Edit tour
Linux
Analysis Report
zerx86.elf
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Yara signature match
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1580171 |
Start date and time: | 2024-12-24 03:39:16 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerx86.elf |
Detection: | MAL |
Classification: | mal68.troj.linELF@0/0@11/0 |
- VT rate limit hit for: serisbot.geek. [malformed]
Command: | /tmp/zerx86.elf |
PID: | 5518 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | The Peoples Bank of China. |
Standard Error: |
- system is lnxubuntu20
- zerx86.elf New Fork (PID: 5519, Parent: 5518)
- zerx86.elf New Fork (PID: 5520, Parent: 5519)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_88de437f | unknown | unknown |
| |
Linux_Trojan_Mirai_cc93863b | unknown | unknown |
| |
Linux_Trojan_Mirai_8aa7b5d3 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Mirai_b14f4c5d | unknown | unknown |
| |
Linux_Trojan_Mirai_88de437f | unknown | unknown |
| |
Linux_Trojan_Mirai_cc93863b | unknown | unknown |
| |
Linux_Trojan_Mirai_8aa7b5d3 | unknown | unknown |
|
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
serisontop.dyn | 209.38.192.73 | true | false | high | |
serisbot.geek | 209.38.192.73 | true | false | high | |
serisbot.geek. [malformed] | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.216.16.244 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | true | |
154.216.16.250 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | true | |
209.38.192.73 | serisontop.dyn | United States | 7018 | ATT-INTERNET4US | false |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
serisontop.dyn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
serisbot.geek | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Okiru | Browse |
| |
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.353277651482587 |
TrID: |
|
File name: | zerx86.elf |
File size: | 42'612 bytes |
MD5: | 8f88d9001a0bbe8d00b274f3b3fecd19 |
SHA1: | 0fcd715c7844c033afb261fdcf18837d14b24cf6 |
SHA256: | f1ddc5731c1cddc1a7fcba1fd34df63f8fa60d5d2ad1210c02893faec6f3b600 |
SHA512: | 5820a4424f6b85e0077dc684fada861a598c87c4ef4da2b696729febc69cc61fb7743f2100832f9b5a2950a3fcdda7709f039ab4e50cd3f7a0bbaf07ce30dab0 |
SSDEEP: | 768:+8g87pqsbxzynf8l2j9WF05Yp8ZAfMG4Jlu6Myl:+8g87pqsbxzy0ogFNf54JldMyl |
TLSH: | CC133AC9E803E9F4DC126671287BF333BB76F0751129FD5BD355A936B882600960B6AC |
File Content Preview: | .ELF....................d...4...........4. ...(..............................................3...3......|...........Q.td............................U..S.......[....h....c...[]...$.............U......=.4...t..5.....4......4......u........t....h.#.......... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 42172 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8048094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80480b0 | 0xb0 | 0x9986 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x8051a36 | 0x9a36 | 0x17 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x8051a60 | 0x9a60 | 0x980 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x80533e4 | 0xa3e4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x80533ec | 0xa3ec | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x80533f4 | 0xa3f4 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x8053404 | 0xa404 | 0x74 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x8053480 | 0xa478 | 0x4e0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0xa478 | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8048000 | 0x8048000 | 0xa3e0 | 0xa3e0 | 6.3858 | 0x5 | R E | 0x1000 | .init .text .fini .rodata | |
LOAD | 0xa3e4 | 0x80533e4 | 0x80533e4 | 0x94 | 0x57c | 1.6832 | 0x6 | RW | 0x1000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 03:40:15.707021952 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:15.826596975 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:15.826673031 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:15.826733112 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:15.946295023 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:15.946363926 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:16.065892935 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:25.828768015 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:25.948913097 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:26.254693985 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:26.254786015 CET | 37086 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:26.374480009 CET | 38241 | 37086 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:27.499219894 CET | 37088 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:27.618699074 CET | 38241 | 37088 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:27.618869066 CET | 37088 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:27.618942022 CET | 37088 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:27.739420891 CET | 38241 | 37088 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:27.739573956 CET | 37088 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:27.859163046 CET | 38241 | 37088 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:38.731847048 CET | 38241 | 37088 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:38.732368946 CET | 37088 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:38.851918936 CET | 38241 | 37088 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:40.044503927 CET | 37090 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:40.164413929 CET | 38241 | 37090 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:40.164588928 CET | 37090 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:40.164786100 CET | 37090 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:40.284452915 CET | 38241 | 37090 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:40.284760952 CET | 37090 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:40.404408932 CET | 38241 | 37090 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:51.278106928 CET | 38241 | 37090 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:51.278386116 CET | 37090 | 38241 | 192.168.2.14 | 209.38.192.73 |
Dec 24, 2024 03:40:51.398015976 CET | 38241 | 37090 | 209.38.192.73 | 192.168.2.14 |
Dec 24, 2024 03:40:52.593699932 CET | 49644 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:40:52.713335037 CET | 38241 | 49644 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:40:52.713509083 CET | 49644 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:40:52.713532925 CET | 49644 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:40:52.833044052 CET | 38241 | 49644 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:40:52.833209991 CET | 49644 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:40:52.952728987 CET | 38241 | 49644 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:03.815999031 CET | 38241 | 49644 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:03.816271067 CET | 49644 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:03.937113047 CET | 38241 | 49644 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:05.128772974 CET | 49646 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:05.248425007 CET | 38241 | 49646 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:05.248528957 CET | 49646 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:05.248580933 CET | 49646 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:05.368187904 CET | 38241 | 49646 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:05.368303061 CET | 49646 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:05.488009930 CET | 38241 | 49646 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:16.355853081 CET | 38241 | 49646 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:16.356234074 CET | 49646 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:16.477695942 CET | 38241 | 49646 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:17.602617979 CET | 49648 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:17.722440004 CET | 38241 | 49648 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:17.722600937 CET | 49648 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:17.722703934 CET | 49648 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:17.842442989 CET | 38241 | 49648 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:17.842782974 CET | 49648 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:17.962795019 CET | 38241 | 49648 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:28.828253031 CET | 38241 | 49648 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:28.828388929 CET | 49648 | 38241 | 192.168.2.14 | 154.216.16.244 |
Dec 24, 2024 03:41:28.948724031 CET | 38241 | 49648 | 154.216.16.244 | 192.168.2.14 |
Dec 24, 2024 03:41:30.071809053 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:30.191498041 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:30.191746950 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:30.191907883 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:30.311503887 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:30.311661959 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:30.431267023 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:40.201770067 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:40.321531057 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:40.622725964 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:40.622838020 CET | 38410 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:40.742496967 CET | 38241 | 38410 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:41.874629021 CET | 38412 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:41.994424105 CET | 38241 | 38412 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:41.994816065 CET | 38412 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:41.994817019 CET | 38412 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:42.115200996 CET | 38241 | 38412 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:42.115374088 CET | 38412 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:42.235225916 CET | 38241 | 38412 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:53.102047920 CET | 38241 | 38412 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:53.102233887 CET | 38412 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:53.221821070 CET | 38241 | 38412 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:54.406941891 CET | 38414 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:54.526494980 CET | 38241 | 38414 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:54.526793003 CET | 38414 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:54.527031898 CET | 38414 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:54.646495104 CET | 38241 | 38414 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:41:54.646606922 CET | 38414 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:41:54.766129017 CET | 38241 | 38414 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:05.646851063 CET | 38241 | 38414 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:05.647031069 CET | 38414 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:05.766848087 CET | 38241 | 38414 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:06.897608995 CET | 38416 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:07.017225981 CET | 38241 | 38416 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:07.017369986 CET | 38416 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:07.017419100 CET | 38416 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:07.137196064 CET | 38241 | 38416 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:07.137319088 CET | 38416 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:07.257107019 CET | 38241 | 38416 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:18.123908043 CET | 38241 | 38416 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:18.124047041 CET | 38416 | 38241 | 192.168.2.14 | 154.216.16.250 |
Dec 24, 2024 03:42:18.243674994 CET | 38241 | 38416 | 154.216.16.250 | 192.168.2.14 |
Dec 24, 2024 03:42:19.395340919 CET | 37106 | 38241 | 192.168.2.14 | 209.38.192.73 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 03:40:15.467221975 CET | 59175 | 53 | 192.168.2.14 | 51.158.108.203 |
Dec 24, 2024 03:40:15.706895113 CET | 53 | 59175 | 51.158.108.203 | 192.168.2.14 |
Dec 24, 2024 03:40:27.256365061 CET | 47537 | 53 | 192.168.2.14 | 51.158.108.203 |
Dec 24, 2024 03:40:27.499084949 CET | 53 | 47537 | 51.158.108.203 | 192.168.2.14 |
Dec 24, 2024 03:40:39.734270096 CET | 58351 | 53 | 192.168.2.14 | 168.235.111.72 |
Dec 24, 2024 03:40:40.044171095 CET | 53 | 58351 | 168.235.111.72 | 192.168.2.14 |
Dec 24, 2024 03:40:52.280029058 CET | 45572 | 53 | 192.168.2.14 | 168.235.111.72 |
Dec 24, 2024 03:40:52.593579054 CET | 53 | 45572 | 168.235.111.72 | 192.168.2.14 |
Dec 24, 2024 03:41:04.818027973 CET | 48701 | 53 | 192.168.2.14 | 168.235.111.72 |
Dec 24, 2024 03:41:05.128632069 CET | 53 | 48701 | 168.235.111.72 | 192.168.2.14 |
Dec 24, 2024 03:41:17.358886003 CET | 33455 | 53 | 192.168.2.14 | 152.53.15.127 |
Dec 24, 2024 03:41:17.602171898 CET | 53 | 33455 | 152.53.15.127 | 192.168.2.14 |
Dec 24, 2024 03:41:29.830041885 CET | 58488 | 53 | 192.168.2.14 | 202.61.197.122 |
Dec 24, 2024 03:41:30.071660995 CET | 53 | 58488 | 202.61.197.122 | 192.168.2.14 |
Dec 24, 2024 03:41:41.624512911 CET | 58327 | 53 | 192.168.2.14 | 202.61.197.122 |
Dec 24, 2024 03:41:41.874087095 CET | 53 | 58327 | 202.61.197.122 | 192.168.2.14 |
Dec 24, 2024 03:41:54.103951931 CET | 35548 | 53 | 192.168.2.14 | 168.235.111.72 |
Dec 24, 2024 03:41:54.406486034 CET | 53 | 35548 | 168.235.111.72 | 192.168.2.14 |
Dec 24, 2024 03:42:06.649137974 CET | 52369 | 53 | 192.168.2.14 | 194.36.144.87 |
Dec 24, 2024 03:42:06.897239923 CET | 53 | 52369 | 194.36.144.87 | 192.168.2.14 |
Dec 24, 2024 03:42:19.125982046 CET | 52898 | 53 | 192.168.2.14 | 185.181.61.24 |
Dec 24, 2024 03:42:19.394968033 CET | 53 | 52898 | 185.181.61.24 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 24, 2024 03:40:15.467221975 CET | 192.168.2.14 | 51.158.108.203 | 0xd495 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:40:27.256365061 CET | 192.168.2.14 | 51.158.108.203 | 0xf363 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:40:39.734270096 CET | 192.168.2.14 | 168.235.111.72 | 0x71c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:40:52.280029058 CET | 192.168.2.14 | 168.235.111.72 | 0xdf1b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:41:04.818027973 CET | 192.168.2.14 | 168.235.111.72 | 0xc722 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:41:17.358886003 CET | 192.168.2.14 | 152.53.15.127 | 0x1e9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:41:29.830041885 CET | 192.168.2.14 | 202.61.197.122 | 0x257d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:41:41.624512911 CET | 192.168.2.14 | 202.61.197.122 | 0xd05b | Standard query (0) | 256 | 357 | false | |
Dec 24, 2024 03:41:54.103951931 CET | 192.168.2.14 | 168.235.111.72 | 0xb155 | Standard query (0) | 256 | 370 | false | |
Dec 24, 2024 03:42:06.649137974 CET | 192.168.2.14 | 194.36.144.87 | 0xc0b7 | Standard query (0) | 256 | 382 | false | |
Dec 24, 2024 03:42:19.125982046 CET | 192.168.2.14 | 185.181.61.24 | 0x5543 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 24, 2024 03:40:15.706895113 CET | 51.158.108.203 | 192.168.2.14 | 0xd495 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:40:27.499084949 CET | 51.158.108.203 | 192.168.2.14 | 0xf363 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:40:40.044171095 CET | 168.235.111.72 | 192.168.2.14 | 0x71c2 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:40:52.593579054 CET | 168.235.111.72 | 192.168.2.14 | 0xdf1b | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:40:52.593579054 CET | 168.235.111.72 | 192.168.2.14 | 0xdf1b | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:40:52.593579054 CET | 168.235.111.72 | 192.168.2.14 | 0xdf1b | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:05.128632069 CET | 168.235.111.72 | 192.168.2.14 | 0xc722 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:05.128632069 CET | 168.235.111.72 | 192.168.2.14 | 0xc722 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:05.128632069 CET | 168.235.111.72 | 192.168.2.14 | 0xc722 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:17.602171898 CET | 152.53.15.127 | 192.168.2.14 | 0x1e9 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:17.602171898 CET | 152.53.15.127 | 192.168.2.14 | 0x1e9 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:17.602171898 CET | 152.53.15.127 | 192.168.2.14 | 0x1e9 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:30.071660995 CET | 202.61.197.122 | 192.168.2.14 | 0x257d | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:30.071660995 CET | 202.61.197.122 | 192.168.2.14 | 0x257d | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:41:30.071660995 CET | 202.61.197.122 | 192.168.2.14 | 0x257d | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:42:06.897239923 CET | 194.36.144.87 | 192.168.2.14 | 0xc0b7 | Format error (1) | none | none | 256 | 382 | false | |
Dec 24, 2024 03:42:19.394968033 CET | 185.181.61.24 | 192.168.2.14 | 0x5543 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:42:19.394968033 CET | 185.181.61.24 | 192.168.2.14 | 0x5543 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:42:19.394968033 CET | 185.181.61.24 | 192.168.2.14 | 0x5543 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 02:40:14 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerx86.elf |
Arguments: | /tmp/zerx86.elf |
File size: | 42612 bytes |
MD5 hash: | 8f88d9001a0bbe8d00b274f3b3fecd19 |
Start time (UTC): | 02:40:15 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerx86.elf |
Arguments: | - |
File size: | 42612 bytes |
MD5 hash: | 8f88d9001a0bbe8d00b274f3b3fecd19 |
Start time (UTC): | 02:40:15 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerx86.elf |
Arguments: | - |
File size: | 42612 bytes |
MD5 hash: | 8f88d9001a0bbe8d00b274f3b3fecd19 |