qNJrjQ05hZ |
TLSH: | 5F738D23C8250F53C106DAB5303AEF78135706B2818B2EF56566C7B88983E9EF559FE4 |
File Content Preview: | .ELF..............*.......@.4...4#......4. ...(...............@...@...................... ... A.. A.....,u..............| ..| A.| A.................Q.td............................././"O.n........#.*@........#.*@,....o&O.n...l............................. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 4 |
Section Header Offset: | 74548 |
Section Header Size: | 40 |
Number of Section Headers: | 14 |
Header String Table Index: | 13 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x4000b4 | 0xb4 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400100 | 0x100 | 0xed40 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40ee40 | 0xee40 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40ee64 | 0xee64 | 0x2fa0 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.eh_frame | PROGBITS | 0x412000 | 0x12000 | 0x7c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x41207c | 0x1207c | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.ctors | PROGBITS | 0x41207c | 0x1207c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x412084 | 0x12084 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x41208c | 0x1208c | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x412090 | 0x12090 | 0x238 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x4122c8 | 0x122c8 | 0x14 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x4122dc | 0x122dc | 0x7250 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x122dc | 0x58 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x11e04 | 0x11e04 | 6.9829 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0x12000 | 0x412000 | 0x412000 | 0x2dc | 0x752c | 3.9394 | 0x6 | RW | 0x1000 | .eh_frame .tbss .ctors .dtors .jcr .data .got .bss | |
TLS | 0x1207c | 0x41207c | 0x41207c | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2024 17:27:38.676709890 CET | 53626 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:38.796760082 CET | 6666 | 53626 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:38.796847105 CET | 53626 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:38.797240973 CET | 53626 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:38.917340994 CET | 6666 | 53626 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:39.977541924 CET | 6666 | 53626 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:39.977570057 CET | 6666 | 53626 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:39.977732897 CET | 53626 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:39.978003979 CET | 53626 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:40.100131989 CET | 6666 | 53626 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:48.984563112 CET | 53628 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:49.104739904 CET | 6666 | 53628 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:49.105000973 CET | 53628 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:49.105480909 CET | 53628 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:49.225274086 CET | 6666 | 53628 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:50.265470028 CET | 6666 | 53628 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:50.265520096 CET | 6666 | 53628 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:50.265645981 CET | 53628 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:50.265786886 CET | 53628 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:50.385701895 CET | 6666 | 53628 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:59.273649931 CET | 53630 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:59.394762993 CET | 6666 | 53630 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:27:59.395071983 CET | 53630 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:59.395203114 CET | 53630 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:27:59.515080929 CET | 6666 | 53630 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:00.558686972 CET | 6666 | 53630 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:00.558738947 CET | 6666 | 53630 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:00.559050083 CET | 53630 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:00.559182882 CET | 53630 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:00.679347038 CET | 6666 | 53630 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:09.571690083 CET | 53632 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:09.692485094 CET | 6666 | 53632 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:09.692718029 CET | 53632 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:09.692934036 CET | 53632 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:09.814527035 CET | 6666 | 53632 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:10.877403975 CET | 6666 | 53632 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:10.877413988 CET | 6666 | 53632 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:10.877639055 CET | 53632 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:10.877639055 CET | 53632 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:10.998342991 CET | 6666 | 53632 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:19.887886047 CET | 53634 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:20.008563995 CET | 6666 | 53634 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:20.008862019 CET | 53634 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:20.008862019 CET | 53634 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:20.129280090 CET | 6666 | 53634 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:21.164803982 CET | 6666 | 53634 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:21.165029049 CET | 53634 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:21.165107012 CET | 6666 | 53634 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:21.165266991 CET | 53634 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:21.287823915 CET | 6666 | 53634 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:30.173716068 CET | 53636 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:30.293826103 CET | 6666 | 53636 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:30.294294119 CET | 53636 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:30.294294119 CET | 53636 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:30.414341927 CET | 6666 | 53636 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:31.463864088 CET | 6666 | 53636 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:31.464070082 CET | 53636 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:31.464338064 CET | 6666 | 53636 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:31.464485884 CET | 53636 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:31.585350990 CET | 6666 | 53636 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:40.478624105 CET | 53638 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:40.599463940 CET | 6666 | 53638 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:40.599823952 CET | 53638 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:40.599960089 CET | 53638 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:40.720040083 CET | 6666 | 53638 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:41.764014006 CET | 6666 | 53638 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:41.764112949 CET | 6666 | 53638 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:41.764300108 CET | 53638 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:41.764420986 CET | 53638 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:41.884562969 CET | 6666 | 53638 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:50.773190975 CET | 53640 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:50.896184921 CET | 6666 | 53640 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:50.896298885 CET | 53640 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:50.896353960 CET | 53640 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:51.017128944 CET | 6666 | 53640 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:52.064353943 CET | 6666 | 53640 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:52.064589977 CET | 53640 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:52.064727068 CET | 6666 | 53640 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:28:52.064831018 CET | 53640 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:28:52.184582949 CET | 6666 | 53640 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:01.072998047 CET | 53642 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:01.193919897 CET | 6666 | 53642 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:01.194039106 CET | 53642 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:01.194281101 CET | 53642 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:01.314822912 CET | 6666 | 53642 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:02.357635975 CET | 6666 | 53642 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:02.357650995 CET | 6666 | 53642 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:02.357894897 CET | 53642 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:02.357979059 CET | 53642 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:02.479284048 CET | 6666 | 53642 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:11.366900921 CET | 53644 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:11.488985062 CET | 6666 | 53644 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:11.489289045 CET | 53644 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:11.489413977 CET | 53644 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:11.610192060 CET | 6666 | 53644 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:12.660120010 CET | 6666 | 53644 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:12.660224915 CET | 6666 | 53644 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:12.660496950 CET | 53644 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:12.660648108 CET | 53644 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:12.780502081 CET | 6666 | 53644 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:21.669615030 CET | 53646 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:21.789612055 CET | 6666 | 53646 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:21.789794922 CET | 53646 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:21.789894104 CET | 53646 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:21.910523891 CET | 6666 | 53646 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:22.934592962 CET | 6666 | 53646 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:22.934617043 CET | 6666 | 53646 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:22.934732914 CET | 53646 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:22.934962988 CET | 53646 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:23.054704905 CET | 6666 | 53646 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:31.943209887 CET | 53648 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:32.063298941 CET | 6666 | 53648 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:32.063540936 CET | 53648 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:32.063618898 CET | 53648 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:32.184173107 CET | 6666 | 53648 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:33.237231016 CET | 6666 | 53648 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:33.237373114 CET | 6666 | 53648 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:33.237469912 CET | 53648 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:33.237607956 CET | 53648 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:33.358563900 CET | 6666 | 53648 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:42.248130083 CET | 53650 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:42.368089914 CET | 6666 | 53650 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:42.368283987 CET | 53650 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:42.368314028 CET | 53650 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:42.488255978 CET | 6666 | 53650 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:43.537233114 CET | 6666 | 53650 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:43.537343025 CET | 6666 | 53650 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:43.537571907 CET | 53650 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:43.537781954 CET | 53650 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:43.657566071 CET | 6666 | 53650 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:52.547468901 CET | 53652 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:52.667373896 CET | 6666 | 53652 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:52.667649031 CET | 53652 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:52.667736053 CET | 53652 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:52.787705898 CET | 6666 | 53652 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:53.834511042 CET | 6666 | 53652 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:53.834624052 CET | 6666 | 53652 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:29:53.834847927 CET | 53652 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:53.835055113 CET | 53652 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:29:53.955347061 CET | 6666 | 53652 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:02.844943047 CET | 53654 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:02.965059042 CET | 6666 | 53654 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:02.965215921 CET | 53654 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:02.965418100 CET | 53654 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:03.087230921 CET | 6666 | 53654 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:04.134731054 CET | 6666 | 53654 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:04.134984016 CET | 6666 | 53654 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:04.135106087 CET | 53654 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:04.135107040 CET | 53654 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:04.255764008 CET | 6666 | 53654 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:13.144256115 CET | 53656 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:13.264058113 CET | 6666 | 53656 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:13.264369011 CET | 53656 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:13.264410019 CET | 53656 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:13.385976076 CET | 6666 | 53656 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:14.407336950 CET | 6666 | 53656 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:14.407520056 CET | 53656 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:14.407639027 CET | 6666 | 53656 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:14.407747030 CET | 53656 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:14.529405117 CET | 6666 | 53656 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:23.422435999 CET | 53658 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:23.542306900 CET | 6666 | 53658 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:23.542510033 CET | 53658 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:23.542510033 CET | 53658 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:23.662795067 CET | 6666 | 53658 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:24.689038992 CET | 6666 | 53658 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:24.689121008 CET | 6666 | 53658 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:24.689165115 CET | 53658 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:24.689274073 CET | 53658 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:24.809098005 CET | 6666 | 53658 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:33.699868917 CET | 53660 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:33.820025921 CET | 6666 | 53660 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:33.820188999 CET | 53660 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:33.820482969 CET | 53660 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:33.940303087 CET | 6666 | 53660 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:34.984886885 CET | 6666 | 53660 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:34.984939098 CET | 6666 | 53660 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:34.985246897 CET | 53660 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:34.985430002 CET | 53660 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:35.105314016 CET | 6666 | 53660 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:43.993310928 CET | 53662 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:44.113243103 CET | 6666 | 53662 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:44.113419056 CET | 53662 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:44.113419056 CET | 53662 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:44.236412048 CET | 6666 | 53662 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:45.266051054 CET | 6666 | 53662 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:45.266103983 CET | 6666 | 53662 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:45.266311884 CET | 53662 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:45.266479969 CET | 53662 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:45.386266947 CET | 6666 | 53662 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:54.275331020 CET | 53664 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:54.395421982 CET | 6666 | 53664 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:54.395574093 CET | 53664 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:54.395626068 CET | 53664 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:54.515640974 CET | 6666 | 53664 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:55.564168930 CET | 6666 | 53664 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:55.564306021 CET | 6666 | 53664 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:30:55.564361095 CET | 53664 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:55.564461946 CET | 53664 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:30:55.684806108 CET | 6666 | 53664 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:31:04.576225996 CET | 53666 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:31:04.696914911 CET | 6666 | 53666 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:31:04.697094917 CET | 53666 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:31:04.697176933 CET | 53666 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:31:04.816888094 CET | 6666 | 53666 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:31:05.864377975 CET | 6666 | 53666 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:31:05.864487886 CET | 6666 | 53666 | 85.239.34.134 | 192.168.2.13 |
Dec 16, 2024 17:31:05.864600897 CET | 53666 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:31:05.864852905 CET | 53666 | 6666 | 192.168.2.13 | 85.239.34.134 |
Dec 16, 2024 17:31:05.986228943 CET | 6666 | 53666 | 85.239.34.134 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2024 17:30:23.099570990 CET | 46294 | 53 | 192.168.2.13 | 1.1.1.1 |
Dec 16, 2024 17:30:23.099637985 CET | 37191 | 53 | 192.168.2.13 | 1.1.1.1 |
Dec 16, 2024 17:30:23.322721958 CET | 53 | 37191 | 1.1.1.1 | 192.168.2.13 |
Dec 16, 2024 17:30:23.337096930 CET | 53 | 46294 | 1.1.1.1 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 16, 2024 17:30:23.099570990 CET | 192.168.2.13 | 1.1.1.1 | 0xfbad | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 16, 2024 17:30:23.099637985 CET | 192.168.2.13 | 1.1.1.1 | 0xca20 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 16, 2024 17:30:23.337096930 CET | 1.1.1.1 | 192.168.2.13 | 0xfbad | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Dec 16, 2024 17:30:23.337096930 CET | 1.1.1.1 | 192.168.2.13 | 0xfbad | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 16:27:37 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/sh4.elf |
Arguments: | /tmp/sh4.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 16:27:38 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 16:27:38 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 16:27:38 |
Start date (UTC): | 16/12/2024 |
Path: | /tmp/sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |