Edit tour
Linux
Analysis Report
CONSTANT_STRATEGY.elf
Overview
General Information
| Sample name: | CONSTANT_STRATEGY.elf |
| Analysis ID: | 1578698 |
| MD5: | abbf52dd16b588944358ad6b92dd55b0 |
| SHA1: | 9a67c0b8db60c7b243c121a41745fd4f34a4372c |
| SHA256: | 12e20c8380c4f76fb99e00ad484621cfec27ce239483a55844e4b42ea8db1100 |
| Tags: | elfuser-abuse_ch |
| Infos: |  |
 | |
Detection
Sliver
| Score: | 84 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Sliver Implants
Machine Learning detection for sample
Performs DNS TXT record lookups
Queries the IP of a very long domain name
Connects to many different domains
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1578698 |
| Start date and time: | 2024-12-20 06:37:05 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 7m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | CONSTANT_STRATEGY.elf |
| Detection: | MAL |
| Classification: | mal84.troj.evad.linELF@0/0@38/0 |
- VT rate limit hit for: LpgEQkkyxkjgvbLBCkkTxFq8kLQbBJp54js4aWdBfWiSPmMjNCRHmPpYsfgi7p1.7QVC7SwnPabjdrWDFxsPYx5QpVE8awcaNW9jCHd2sM7etTgHej9neCP4bRBx9cK.RnvVoQkovy7tntkTqif1T7Trz.0x0000b.fashionspeedy.com
| Command: | /tmp/CONSTANT_STRATEGY.elf |
| PID: | 6253 |
| Exit Code: | |
| Exit Code Info: | |
| Killed: | True |
| Standard Output: | |
| Standard Error: | 2024/12/19 23:37:54 sliver.go:99: Hello my name is CONSTANT_STRATEGY 2024/12/19 23:37:54 limits.go:58: Limit checks completed 2024/12/19 23:37:54 sliver.go:116: Running in Beacon mode with ID: e52ab1c6-11c5-423a-8cc8-7001b83d6fef 2024/12/19 23:37:54 beacon.go:102: Starting beacon loop ... 2024/12/19 23:37:54 transports.go:41: Starting c2 url generator () ... 2024/12/19 23:37:54 transports.go:104: Return generator: (chan *url.URL)(0xc0001006c0) 2024/12/19 23:37:54 beacon.go:118: Recv from c2 generator ... 2024/12/19 23:37:54 transports.go:92: Yield c2 uri = 'dns://0x0000b.fashionspeedy.com' 2024/12/19 23:37:54 transports.go:92: Yield c2 uri = 'dns://0x0000b.fashionspeedy.com' 2024/12/19 23:37:54 beacon.go:122: Next CC = dns://0x0000b.fashionspeedy.com 2024/12/19 23:37:54 beacon.go:122: Next CC = dns://0x0000b.fashionspeedy.com 2024/12/19 23:37:54 sliver.go:125: Next beacon = &{0xa59f60 0xa5df80 0xa59e20 0xa59ea0 0xa5dfc0 0xa59dc0 dns://0x0000b.fashionspeedy.com } 2024/12/19 23:37:54 transports.go:92: Yield c2 uri = 'dns://0x0000b.fashionspeedy.com' 2024/12/19 23:37:54 dnsclient.go:152: DNS client connecting to '0x0000b.fashionspeedy.com' (timeout: 5s) ... 2024/12/19 23:37:54 dnsclient.go:299: [dns] found resolvers: [127.0.0.53] 2024/12/19 23:37:54 crypto.go:227: TOTP Code: 16320111 2024/12/19 23:37:54 dnsclient.go:724: [dns] Fetching dns session id via 'baakbvw6w8c8.0x0000b.fashionspeedy.com.' ... 2024/12/19 23:37:54 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of baakbvw6w8c8.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:54 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 517.691388ms (err: <nil>) 2024/12/19 23:37:54 resolver-generic.go:109: [dns] answer (a): 149.204.54.100 2024/12/19 23:37:54 dnsclient.go:745: [dns] dns session id: 3591317 2024/12/19 23:37:54 dnsclient.go:307: [dns] dns session id 3591317 2024/12/19 23:37:54 dnsclient.go:311: [dns] fingerprinting resolvers ... 2024/12/19 23:37:54 dnsclient.go:841: [dns] Fingerprinting 1 resolver(s) ... 2024/12/19 23:37:54 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of 115tmprb34212ahuq9t3ttp2.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:54 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 342.36195ms (err: <nil>) 2024/12/19 23:37:54 resolver-generic.go:109: [dns] answer (a): 94.75.140.75 2024/12/19 23:37:54 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of 115tmprb342e2k52e2rgb1ba.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:55 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 339.919524ms (err: <nil>) 2024/12/19 23:37:55 resolver-generic.go:109: [dns] answer (a): 213.124.170.103 2024/12/19 23:37:55 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of 115tmprb3423ag0p028dm45r.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:55 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 340.759747ms (err: <nil>) 2024/12/19 23:37:55 resolver-generic.go:109: [dns] answer (a): 60.89.183.130 2024/12/19 23:37:55 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of 115tmprb342178wxd5vkv1vb.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:56 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 341.523892ms (err: <nil>) 2024/12/19 23:37:56 resolver-generic.go:109: [dns] answer (a): 140.118.21.128 2024/12/19 23:37:56 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of TupyuUtoigqF7iixMmz8.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:56 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 339.435903ms (err: <nil>) 2024/12/19 23:37:56 resolver-generic.go:109: [dns] answer (a): 174.67.41.211 2024/12/19 23:37:56 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of TupyuUtoi4hZpunhyTWd.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:56 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 340.717615ms (err: <nil>) 2024/12/19 23:37:56 resolver-generic.go:109: [dns] answer (a): 23.246.61.199 2024/12/19 23:37:56 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of TupyuUtohxAeqYUtAfPs.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:57 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 338.864673ms (err: <nil>) 2024/12/19 23:37:57 resolver-generic.go:109: [dns] answer (a): 136.242.140.131 2024/12/19 23:37:57 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of TupyuUtohiWxzTiWZHH8.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:57 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 339.145819ms (err: <nil>) 2024/12/19 23:37:57 resolver-generic.go:109: [dns] answer (a): 169.172.33.210 2024/12/19 23:37:57 dnsclient.go:861: [dns] 127.0.0.53:53: avg rtt 340.34114ms, base58: true, errors 0 2024/12/19 23:37:57 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 110, len: 264 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:111] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 168 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:112] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 169 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:113] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 170 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:114] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 172 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:115] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 173 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:116] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 174 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:117] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 176 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:118] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 177 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:119] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 179 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:120] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 180 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:121] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 181 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:122] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 183 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:123] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 184 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:124] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 185 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:125] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 187 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:126] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 188 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:127] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 189 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:128] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 192 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:129] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 194 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:130] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 195 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:131] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 196 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:132] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 198 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:133] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 199 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:134] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 200 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:135] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 202 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:136] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 203 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:137] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 204 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:138] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 206 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:139] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 207 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:140] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 209 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:141] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 210 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:142] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 211 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:143] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 213 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:144] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 214 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:145] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 215 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:146] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 217 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:147] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 218 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:148] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 220 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:149] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 221 (max: 223) 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [0:150] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 222 (max: 223) 2024/12/19 23:37:57 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 263, len: 264 2024/12/19 23:37:57 dnsclient.go:666: [dns] shave data [150:264] of 264 2024/12/19 23:37:57 dnsclient.go:672: [dns] encoded length is 176 (max: 223) 2024/12/19 23:37:57 dnsclient.go:701: [dns] subdata 0 (0->150): 150 bytes 2024/12/19 23:37:57 dnsclient.go:701: [dns] subdata 1 (150->264): 114 bytes 2024/12/19 23:37:57 dnsclient.go:704: [dns] original data: 264 bytes 2024/12/19 23:37:57 dnsclient.go:705: [dns] total subdata: 264 bytes 2024/12/19 23:37:58 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 532.169273ms (err: <nil>) 2024/12/19 23:37:58 resolver-generic.go:152: [dns] answer (txt): [] 2024/12/19 23:37:58 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 544.373533ms (err: <nil>) 2024/12/19 23:37:58 resolver-generic.go:152: [dns] answer (txt): [ZETcwIBCh2W8tR0NULSaCmmU0FIxXSjl+iY4tdP9+VwB6_LuoUTdEMtWK1bfuSHF57atVhfU7n1pisxX] 2024/12/19 23:37:58 dnsclient.go:366: [dns] key exchange was successful! 2024/12/19 23:37:58 dnsclient.go:370: [dns] starting worker(s) ... 2024/12/19 23:37:58 sliver.go:178: Registering beacon with server 2024/12/19 23:37:58 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:37:58 dnsclient.go:239: [dns] starting worker #0 2024/12/19 23:37:58 beacon.go:94: Duration: 5s 2024/12/19 23:37:58 dnsclient.go:239: [dns] starting worker #0 2024/12/19 23:37:58 sliver.go:586: Host Uuid: ee49dfd4-fa47-433b-aee8-8884e2d7de7c 2024/12/19 23:37:58 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:37:58 beacon.go:94: Duration: 5s 2024/12/19 23:37:58 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:37:58 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 110, len: 339 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:111] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 168 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:112] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 169 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:113] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 170 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:114] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 172 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:115] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 173 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:116] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 174 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:117] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 176 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:118] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 177 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:119] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 179 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:120] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 180 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:121] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 181 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:122] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 183 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:123] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 184 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:124] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 185 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:125] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 187 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:126] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 188 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:127] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 189 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:128] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 192 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:129] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 194 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:130] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 195 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:131] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 196 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:132] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 198 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:133] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 199 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:134] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 200 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:135] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 202 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:136] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 203 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:137] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 204 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:138] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 206 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:139] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 207 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:140] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 209 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:141] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 210 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:142] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 211 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:143] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 213 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:144] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 214 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:145] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 215 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:146] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 217 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:147] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 218 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:148] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 220 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:149] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 221 (max: 223) 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [0:150] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 222 (max: 223) 2024/12/19 23:37:58 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 296, len: 339 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [150:297] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 222 (max: 223) 2024/12/19 23:37:58 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 338, len: 339 2024/12/19 23:37:58 dnsclient.go:666: [dns] shave data [297:339] of 339 2024/12/19 23:37:58 dnsclient.go:672: [dns] encoded length is 77 (max: 223) 2024/12/19 23:37:58 dnsclient.go:701: [dns] subdata 0 (0->150): 150 bytes 2024/12/19 23:37:58 dnsclient.go:701: [dns] subdata 1 (150->297): 147 bytes 2024/12/19 23:37:58 dnsclient.go:701: [dns] subdata 2 (297->339): 42 bytes 2024/12/19 23:37:58 dnsclient.go:704: [dns] original data: 339 bytes 2024/12/19 23:37:58 dnsclient.go:705: [dns] total subdata: 339 bytes 2024/12/19 23:37:58 dnsclient.go:254: [dns] #0 work: &{1 Mzd5iuQhLXMwMXiys6YwGwufVZWE7kqUocyr1GnpAPP1G7Tk4xFe7n9r1H3KsSb.Hek1WF4o5PVHvhnye4etXGq8AdftECSx2ECjT9HUjHoX49AB2w2Xmd3JcEmnLbm.7yQD16mGRM5xUhFppydAjuvDYX6C6v3JrZwZT7a3c1iikpGgiA7TNbxTbZUYAKK.b1fzTin2pAK36Anv8Bmy6F3jv74xhFi6A.0x0000b.fashionspeedy.com. 0xc00003ca30 <nil>} 2024/12/19 23:37:58 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of Mzd5iuQhLXMwMXiys6YwGwufVZWE7kqUocyr1GnpAPP1G7Tk4xFe7n9r1H3KsSb.Hek1WF4o5PVHvhnye4etXGq8AdftECSx2ECjT9HUjHoX49AB2w2Xmd3JcEmnLbm.7yQD16mGRM5xUhFppydAjuvDYX6C6v3JrZwZT7a3c1iikpGgiA7TNbxTbZUYAKK.b1fzTin2pAK36Anv8Bmy6F3jv74xhFi6A.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:58 dnsclient.go:254: [dns] #0 work: &{1 Mzd5iuQhLSzB5UWsS6NnrcprNDFArRJyq3opNgbTWfm5sDYznUkcyywDZxAsJSj.hJruBCTwjAG3DTKHFBFm9LBpv3vBrSrH6uJJNLevpcuuX8hoUyrqGfm6WDRAGUy.HuW5KfSXGdsmzFNAvF2H9u8vbtixZg1SytbzThn8ESwQbQ6XQfeKJFz553Bd29P.kGc4sJD14bbV8Ap6DCUMJTHLfqoYa3Kyt.0x0000b.fashionspeedy.com. 0xc00003ca30 <nil>} 2024/12/19 23:37:58 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of Mzd5iuQhLSzB5UWsS6NnrcprNDFArRJyq3opNgbTWfm5sDYznUkcyywDZxAsJSj.hJruBCTwjAG3DTKHFBFm9LBpv3vBrSrH6uJJNLevpcuuX8hoUyrqGfm6WDRAGUy.HuW5KfSXGdsmzFNAvF2H9u8vbtixZg1SytbzThn8ESwQbQ6XQfeKJFz553Bd29P.kGc4sJD14bbV8Ap6DCUMJTHLfqoYa3Kyt.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:59 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 537.376511ms (err: <nil>) 2024/12/19 23:37:59 resolver-generic.go:109: [dns] answer (a): 151.207.180.104 2024/12/19 23:37:59 dnsclient.go:254: [dns] #0 work: &{1 xGW32EahCCdzEaHCDqi5Lc8g8z3GW8m5pZw3XNVbfpmgKqVfghmXc2i2eHcPXkf.cwLb2aaDGo3TdB.0x0000b.fashionspeedy.com. 0xc00003ca30 <nil>} 2024/12/19 23:37:59 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of xGW32EahCCdzEaHCDqi5Lc8g8z3GW8m5pZw3XNVbfpmgKqVfghmXc2i2eHcPXkf.cwLb2aaDGo3TdB.0x0000b.fashionspeedy.com. ? 2024/12/19 23:37:59 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 545.926789ms (err: <nil>) 2024/12/19 23:37:59 resolver-generic.go:109: [dns] answer (a): 189.139.47.107 2024/12/19 23:38:00 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 547.228474ms (err: <nil>) 2024/12/19 23:38:00 resolver-generic.go:109: [dns] answer (a): 188.42.251.108 2024/12/19 23:38:01 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:01 beacon.go:94: Duration: 5s 2024/12/19 23:38:01 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:06.061259998 -0600 CST m=+12.048832603 2024/12/19 23:38:01 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:01 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:01 beacon.go:94: Duration: 5s 2024/12/19 23:38:01 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:01 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:01 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:01 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:01 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:01 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:01 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:01 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkyLpxogXsGx7uaT1fna3kwAwzPo844n7vckpmjMtQee8wpJ6pYvbCtejf.spVmVAwmPfKuhz5dpgrMmWLmjVFMY72UkdGj2ETKgSxnbti5LDCvww3wzjWciup.8oN7dDQtYH63EVjsSCGuoJAga.0x0000b.fashionspeedy.com. 0xc00003cc90 <nil>} 2024/12/19 23:38:01 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkyLpxogXsGx7uaT1fna3kwAwzPo844n7vckpmjMtQee8wpJ6pYvbCtejf.spVmVAwmPfKuhz5dpgrMmWLmjVFMY72UkdGj2ETKgSxnbti5LDCvww3wzjWciup.8oN7dDQtYH63EVjsSCGuoJAga.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:01 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 538.23565ms (err: <nil>) 2024/12/19 23:38:01 resolver-generic.go:109: [dns] answer (a): 113.123.132.238 2024/12/19 23:38:01 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:01 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:01 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjZqrhSF1ooGr6.0x0000b.fashionspeedy.com. 2024/12/19 23:38:02 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 348.748488ms (err: <nil>) 2024/12/19 23:38:02 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwbp1U] 2024/12/19 23:38:02 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 9 40 58] 2024/12/19 23:38:02 dnsclient.go:549: [dns] parallel read (20368533): 0 -> 58 of 58 2024/12/19 23:38:02 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:02 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:02 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv629a78.0x0000b.fashionspeedy.com. 0xc00003cda0 0xc0002ee4e0} 2024/12/19 23:38:02 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 593.932007ms (err: <nil>) 2024/12/19 23:38:02 resolver-generic.go:152: [dns] answer (txt): [jCHtZF3oGn1A33ok2Afb+fcKeWezurY+i03_HzPS6DKfZ0xOB-ehdbZfqQLplO5sRCxrERy3A2hr4IcP] 2024/12/19 23:38:02 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:02 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:02 dnsclient.go:586: [dns] read result data: [50 58 87 254 120 145 161 8 31 138 36 77 13 242 2 228 129 44 31 193 222 101 79 185 44 24 149 165 236 247 38 91 8 252 23 49 133 129 202 24 47 200 79 75 82 59 17 86 214 55 20 155 87 98 124 50 148 146 161 51] 2024/12/19 23:38:02 dnsclient.go:595: [dns] recv msg: Data:"W\xfex\x91\xa1\x08\x1f\x8a$M\r\xf2\x02\xe4\x81,\x1f\xc1\xdeeO\xb9,\x18\x95\xa5\xec\xf7&[\x08\xfc\x171\x85\x81\xca\x18/\xc8OKR;\x11V\xd67\x14\x9bWb|2\x94\x92\xa13" 2024/12/19 23:38:02 dnsclient.go:604: [dns] all data collected: [87 254 120 145 161 8 31 138 36 77 13 242 2 228 129 44 31 193 222 101 79 185 44 24 149 165 236 247 38 91 8 252 23 49 133 129 202 24 47 200 79 75 82 59 17 86 214 55 20 155 87 98 124 50 148 146 161 51] 2024/12/19 23:38:02 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:02 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:06 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:06 beacon.go:94: Duration: 5s 2024/12/19 23:38:06 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:11.071902477 -0600 CST m=+17.059475113 2024/12/19 23:38:06 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:06 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:06 beacon.go:94: Duration: 5s 2024/12/19 23:38:06 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:06 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:06 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:06 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:06 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:06 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:06 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:06 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkyVooaGYsXFdRadnJuqZQkYssynnifyVmroKb249PLerQ3W27ymdz99Rh.YXUSuEsRE4BpXVxU8dddyEGH4yXkn446H7hXfXLKmbpn7XAfsbhrbqD3mdp18cN.wHztikaoWM9n3VauRigdMw9Ey.0x0000b.fashionspeedy.com. 0xc00003cf40 <nil>} 2024/12/19 23:38:06 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkyVooaGYsXFdRadnJuqZQkYssynnifyVmroKb249PLerQ3W27ymdz99Rh.YXUSuEsRE4BpXVxU8dddyEGH4yXkn446H7hXfXLKmbpn7XAfsbhrbqD3mdp18cN.wHztikaoWM9n3VauRigdMw9Ey.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:06 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 546.730908ms (err: <nil>) 2024/12/19 23:38:06 resolver-generic.go:109: [dns] answer (a): 63.44.145.189 2024/12/19 23:38:06 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:06 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:06 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjAgPtvJ3ssurk.0x0000b.fashionspeedy.com. 2024/12/19 23:38:07 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 340.439195ms (err: <nil>) 2024/12/19 23:38:07 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwcp1U] 2024/12/19 23:38:07 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 17 40 58] 2024/12/19 23:38:07 dnsclient.go:549: [dns] parallel read (37145749): 0 -> 58 of 58 2024/12/19 23:38:07 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:07 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:07 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv649a78.0x0000b.fashionspeedy.com. 0xc00003d050 0xc0002ee960} 2024/12/19 23:38:07 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 345.216728ms (err: <nil>) 2024/12/19 23:38:07 resolver-generic.go:152: [dns] answer (txt): [jCIDqxvaGy+3LtTiAf1e-WHErlP88Ub-F2L7XM8jF45RcTDOj1aqEn6WSUilmkyEHwaQ1Qcc1alGry2e] 2024/12/19 23:38:07 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:07 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:07 dnsclient.go:586: [dns] read result data: [50 58 165 77 198 128 161 222 98 181 126 11 124 136 7 99 202 102 80 236 246 219 160 152 156 59 111 246 237 140 158 65 117 19 137 113 50 0 19 153 2 124 223 162 206 60 215 102 165 176 52 131 65 4 128 3 168 81 208 199] 2024/12/19 23:38:07 dnsclient.go:595: [dns] recv msg: Data:"\xa5M\xa1\xdeb\xb5~\x0b|\x88\x07c\xcafP\xec\xf6\x98\x9c;o\xf6Au\x13\x89q2\x00\x13\x99\x02|\xce<\xd7f\xa5\xb04\x83A\x04\x80\x03\xa8Q\xd0\xc7" 2024/12/19 23:38:07 dnsclient.go:604: [dns] all data collected: [165 77 198 128 161 222 98 181 126 11 124 136 7 99 202 102 80 236 246 219 160 152 156 59 111 246 237 140 158 65 117 19 137 113 50 0 19 153 2 124 223 162 206 60 215 102 165 176 52 131 65 4 128 3 168 81 208 199] 2024/12/19 23:38:07 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:07 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:11 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:11 beacon.go:94: Duration: 5s 2024/12/19 23:38:11 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:16.083702761 -0600 CST m=+22.071275386 2024/12/19 23:38:11 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:11 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:11 beacon.go:94: Duration: 5s 2024/12/19 23:38:11 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:11 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:11 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:11 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:11 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:11 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:11 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:11 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkyEndY5ZimNJk211z3bwffTiWSkFT84VgLFwJGviHPYYgZQitY5HXBRi9.HaVQNzYSUTEyYUozY9uNKQTyjr6oSHAsiF5EQ7rCLNQ1M4ZYATjUv2KzvxKAG9j.CSgvkx37BS6WPho5W6GefGMPQ.0x0000b.fashionspeedy.com. 0xc00003d200 <nil>} 2024/12/19 23:38:11 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkyEndY5ZimNJk211z3bwffTiWSkFT84VgLFwJGviHPYYgZQitY5HXBRi9.HaVQNzYSUTEyYUozY9uNKQTyjr6oSHAsiF5EQ7rCLNQ1M4ZYATjUv2KzvxKAG9j.CSgvkx37BS6WPho5W6GefGMPQ.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:11 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 542.141424ms (err: <nil>) 2024/12/19 23:38:11 resolver-generic.go:109: [dns] answer (a): 81.64.129.31 2024/12/19 23:38:11 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:11 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:11 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjZqSFWf7X8YAJ.0x0000b.fashionspeedy.com. 2024/12/19 23:38:12 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 345.769524ms (err: <nil>) 2024/12/19 23:38:12 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwdp1U] 2024/12/19 23:38:12 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 25 40 58] 2024/12/19 23:38:12 dnsclient.go:549: [dns] parallel read (53922965): 0 -> 58 of 58 2024/12/19 23:38:12 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:12 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:12 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv669a78.0x0000b.fashionspeedy.com. 0xc00003d310 0xc0002eed80} 2024/12/19 23:38:12 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 342.932344ms (err: <nil>) 2024/12/19 23:38:12 resolver-generic.go:152: [dns] answer (txt): [jCIX76K_V4z-UC40Un-Hp3q5Hhm7b9KLdAx09HF6M7s6KXtBySzp80OYD7wV5vvG-IJJFSLiRo-PW3oT] 2024/12/19 23:38:12 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:12 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:12 dnsclient.go:586: [dns] read result data: [50 58 189 188 155 21 238 71 152 234 57 1 233 6 41 74 36 197 164 163 239 11 43 45 25 247 1 202 153 201 186 245 137 179 213 225 119 119 146 216 28 126 150 246 251 21 166 168 98 170 235 159 123 75 213 22 51 242 36 120] 2024/12/19 23:38:12 dnsclient.go:595: [dns] recv msg: Data:"\xbd\xbc\x9b\x15\xeeG\x98\xea9\x01\xe9\x06)J$\xa3\xef\x0b+-\x19\xf7\x01\xf5\x89\xb3\xd5\xe1ww\x92\xd8\x1c~\x96\xf6\xfb\x15\xa6\xa8b\xaa\xeb\x9f{K\xd5\x163\xf2$x" 2024/12/19 23:38:12 dnsclient.go:604: [dns] all data collected: [189 188 155 21 238 71 152 234 57 1 233 6 41 74 36 197 164 163 239 11 43 45 25 247 1 202 153 201 186 245 137 179 213 225 119 119 146 216 28 126 150 246 251 21 166 168 98 170 235 159 123 75 213 22 51 242 36 120] 2024/12/19 23:38:12 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:12 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:16 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:16 beacon.go:94: Duration: 5s 2024/12/19 23:38:16 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:21.092808852 -0600 CST m=+27.080381477 2024/12/19 23:38:16 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:16 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:16 beacon.go:94: Duration: 5s 2024/12/19 23:38:16 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:16 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:16 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:16 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:16 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:16 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:16 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:16 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkyomTuWAYb3ghZCHQEkZoEzGBVVLjV9u1B5bGHUrmryVVtvYbQg4GFFaN.fPByvTkMs7DPLZoqBDNoZ4avFTbeGPyfW1byqPgCxyQRQfhwZzZRdYa9kL1DhxE.goYK3nfikf6CjXNZbaFuyQBrj.0x0000b.fashionspeedy.com. 0xc00003c0e0 <nil>} 2024/12/19 23:38:16 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkyomTuWAYb3ghZCHQEkZoEzGBVVLjV9u1B5bGHUrmryVVtvYbQg4GFFaN.fPByvTkMs7DPLZoqBDNoZ4avFTbeGPyfW1byqPgCxyQRQfhwZzZRdYa9kL1DhxE.goYK3nfikf6CjXNZbaFuyQBrj.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:16 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 549.860686ms (err: <nil>) 2024/12/19 23:38:16 resolver-generic.go:109: [dns] answer (a): 141.84.66.169 2024/12/19 23:38:16 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:16 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:16 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjAQxc4g9np3yT.0x0000b.fashionspeedy.com. 2024/12/19 23:38:17 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 342.323653ms (err: <nil>) 2024/12/19 23:38:17 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwfp1U] 2024/12/19 23:38:17 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 33 40 58] 2024/12/19 23:38:17 dnsclient.go:549: [dns] parallel read (70700181): 0 -> 58 of 58 2024/12/19 23:38:17 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:17 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:17 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv689a78.0x0000b.fashionspeedy.com. 0xc00003c440 0xc0002ee2a0} 2024/12/19 23:38:17 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 337.58769ms (err: <nil>) 2024/12/19 23:38:17 resolver-generic.go:152: [dns] answer (txt): [jCH7eFdT_XuuVYwtd91WvwDod_VTAOTaB+wb8IK1R3LdkW+uSYOGAITWe8eIM_x4GrzA72h-TifYmEoK] 2024/12/19 23:38:17 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:17 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:17 dnsclient.go:586: [dns] read result data: [50 58 111 30 113 184 87 214 89 239 230 215 27 40 60 105 185 81 25 94 248 127 30 0 135 150 194 218 171 32 214 43 70 55 206 89 223 236 104 126 174 60 31 97 234 185 87 36 161 71 159 188 50 152 224 178 62 62 100 108] 2024/12/19 23:38:17 dnsclient.go:595: [dns] recv msg: Data:"o\x1eq\xb8W\xd6Y\xef\xe6\xd7\x1b(<i\xb9Q\x19^\xf8\x7f\x1e\x00\x87\x96\xc2 \xd6+F7\xceY\xdf\xech~\xae<\x1fa\xea\xb9W$\xa1G\x9f\xbc2\x98\xe0\xb2>>dl" 2024/12/19 23:38:17 dnsclient.go:604: [dns] all data collected: [111 30 113 184 87 214 89 239 230 215 27 40 60 105 185 81 25 94 248 127 30 0 135 150 194 218 171 32 214 43 70 55 206 89 223 236 104 126 174 60 31 97 234 185 87 36 161 71 159 188 50 152 224 178 62 62 100 108] 2024/12/19 23:38:17 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:17 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:21 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:21 beacon.go:94: Duration: 5s 2024/12/19 23:38:21 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:26.099867053 -0600 CST m=+32.087439660 2024/12/19 23:38:21 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:21 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:21 beacon.go:94: Duration: 5s 2024/12/19 23:38:21 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:21 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:21 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:21 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:21 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:21 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:21 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:21 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkyxkjgvbLBCkkTxFq8kLQbBJp54js4aWdBfWiSPmMjNCRHmPpYsfgi7p1.7QVC7SwnPabjdrWDFxsPYx5QpVE8awcaNW9jCHd2sM7etTgHej9neCP4bRBx9cK.RnvVoQkovy7tntkTqif1T7Trz.0x0000b.fashionspeedy.com. 0xc00003c5f0 <nil>} 2024/12/19 23:38:21 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkyxkjgvbLBCkkTxFq8kLQbBJp54js4aWdBfWiSPmMjNCRHmPpYsfgi7p1.7QVC7SwnPabjdrWDFxsPYx5QpVE8awcaNW9jCHd2sM7etTgHej9neCP4bRBx9cK.RnvVoQkovy7tntkTqif1T7Trz.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:21 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 545.476763ms (err: <nil>) 2024/12/19 23:38:21 resolver-generic.go:109: [dns] answer (a): 9.186.159.28 2024/12/19 23:38:21 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:21 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:21 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjZmQNcGyhyXSs.0x0000b.fashionspeedy.com. 2024/12/19 23:38:22 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 338.724775ms (err: <nil>) 2024/12/19 23:38:22 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwhp1U] 2024/12/19 23:38:22 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 41 40 58] 2024/12/19 23:38:22 dnsclient.go:549: [dns] parallel read (87477397): 0 -> 58 of 58 2024/12/19 23:38:22 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:22 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:22 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv609a78.0x0000b.fashionspeedy.com. 0xc00003c700 0xc0002ee600} 2024/12/19 23:38:22 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 340.959879ms (err: <nil>) 2024/12/19 23:38:22 resolver-generic.go:152: [dns] answer (txt): [jCJFR4mQ7QE20ofUs9QBc+l2nhxjrCbz0JYtJXv9nCiUhK3bMujZc-O0Gvu7i4MbDzLo+dwFwCk1lqnk] 2024/12/19 23:38:22 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:22 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:22 dnsclient.go:586: [dns] read result data: [50 58 231 214 67 244 191 73 131 5 18 58 91 45 33 19 147 131 64 167 12 82 48 158 6 191 151 175 214 178 66 50 250 42 200 130 185 147 63 17 140 65 161 166 111 46 75 130 149 235 81 228 102 231 110 51 96 57 52 13] 2024/12/19 23:38:22 dnsclient.go:595: [dns] recv msg: Data:"\xe7\xd6C\xf4\xbfI\x83\x05\x12:[-!\x13\x93\x83@\xa7\x0cR0\x9e\x06\xbf\x97\xafB2\xfa*\xb9\x93?\x11\x8cA\xa1\xa6o.K\x82\x95\xebQ\xe4f\xe7n3`94\r" 2024/12/19 23:38:22 dnsclient.go:604: [dns] all data collected: [231 214 67 244 191 73 131 5 18 58 91 45 33 19 147 131 64 167 12 82 48 158 6 191 151 175 214 178 66 50 250 42 200 130 185 147 63 17 140 65 161 166 111 46 75 130 149 235 81 228 102 231 110 51 96 57 52 13] 2024/12/19 23:38:22 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:22 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:26 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:26 beacon.go:94: Duration: 5s 2024/12/19 23:38:26 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:31.110406187 -0600 CST m=+37.097978894 2024/12/19 23:38:26 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:26 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:26 beacon.go:94: Duration: 5s 2024/12/19 23:38:26 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:26 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:26 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:26 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:26 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:26 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:26 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:26 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkz7J8ELCapaniKZoZ2yFZhtSemCFMmFwK7BgoyUQELQQAPDyq9mgXU6fi.Rux3RE2CB3JuefKSU5bpYrY1dg6dvRnCBYDaoEwKHkW1w6dzc6TyvJA5GV4XGus.NUh8RsfJUinSsogxxeXKwSgsA.0x0000b.fashionspeedy.com. 0xc000110550 <nil>} 2024/12/19 23:38:26 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkz7J8ELCapaniKZoZ2yFZhtSemCFMmFwK7BgoyUQELQQAPDyq9mgXU6fi.Rux3RE2CB3JuefKSU5bpYrY1dg6dvRnCBYDaoEwKHkW1w6dzc6TyvJA5GV4XGus.NUh8RsfJUinSsogxxeXKwSgsA.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:26 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 534.356434ms (err: <nil>) 2024/12/19 23:38:26 resolver-generic.go:109: [dns] answer (a): 236.100.54.38 2024/12/19 23:38:26 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:26 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:26 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjA467DrF1aAq5.0x0000b.fashionspeedy.com. 2024/12/19 23:38:27 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 336.311605ms (err: <nil>) 2024/12/19 23:38:27 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwjp1U] 2024/12/19 23:38:27 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 49 40 58] 2024/12/19 23:38:27 dnsclient.go:549: [dns] parallel read (104254613): 0 -> 58 of 58 2024/12/19 23:38:27 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:27 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:27 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv6r9a78.0x0000b.fashionspeedy.com. 0xc000110660 0xc0001289c0} 2024/12/19 23:38:27 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 341.766108ms (err: <nil>) 2024/12/19 23:38:27 resolver-generic.go:152: [dns] answer (txt): [jCG_Hf-iV+dCqpZ52EH693zn_UKWb19cwF3UtDO4n8RNrVz47d-ROj7L4uxnK4FLPny+NQybqytJD-FL] 2024/12/19 23:38:27 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:27 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:27 dnsclient.go:586: [dns] read result data: [50 58 21 164 134 11 239 145 163 77 47 197 14 106 73 202 39 144 87 171 60 10 12 132 110 120 186 94 92 100 67 109 112 83 183 164 188 102 53 196 203 237 145 151 16 178 73 237 205 7 121 195 71 66 77 213 235 149 137 237] 2024/12/19 23:38:27 dnsclient.go:595: [dns] recv msg: Data:"\x15\xa4\x86\x0bM/\xc5\x0ejI\xca'\x90W\xab<\n\x0c\x84nx\xba^\\dCmpS\xb7\xa4\xbcf5\xc4\xcb\x10\xb2I\xed\xcd\x07y\xc3GBM\xd5\xed" 2024/12/19 23:38:27 dnsclient.go:604: [dns] all data collected: [21 164 134 11 239 145 163 77 47 197 14 106 73 202 39 144 87 171 60 10 12 132 110 120 186 94 92 100 67 109 112 83 183 164 188 102 53 196 203 237 145 151 16 178 73 237 205 7 121 195 71 66 77 213 235 149 137 237] 2024/12/19 23:38:27 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:27 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:31 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:31 beacon.go:94: Duration: 5s 2024/12/19 23:38:31 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:36.118483376 -0600 CST m=+42.106055997 2024/12/19 23:38:31 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:31 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:31 beacon.go:94: Duration: 5s 2024/12/19 23:38:31 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:31 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:31 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:31 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:31 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:31 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:31 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:31 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkzghy2kd7MojE5wQvkWzaLPpmGEnZ5UsCsPGvB68ZrHggdy1dCb9yyEdG.VkiS2PnCHaRTTZQbZPAjPfgzHPanFfMmPjE2XPzChTfqkH4QQP87n4K1WSgyyy7.6LCexTfHivZHQzigxLtNkWnA5.0x0000b.fashionspeedy.com. 0xc000110860 <nil>} 2024/12/19 23:38:31 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkzghy2kd7MojE5wQvkWzaLPpmGEnZ5UsCsPGvB68ZrHggdy1dCb9yyEdG.VkiS2PnCHaRTTZQbZPAjPfgzHPanFfMmPjE2XPzChTfqkH4QQP87n4K1WSgyyy7.6LCexTfHivZHQzigxLtNkWnA5.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:31 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 544.203267ms (err: <nil>) 2024/12/19 23:38:31 resolver-generic.go:109: [dns] answer (a): 16.45.183.202 2024/12/19 23:38:31 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:31 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:31 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjAMRhGquqNTTi.0x0000b.fashionspeedy.com. 2024/12/19 23:38:32 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 346.418242ms (err: <nil>) 2024/12/19 23:38:32 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwlp1U] 2024/12/19 23:38:32 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 57 40 58] 2024/12/19 23:38:32 dnsclient.go:549: [dns] parallel read (121031829): 0 -> 58 of 58 2024/12/19 23:38:32 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:32 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:32 dnsclient.go:254: [dns] #0 work: &{16 backbd6tv6w9a78.0x0000b.fashionspeedy.com. 0xc0001109c0 0xc000128de0} 2024/12/19 23:38:32 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 344.982977ms (err: <nil>) 2024/12/19 23:38:32 resolver-generic.go:152: [dns] answer (txt): [jCJnBXkXxOol+WV72vT59_B4c0dbVWAWozQov-AjXKl0XG5+LWcjXRsZWUFupKqn+Y_ifnth2deIGbYz] 2024/12/19 23:38:32 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:32 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:32 dnsclient.go:586: [dns] read result data: [50 58 208 135 211 125 115 20 78 231 206 239 13 174 5 201 88 100 16 17 130 239 199 252 69 237 17 105 135 204 246 195 129 246 129 121 183 193 12 247 85 191 243 169 217 74 196 208 231 229 75 33 5 202 12 97 234 160 47 158] 2024/12/19 23:38:32 dnsclient.go:595: [dns] recv msg: Data:"\xd3}s\x14N\xe7\xce\xef\r\xae\x05\xc9Xd\x10\x11\x82\xef\xc7\xfcE\xed\x11i\x87\xcc\xf6\xf6\x81y\xb7\xc1\x0c\xf7U\xbf\xf3\xa9\xd9J\xc4\xd0\xe7\xe5K!\x05\xca\x0ca\xea\xa0/\x9e" 2024/12/19 23:38:32 dnsclient.go:604: [dns] all data collected: [208 135 211 125 115 20 78 231 206 239 13 174 5 201 88 100 16 17 130 239 199 252 69 237 17 105 135 204 246 195 129 246 129 121 183 193 12 247 85 191 243 169 217 74 196 208 231 229 75 33 5 202 12 97 234 160 47 158] 2024/12/19 23:38:32 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:32 sliver.go:242: [beacon] closing ... 2024/12/19 23:38:36 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:36 beacon.go:94: Duration: 5s 2024/12/19 23:38:36 sliver.go:248: [beacon] sending check in ... 2024/12/19 23:38:36 beacon.go:86: Interval: 5000000000 Jitter: 0 2024/12/19 23:38:36 sliver.go:219: [beacon] sleep until 2024-12-19 23:38:41.128727872 -0600 CST m=+47.116300575 2024/12/19 23:38:36 beacon.go:94: Duration: 5s 2024/12/19 23:38:36 dnsclient.go:419: [dns] write envelope ... 2024/12/19 23:38:36 dnsclient.go:660: [dns] encoded: 0, subdata space: 222 | stop: 99, len: 100 2024/12/19 23:38:36 dnsclient.go:666: [dns] shave data [0:100] of 100 2024/12/19 23:38:36 dnsclient.go:672: [dns] encoded length is 151 (max: 223) 2024/12/19 23:38:36 dnsclient.go:701: [dns] subdata 0 (0->100): 100 bytes 2024/12/19 23:38:36 dnsclient.go:704: [dns] original data: 100 bytes 2024/12/19 23:38:36 dnsclient.go:705: [dns] total subdata: 100 bytes 2024/12/19 23:38:36 dnsclient.go:254: [dns] #0 work: &{1 LpgEQkkzRGoPadxTisdqnEFACAJSoZDSuoq3JZgxxnMEsq6ZM2yWier9RWkWVCh.ECGPk71LpMHrm7xN8BkPRqYZZvR1uGj7yGXxLTDzyVh4yjQCA9VrYCkwLaxUVut.1asxRvqpwaHPs4Wu82Z5gMQp3.0x0000b.fashionspeedy.com. 0xc00003c8f0 <nil>} 2024/12/19 23:38:36 resolver-generic.go:92: [dns] 127.0.0.53:53->A record of LpgEQkkzRGoPadxTisdqnEFACAJSoZDSuoq3JZgxxnMEsq6ZM2yWier9RWkWVCh.ECGPk71LpMHrm7xN8BkPRqYZZvR1uGj7yGXxLTDzyVh4yjQCA9VrYCkwLaxUVut.1asxRvqpwaHPs4Wu82Z5gMQp3.0x0000b.fashionspeedy.com. ? 2024/12/19 23:38:36 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 586.721674ms (err: <nil>) 2024/12/19 23:38:36 resolver-generic.go:109: [dns] answer (a): 196.143.62.182 2024/12/19 23:38:36 sliver.go:261: [beacon] recv task(s) ... 2024/12/19 23:38:36 dnsclient.go:439: [dns] read envelope ... 2024/12/19 23:38:36 dnsclient.go:452: [dns] poll msg domain: 6NguVjUtpxjZuiEWRV6LPTX.0x0000b.fashionspeedy.com. 2024/12/19 23:38:37 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 337.544819ms (err: <nil>) 2024/12/19 23:38:37 resolver-generic.go:152: [dns] answer (txt): [ba-nDuFwnp1U] 2024/12/19 23:38:37 dnsclient.go:459: [dns] read msg resp data: [8 6 16 149 153 219 65 40 58] 2024/12/19 23:38:37 dnsclient.go:549: [dns] parallel read (137809045): 0 -> 58 of 58 2024/12/19 23:38:37 dnsclient.go:573: [dns] collecting read results ... 2024/12/19 23:38:37 dnsclient.go:610: [dns] waiting for workers ... 2024/12/19 23:38:37 dnsclient.go:254: [dns] #0 work: &{16 backbd6tvha9a78.0x0000b.fashionspeedy.com. 0xc00003ca00 0xc0002ee9c0} 2024/12/19 23:38:37 resolver-generic.go:175: [dns] rtt->127.0.0.53:53 348.750394ms (err: <nil>) 2024/12/19 23:38:37 resolver-generic.go:152: [dns] answer (txt): [jCG404EvqOFrZisARUc-27+pVAnUT03P3lXNOe2oQ+xyXpGzrJGsWKWSzK4WG3G4P4eppTWQoGMj+otu] 2024/12/19 23:38:37 dnsclient.go:615: [dns] workers completed, close results channel ... 2024/12/19 23:38:37 dnsclient.go:627: [dns] collecting recvData ... 2024/12/19 23:38:37 dnsclient.go:586: [dns] read result data: [50 58 36 6 73 154 79 25 212 252 181 159 215 161 24 14 254 82 237 244 58 224 24 179 136 239 112 196 112 209 211 151 29 245 42 30 82 186 22 242 207 55 122 201 60 162 42 36 206 65 210 75 143 52 70 139 140 229 21 217] 2024/12/19 23:38:37 dnsclient.go:595: [dns] recv msg: Data:"$\x06I\x9aO\x19\xd4\xfc\xb5\x9f\x18\x0e\xfeR\xed\xf4:\xe0\x18\xb3\x88\xefp\xc4p\xd1\x1d\xf5*\x1eR\xba\x16\xf2\xcf7z\xc9<\xa2*$\xceA\xd2K\x8f4F\x8b\x8c\xe5\x15\xd9" 2024/12/19 23:38:37 dnsclient.go:604: [dns] all data collected: [36 6 73 154 79 25 212 252 181 159 215 161 24 14 254 82 237 244 58 224 24 179 136 239 112 196 112 209 211 151 29 245 42 30 82 186 22 242 207 55 122 201 60 162 42 36 206 65 210 75 143 52 70 139 140 229 21 217] 2024/12/19 23:38:37 sliver.go:286: [beacon] received 0 task(s) from server 2024/12/19 23:38:37 sliver.go:242: [beacon] closing ... |
- system is lnxubuntu20
- cleanup
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Multi_Trojan_Bishopsliver_42298c4a | unknown | unknown |
| |
| INDICATOR_TOOL_Sliver | Detects Sliver implant cross-platform adversary emulation/red team | ditekSHen |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Sliver | Yara detected Sliver Implants | Joe Security | ||
| JoeSecurity_Sliver | Yara detected Sliver Implants | Joe Security |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-20T06:38:32.175044+0100 | 2852745 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 37606 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-20T06:37:54.539841+0100 | 2852741 | 1 | Malware Command and Control Activity Detected | 192.168.2.23 | 44136 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Joe Sandbox ML: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 41% | Virustotal | Browse | ||
| 34% | ReversingLabs | Linux.Trojan.Sliver | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| LpgEQkkyxkjgvbLBCkkTxFq8kLQbBJp54js4aWdBfWiSPmMjNCRHmPpYsfgi7p1.7QVC7SwnPabjdrWDFxsPYx5QpVE8awcaNW9jCHd2sM7etTgHej9neCP4bRBx9cK.RnvVoQkovy7tntkTqif1T7Trz.0x0000b.fashionspeedy.com | 9.186.159.28 | true | true | unknown | |
| xGW32EahCCdzEaHCDqi5Lc8g8z3GW8m5pZw3XNVbfpmgKqVfghmXc2i2eHcPXkf.cwLb2aaDGo3TdB.0x0000b.fashionspeedy.com | 188.42.251.108 | true | true | unknown | |
| 115tmprb34212ahuq9t3ttp2.0x0000b.fashionspeedy.com | 94.75.140.75 | true | false | unknown | |
| TupyuUtohiWxzTiWZHH8.0x0000b.fashionspeedy.com | 169.172.33.210 | true | false | unknown | |
| 115tmprb342e2k52e2rgb1ba.0x0000b.fashionspeedy.com | 213.124.170.103 | true | false | unknown | |
| 115tmprb3423ag0p028dm45r.0x0000b.fashionspeedy.com | 60.89.183.130 | true | false | unknown | |
| LpgEQkkyomTuWAYb3ghZCHQEkZoEzGBVVLjV9u1B5bGHUrmryVVtvYbQg4GFFaN.fPByvTkMs7DPLZoqBDNoZ4avFTbeGPyfW1byqPgCxyQRQfhwZzZRdYa9kL1DhxE.goYK3nfikf6CjXNZbaFuyQBrj.0x0000b.fashionspeedy.com | 141.84.66.169 | true | true | unknown | |
| baakbvw6w8c8.0x0000b.fashionspeedy.com | 149.204.54.100 | true | false | unknown | |
| TupyuUtohxAeqYUtAfPs.0x0000b.fashionspeedy.com | 136.242.140.131 | true | false | unknown | |
| Mzd5iuQhLXMwMXiys6YwGwufVZWE7kqUocyr1GnpAPP1G7Tk4xFe7n9r1H3KsSb.Hek1WF4o5PVHvhnye4etXGq8AdftECSx2ECjT9HUjHoX49AB2w2Xmd3JcEmnLbm.7yQD16mGRM5xUhFppydAjuvDYX6C6v3JrZwZT7a3c1iikpGgiA7TNbxTbZUYAKK.b1fzTin2pAK36Anv8Bmy6F3jv74xhFi6A.0x0000b.fashionspeedy.com | 151.207.180.104 | true | true | unknown | |
| LpgEQkkzghy2kd7MojE5wQvkWzaLPpmGEnZ5UsCsPGvB68ZrHggdy1dCb9yyEdG.VkiS2PnCHaRTTZQbZPAjPfgzHPanFfMmPjE2XPzChTfqkH4QQP87n4K1WSgyyy7.6LCexTfHivZHQzigxLtNkWnA5.0x0000b.fashionspeedy.com | 16.45.183.202 | true | true | unknown | |
| LpgEQkkz7J8ELCapaniKZoZ2yFZhtSemCFMmFwK7BgoyUQELQQAPDyq9mgXU6fi.Rux3RE2CB3JuefKSU5bpYrY1dg6dvRnCBYDaoEwKHkW1w6dzc6TyvJA5GV4XGus.NUh8RsfJUinSsogxxeXKwSgsA.0x0000b.fashionspeedy.com | 236.100.54.38 | true | true | unknown | |
| LpgEQkkzRGoPadxTisdqnEFACAJSoZDSuoq3JZgxxnMEsq6ZM2yWier9RWkWVCh.ECGPk71LpMHrm7xN8BkPRqYZZvR1uGj7yGXxLTDzyVh4yjQCA9VrYCkwLaxUVut.1asxRvqpwaHPs4Wu82Z5gMQp3.0x0000b.fashionspeedy.com | 196.143.62.182 | true | true | unknown | |
| TupyuUtoigqF7iixMmz8.0x0000b.fashionspeedy.com | 174.67.41.211 | true | false | unknown | |
| LpgEQkkyEndY5ZimNJk211z3bwffTiWSkFT84VgLFwJGviHPYYgZQitY5HXBRi9.HaVQNzYSUTEyYUozY9uNKQTyjr6oSHAsiF5EQ7rCLNQ1M4ZYATjUv2KzvxKAG9j.CSgvkx37BS6WPho5W6GefGMPQ.0x0000b.fashionspeedy.com | 81.64.129.31 | true | true | unknown | |
| 115tmprb342178wxd5vkv1vb.0x0000b.fashionspeedy.com | 140.118.21.128 | true | false | unknown | |
| LpgEQkkyVooaGYsXFdRadnJuqZQkYssynnifyVmroKb249PLerQ3W27ymdz99Rh.YXUSuEsRE4BpXVxU8dddyEGH4yXkn446H7hXfXLKmbpn7XAfsbhrbqD3mdp18cN.wHztikaoWM9n3VauRigdMw9Ey.0x0000b.fashionspeedy.com | 63.44.145.189 | true | true | unknown | |
| TupyuUtoi4hZpunhyTWd.0x0000b.fashionspeedy.com | 23.246.61.199 | true | false | unknown | |
| LpgEQkkyLpxogXsGx7uaT1fna3kwAwzPo844n7vckpmjMtQee8wpJ6pYvbCtejf.spVmVAwmPfKuhz5dpgrMmWLmjVFMY72UkdGj2ETKgSxnbti5LDCvww3wzjWciup.8oN7dDQtYH63EVjsSCGuoJAga.0x0000b.fashionspeedy.com | 113.123.132.238 | true | true | unknown | |
| Mzd5iuQhLSzB5UWsS6NnrcprNDFArRJyq3opNgbTWfm5sDYznUkcyywDZxAsJSj.hJruBCTwjAG3DTKHFBFm9LBpv3vBrSrH6uJJNLevpcuuX8hoUyrqGfm6WDRAGUy.HuW5KfSXGdsmzFNAvF2H9u8vbtixZg1SytbzThn8ESwQbQ6XQfeKJFz553Bd29P.kGc4sJD14bbV8Ap6DCUMJTHLfqoYa3Kyt.0x0000b.fashionspeedy.com | 189.139.47.107 | true | true | unknown | |
| backbd6tv649a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjZuiEWRV6LPTX.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjA467DrF1aAq5.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv629a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjZqSFWf7X8YAJ.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjAMRhGquqNTTi.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjAQxc4g9np3yT.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv689a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjZqrhSF1ooGr6.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tvha9a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 4CnUgx2oDuu5BASaYQhkvn6AsaitiXLmYAZfyUufgkiYPijFUD3DrpxJejZxwSS.nRinvj5paX1xmL4n4UAAqLq8TZuVHpDN84g9SZBZh3aavdq4r573iHmZLsCiyqX.zz6dTktLvtt9P7ZUQQq6rmiqRMQjg6Yyr42BcnXBHoEksYfyQ7.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv6w9a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjZmQNcGyhyXSs.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| 6NguVjUtpxjAgPtvJ3ssurk.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv669a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| Mw62Z54BGpKJJ5hjruTmztnkb486wDtKNBe2uzvgzGatAKeC4S4GJS816QctRcj.rPQxMhxDgA2ahi99Rj9soq1PCWbVb5ErQHRN6eDPkuSKEgayrvraiDjKA1HkXg5.Gwpquwu2KM42tzoLAZ1eZnGP1oTgN9qZyYrTjK8wGErbKLKVqcAVy7GEqNb8TV2.faECVRcTrdjT4R7Hk7TCX6Um3CGfEZA1M.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv6r9a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown | |
| backbd6tv609a78.0x0000b.fashionspeedy.com | unknown | unknown | true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Xmrig | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| 91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Xmrig | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| INIT7CH | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 5.999942474418765 |
| TrID: |
|
| File name: | CONSTANT_STRATEGY.elf |
| File size: | 13'884'704 bytes |
| MD5: | abbf52dd16b588944358ad6b92dd55b0 |
| SHA1: | 9a67c0b8db60c7b243c121a41745fd4f34a4372c |
| SHA256: | 12e20c8380c4f76fb99e00ad484621cfec27ce239483a55844e4b42ea8db1100 |
| SHA512: | d26b621cb5172abbddccba6e0d03306d226b53fac9d2b5c8bb5a12f5d7eeedcb3d451fb7c4d7accbeb1ede1c48f25f0f4caa43e8a246f55202d218abab4c936e |
| SSDEEP: | 98304:VH6QuQhBOL3Vv1kNMJuVEQDwivBMbluIJ0Yqoo:5vtBO7t0vOuqZVo |
| TLSH: | 65E6D743F96951E9C0EAE5748726A223BE613C48573073E7AF60F6641735FE0AABD310 |
| File Content Preview: | .ELF..............>.....`.G.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@.....d.......d.................................@.......@.....b8......b8.......................@.......@..... |
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-20T06:37:54.539841+0100 | 2852741 | ETPRO MALWARE Sliver DNS SessionInit Request | 1 | 192.168.2.23 | 44136 | 1.1.1.1 | 53 | UDP |
| 2024-12-20T06:38:32.175044+0100 | 2852745 | ETPRO MALWARE Sliver DNS Base58 Poll Request | 1 | 192.168.2.23 | 37606 | 1.1.1.1 | 53 | UDP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 20, 2024 06:37:53.929382086 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Dec 20, 2024 06:37:59.304532051 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Dec 20, 2024 06:38:00.328562021 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Dec 20, 2024 06:38:15.174367905 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Dec 20, 2024 06:38:25.412935972 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Dec 20, 2024 06:38:31.556282043 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Dec 20, 2024 06:38:56.129039049 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Dec 20, 2024 06:39:16.605895042 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 20, 2024 06:37:54.539840937 CET | 44136 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:55.052867889 CET | 53 | 44136 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:55.079189062 CET | 53628 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:55.417562008 CET | 53 | 53628 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:55.428420067 CET | 34990 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:55.765086889 CET | 53 | 34990 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:55.776856899 CET | 37882 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:56.114483118 CET | 53 | 37882 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:56.124275923 CET | 59857 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:56.462582111 CET | 53 | 59857 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:56.474659920 CET | 58488 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:56.810877085 CET | 53 | 58488 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:56.820771933 CET | 38780 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:57.158107042 CET | 53 | 38780 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:57.170161009 CET | 46005 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:57.505120039 CET | 53 | 46005 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:57.515583038 CET | 52140 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:57.851263046 CET | 53 | 52140 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:58.077814102 CET | 36378 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:58.606539011 CET | 53 | 36378 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:58.614749908 CET | 58370 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:59.155884027 CET | 53 | 58370 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:59.420727015 CET | 33860 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:59.427968025 CET | 60362 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:59.952459097 CET | 53 | 33860 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:37:59.968069077 CET | 40436 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:37:59.970781088 CET | 53 | 60362 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:00.511400938 CET | 53 | 40436 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:01.568188906 CET | 51614 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:02.101908922 CET | 53 | 51614 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:02.121794939 CET | 46736 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:02.467175007 CET | 53 | 46736 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:02.492588043 CET | 33358 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:03.083648920 CET | 53 | 33358 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:06.574126959 CET | 54196 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:07.117074013 CET | 53 | 54196 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:07.133510113 CET | 54196 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:07.470978022 CET | 53 | 54196 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:07.490880966 CET | 49206 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:07.833103895 CET | 53 | 49206 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:11.583800077 CET | 51703 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:12.122204065 CET | 53 | 51703 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:12.141634941 CET | 35136 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:12.483825922 CET | 53 | 35136 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:12.508040905 CET | 57886 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:12.846941948 CET | 53 | 57886 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:16.603245020 CET | 37925 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:17.148209095 CET | 53 | 37925 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:17.171715021 CET | 41312 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:17.510284901 CET | 53 | 41312 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:17.536622047 CET | 53321 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:17.869736910 CET | 53 | 53321 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:21.595040083 CET | 58612 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:22.136349916 CET | 53 | 58612 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:22.155175924 CET | 51501 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:22.490092039 CET | 53 | 51501 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:22.513729095 CET | 41339 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:22.851721048 CET | 53 | 41339 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:26.604880095 CET | 38498 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:27.136372089 CET | 53 | 38498 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:27.150755882 CET | 38902 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:27.484457970 CET | 53 | 38902 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:27.501482964 CET | 58450 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:27.839977026 CET | 53 | 58450 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:31.620085955 CET | 40921 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:32.160079956 CET | 53 | 40921 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:32.175044060 CET | 37606 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:32.516629934 CET | 53 | 37606 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:32.542566061 CET | 38839 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:32.884562969 CET | 53 | 38839 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:36.618196964 CET | 49263 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:37.200695992 CET | 53 | 49263 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:37.223958969 CET | 51095 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:37.556955099 CET | 53 | 51095 | 1.1.1.1 | 192.168.2.23 |
| Dec 20, 2024 06:38:37.583077908 CET | 34082 | 53 | 192.168.2.23 | 1.1.1.1 |
| Dec 20, 2024 06:38:37.928078890 CET | 53 | 34082 | 1.1.1.1 | 192.168.2.23 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 20, 2024 06:37:54.539840937 CET | 192.168.2.23 | 1.1.1.1 | 0xdd3d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:55.079189062 CET | 192.168.2.23 | 1.1.1.1 | 0x3a1d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:55.428420067 CET | 192.168.2.23 | 1.1.1.1 | 0x2c97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:55.776856899 CET | 192.168.2.23 | 1.1.1.1 | 0xf5b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:56.124275923 CET | 192.168.2.23 | 1.1.1.1 | 0x7c94 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:56.474659920 CET | 192.168.2.23 | 1.1.1.1 | 0xd247 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:56.820771933 CET | 192.168.2.23 | 1.1.1.1 | 0x933b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:57.170161009 CET | 192.168.2.23 | 1.1.1.1 | 0x1aa4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:57.515583038 CET | 192.168.2.23 | 1.1.1.1 | 0x5ac0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:58.077814102 CET | 192.168.2.23 | 1.1.1.1 | 0x791c | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:37:58.614749908 CET | 192.168.2.23 | 1.1.1.1 | 0x853f | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:37:59.420727015 CET | 192.168.2.23 | 1.1.1.1 | 0x7667 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:59.427968025 CET | 192.168.2.23 | 1.1.1.1 | 0xe7a3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:37:59.968069077 CET | 192.168.2.23 | 1.1.1.1 | 0x8374 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:01.568188906 CET | 192.168.2.23 | 1.1.1.1 | 0xe402 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:02.121794939 CET | 192.168.2.23 | 1.1.1.1 | 0xcbe7 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:02.492588043 CET | 192.168.2.23 | 1.1.1.1 | 0x9fd4 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:06.574126959 CET | 192.168.2.23 | 1.1.1.1 | 0x6dcf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:07.133510113 CET | 192.168.2.23 | 1.1.1.1 | 0x5d54 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:07.490880966 CET | 192.168.2.23 | 1.1.1.1 | 0xc0e5 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:11.583800077 CET | 192.168.2.23 | 1.1.1.1 | 0x5996 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:12.141634941 CET | 192.168.2.23 | 1.1.1.1 | 0x709 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:12.508040905 CET | 192.168.2.23 | 1.1.1.1 | 0x6ab7 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:16.603245020 CET | 192.168.2.23 | 1.1.1.1 | 0x242e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:17.171715021 CET | 192.168.2.23 | 1.1.1.1 | 0x7655 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:17.536622047 CET | 192.168.2.23 | 1.1.1.1 | 0x9040 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:21.595040083 CET | 192.168.2.23 | 1.1.1.1 | 0xca6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:22.155175924 CET | 192.168.2.23 | 1.1.1.1 | 0x7196 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:22.513729095 CET | 192.168.2.23 | 1.1.1.1 | 0x6387 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:26.604880095 CET | 192.168.2.23 | 1.1.1.1 | 0x1e9e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:27.150755882 CET | 192.168.2.23 | 1.1.1.1 | 0x2c8e | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:27.501482964 CET | 192.168.2.23 | 1.1.1.1 | 0xe9b6 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:31.620085955 CET | 192.168.2.23 | 1.1.1.1 | 0x5fb4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:32.175044060 CET | 192.168.2.23 | 1.1.1.1 | 0xb8b9 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:32.542566061 CET | 192.168.2.23 | 1.1.1.1 | 0x1fb2 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:36.618196964 CET | 192.168.2.23 | 1.1.1.1 | 0x5b81 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 20, 2024 06:38:37.223958969 CET | 192.168.2.23 | 1.1.1.1 | 0xced0 | Standard query (0) | 16 | IN (0x0001) | false | |
| Dec 20, 2024 06:38:37.583077908 CET | 192.168.2.23 | 1.1.1.1 | 0xcc1b | Standard query (0) | 16 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 20, 2024 06:37:55.052867889 CET | 1.1.1.1 | 192.168.2.23 | 0xdd3d | No error (0) | 149.204.54.100 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:55.417562008 CET | 1.1.1.1 | 192.168.2.23 | 0x3a1d | No error (0) | 94.75.140.75 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:55.765086889 CET | 1.1.1.1 | 192.168.2.23 | 0x2c97 | No error (0) | 213.124.170.103 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:56.114483118 CET | 1.1.1.1 | 192.168.2.23 | 0xf5b9 | No error (0) | 60.89.183.130 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:56.462582111 CET | 1.1.1.1 | 192.168.2.23 | 0x7c94 | No error (0) | 140.118.21.128 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:56.810877085 CET | 1.1.1.1 | 192.168.2.23 | 0xd247 | No error (0) | 174.67.41.211 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:57.158107042 CET | 1.1.1.1 | 192.168.2.23 | 0x933b | No error (0) | 23.246.61.199 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:57.505120039 CET | 1.1.1.1 | 192.168.2.23 | 0x1aa4 | No error (0) | 136.242.140.131 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:57.851263046 CET | 1.1.1.1 | 192.168.2.23 | 0x5ac0 | No error (0) | 169.172.33.210 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:58.606539011 CET | 1.1.1.1 | 192.168.2.23 | 0x791c | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:37:59.155884027 CET | 1.1.1.1 | 192.168.2.23 | 0x853f | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:37:59.952459097 CET | 1.1.1.1 | 192.168.2.23 | 0x7667 | No error (0) | 151.207.180.104 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:37:59.970781088 CET | 1.1.1.1 | 192.168.2.23 | 0xe7a3 | No error (0) | 189.139.47.107 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:00.511400938 CET | 1.1.1.1 | 192.168.2.23 | 0x8374 | No error (0) | 188.42.251.108 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:02.101908922 CET | 1.1.1.1 | 192.168.2.23 | 0xe402 | No error (0) | 113.123.132.238 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:02.467175007 CET | 1.1.1.1 | 192.168.2.23 | 0xcbe7 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:03.083648920 CET | 1.1.1.1 | 192.168.2.23 | 0x9fd4 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:07.117074013 CET | 1.1.1.1 | 192.168.2.23 | 0x6dcf | No error (0) | 63.44.145.189 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:07.470978022 CET | 1.1.1.1 | 192.168.2.23 | 0x5d54 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:07.833103895 CET | 1.1.1.1 | 192.168.2.23 | 0xc0e5 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:12.122204065 CET | 1.1.1.1 | 192.168.2.23 | 0x5996 | No error (0) | 81.64.129.31 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:12.483825922 CET | 1.1.1.1 | 192.168.2.23 | 0x709 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:12.846941948 CET | 1.1.1.1 | 192.168.2.23 | 0x6ab7 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:17.148209095 CET | 1.1.1.1 | 192.168.2.23 | 0x242e | No error (0) | 141.84.66.169 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:17.510284901 CET | 1.1.1.1 | 192.168.2.23 | 0x7655 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:17.869736910 CET | 1.1.1.1 | 192.168.2.23 | 0x9040 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:22.136349916 CET | 1.1.1.1 | 192.168.2.23 | 0xca6d | No error (0) | 9.186.159.28 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:22.490092039 CET | 1.1.1.1 | 192.168.2.23 | 0x7196 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:22.851721048 CET | 1.1.1.1 | 192.168.2.23 | 0x6387 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:27.136372089 CET | 1.1.1.1 | 192.168.2.23 | 0x1e9e | No error (0) | 236.100.54.38 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:27.484457970 CET | 1.1.1.1 | 192.168.2.23 | 0x2c8e | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:27.839977026 CET | 1.1.1.1 | 192.168.2.23 | 0xe9b6 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:32.160079956 CET | 1.1.1.1 | 192.168.2.23 | 0x5fb4 | No error (0) | 16.45.183.202 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:32.516629934 CET | 1.1.1.1 | 192.168.2.23 | 0xb8b9 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:32.884562969 CET | 1.1.1.1 | 192.168.2.23 | 0x1fb2 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:37.200695992 CET | 1.1.1.1 | 192.168.2.23 | 0x5b81 | No error (0) | 196.143.62.182 | A (IP address) | IN (0x0001) | false | ||
| Dec 20, 2024 06:38:37.556955099 CET | 1.1.1.1 | 192.168.2.23 | 0xced0 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
| Dec 20, 2024 06:38:37.928078890 CET | 1.1.1.1 | 192.168.2.23 | 0xcc1b | No error (0) | TXT (Text strings) | IN (0x0001) | false |
System Behavior
| Start time (UTC): | 05:37:53 |
| Start date (UTC): | 20/12/2024 |
| Path: | /tmp/CONSTANT_STRATEGY.elf |
| Arguments: | /tmp/CONSTANT_STRATEGY.elf |
| File size: | 13884704 bytes |
| MD5 hash: | abbf52dd16b588944358ad6b92dd55b0 |