Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
zerspc.elf

Overview

General Information

Sample name:zerspc.elf
Analysis ID:1580180
MD5:b9cfdb4d146b10ac1726e96f11661b8a
SHA1:b6b7c2f432cb30f917941b5620f28752c37fa463
SHA256:9dc21175630e9fa1ddfe6847dad692279880c61eb449db214551dfbff49e78df
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580180
Start date and time:2024-12-24 03:48:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerspc.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@14/0
Command:/tmp/zerspc.elf
PID:5512
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
The Peoples Bank of China.
Standard Error:
  • system is lnxubuntu20
  • zerspc.elf (PID: 5512, Parent: 5436, MD5: 7dc1c0e23cd5e102bb12e5c29403410e) Arguments: /tmp/zerspc.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerspc.elfReversingLabs: Detection: 36%
Source: zerspc.elfVirustotal: Detection: 42%Perma Link

Networking

barindex
Source: global trafficTCP traffic: 154.216.16.244 ports 38241,1,2,3,4,8
Source: global trafficTCP traffic: 154.216.16.250 ports 38241,1,2,3,4,8
Source: global trafficTCP traffic: 209.38.192.73 ports 38241,1,2,3,4,8
Source: global trafficDNS traffic detected: malformed DNS query: serisbot.geek. [malformed]
Source: global trafficTCP traffic: 192.168.2.13:44664 -> 154.216.16.244:38241
Source: global trafficTCP traffic: 192.168.2.13:48470 -> 209.38.192.73:38241
Source: global trafficTCP traffic: 192.168.2.13:58414 -> 154.216.16.250:38241
Source: /tmp/zerspc.elf (PID: 5512)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: global trafficDNS traffic detected: DNS query: serisbot.geek
Source: global trafficDNS traffic detected: DNS query: serisontop.dyn
Source: global trafficDNS traffic detected: DNS query: serisbot.geek. [malformed]
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sampleString containing 'busybox' found: /bin/busybox echo -ne >> > .d
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal56.troj.linELF@0/0@14/0
Source: /tmp/zerspc.elf (PID: 5512)Queries kernel information via 'uname': Jump to behavior
Source: zerspc.elf, 5512.1.0000562c11bc2000.0000562c11c47000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
Source: zerspc.elf, 5512.1.0000562c11bc2000.0000562c11c47000.rw-.sdmpBinary or memory string: ,V!/etc/qemu-binfmt/sparc
Source: zerspc.elf, 5512.1.00007ffd9da13000.00007ffd9da34000.rw-.sdmpBinary or memory string: n{x86_64/usr/bin/qemu-sparc/tmp/zerspc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerspc.elf
Source: zerspc.elf, 5512.1.00007ffd9da13000.00007ffd9da34000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
SourceDetectionScannerLabelLink
zerspc.elf37%ReversingLabsLinux.Backdoor.Mirai
zerspc.elf43%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
serisontop.dyn
209.38.192.73
truefalse
    high
    serisbot.geek. [malformed]
    unknown
    unknownfalse
      high
      serisbot.geek
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        154.216.16.244
        unknownSeychelles
        135357SKHT-ASShenzhenKatherineHengTechnologyInformationCotrue
        154.216.16.250
        unknownSeychelles
        135357SKHT-ASShenzhenKatherineHengTechnologyInformationCotrue
        209.38.192.73
        serisontop.dynUnited States
        7018ATT-INTERNET4USfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        154.216.16.244zerarm.elfGet hashmaliciousUnknownBrowse
          zerx86.elfGet hashmaliciousUnknownBrowse
            154.216.16.250zermpsl.elfGet hashmaliciousUnknownBrowse
              zerarm.elfGet hashmaliciousUnknownBrowse
                zerx86.elfGet hashmaliciousUnknownBrowse
                  209.38.192.73zerm68k.elfGet hashmaliciousUnknownBrowse
                    zermpsl.elfGet hashmaliciousUnknownBrowse
                      zerarm.elfGet hashmaliciousUnknownBrowse
                        zerx86.elfGet hashmaliciousUnknownBrowse
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          serisontop.dynsplx86.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zerm68k.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zermpsl.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zerarm.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zerx86.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          jklmpsl.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          arm5.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          nabarm5.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.244
                          nklx86.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          sh4.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          ATT-INTERNET4USsplx86.elfGet hashmaliciousUnknownBrowse
                          • 12.34.98.196
                          zerm68k.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zermpsl.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zerarm.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          zerx86.elfGet hashmaliciousUnknownBrowse
                          • 209.38.192.73
                          jklmpsl.elfGet hashmaliciousUnknownBrowse
                          • 12.242.244.195
                          arm5.elfGet hashmaliciousUnknownBrowse
                          • 104.55.155.192
                          nabarm5.elfGet hashmaliciousUnknownBrowse
                          • 32.96.179.169
                          nklx86.elfGet hashmaliciousUnknownBrowse
                          • 67.127.218.45
                          sh4.elfGet hashmaliciousUnknownBrowse
                          • 108.255.169.52
                          SKHT-ASShenzhenKatherineHengTechnologyInformationCozermpsl.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          zerarm.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          zerx86.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          x86_32.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm7.nn-20241224-0051.elfGet hashmaliciousMirai, OkiruBrowse
                          • 154.216.19.139
                          sparc.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          mipsel.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          powerpc.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          SKHT-ASShenzhenKatherineHengTechnologyInformationCozermpsl.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          zerarm.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          zerx86.elfGet hashmaliciousUnknownBrowse
                          • 154.216.16.250
                          x86_32.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm7.nn-20241224-0051.elfGet hashmaliciousMirai, OkiruBrowse
                          • 154.216.19.139
                          sparc.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          mipsel.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          powerpc.nn.elfGet hashmaliciousOkiruBrowse
                          • 154.216.19.139
                          No context
                          No context
                          No created / dropped files found
                          File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
                          Entropy (8bit):6.01178331190177
                          TrID:
                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                          File name:zerspc.elf
                          File size:50'056 bytes
                          MD5:b9cfdb4d146b10ac1726e96f11661b8a
                          SHA1:b6b7c2f432cb30f917941b5620f28752c37fa463
                          SHA256:9dc21175630e9fa1ddfe6847dad692279880c61eb449db214551dfbff49e78df
                          SHA512:dd700b06ce5365fd5d3dda9752fc4dc439f5ee12d3273be05c80a145b70d24150ab639ff618ddf0ca8293b0c0846caddd38c9da8c22b89058fa57fa6294c45a7
                          SSDEEP:768:Jjo1lq9xXgrIsewjP8loFZWnA0SS3ixoL/O+Z/j5Fz4:JjKlStg0seMP8loenAlS3QoLDZLDz4
                          TLSH:71235C2179392E27C4D1B8BE51F74728B2F1270E36B8CA5A7D721E4EFF10A4095136B8
                          File Content Preview:.ELF...........................4.........4. ...(....................................................................dt.Q................................@..(....@.-.................#.....a...`.....!..... ...@.....".........`......$ ... ...@...........`....

                          ELF header

                          Class:ELF32
                          Data:2's complement, big endian
                          Version:1 (current)
                          Machine:Sparc
                          Version Number:0x1
                          Type:EXEC (Executable file)
                          OS/ABI:UNIX - System V
                          ABI Version:0
                          Entry Point Address:0x101a4
                          Flags:0x0
                          ELF Header Size:52
                          Program Header Offset:52
                          Program Header Size:32
                          Number of Program Headers:3
                          Section Header Offset:49616
                          Section Header Size:40
                          Number of Section Headers:11
                          Header String Table Index:10
                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                          NULL0x00x00x00x00x0000
                          .initPROGBITS0x100940x940x1c0x00x6AX004
                          .textPROGBITS0x100b00xb00xb4f00x00x6AX004
                          .finiPROGBITS0x1b5a00xb5a00x140x00x6AX004
                          .rodataPROGBITS0x1b5b80xb5b80x8580x00x2A008
                          .ctorsPROGBITS0x2c0000xc0000x80x00x3WA004
                          .dtorsPROGBITS0x2c0080xc0080x80x00x3WA004
                          .jcrPROGBITS0x2c0100xc0100x40x00x3WA004
                          .dataPROGBITS0x2c0180xc0180x1740x00x3WA008
                          .bssNOBITS0x2c1900xc18c0x1800x00x3WA008
                          .shstrtabSTRTAB0x00xc18c0x430x00x0001
                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                          LOAD0x00x100000x100000xbe100xbe106.08710x5R E0x10000.init .text .fini .rodata
                          LOAD0xc0000x2c0000x2c0000x18c0x3100.84750x6RW 0x10000.ctors .dtors .jcr .data .bss
                          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4
                          TimestampSource PortDest PortSource IPDest IP
                          Dec 24, 2024 03:49:22.109662056 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:22.229827881 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:22.230046034 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:22.234987974 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:22.355741978 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:22.355838060 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:22.475444078 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:32.245362997 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:32.364932060 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:32.666008949 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:32.666517019 CET4466438241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:32.786113024 CET3824144664154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:32.929630995 CET4466638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:33.049242020 CET3824144666154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:33.049541950 CET4466638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:33.050973892 CET4466638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:33.171140909 CET3824144666154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:33.171360970 CET4466638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:33.290744066 CET3824144666154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.158080101 CET3824144666154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.158638000 CET4466638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:44.278297901 CET3824144666154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.400500059 CET4466838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:44.554739952 CET3824144668154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.555088997 CET4466838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:44.556626081 CET4466838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:44.794007063 CET3824144668154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.794112921 CET4466838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:49:44.794167042 CET3824144668154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:44.913994074 CET3824144668154.216.16.244192.168.2.13
                          Dec 24, 2024 03:49:45.036839962 CET4847038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:45.157392979 CET3824148470209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:45.157532930 CET4847038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:45.158787012 CET4847038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:45.278297901 CET3824148470209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:45.278527975 CET4847038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:45.398751974 CET3824148470209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:56.267793894 CET3824148470209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:56.268100023 CET4847038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:56.387595892 CET3824148470209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:56.507211924 CET4847238241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:56.626699924 CET3824148472209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:56.626827002 CET4847238241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:56.628139019 CET4847238241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:56.747565031 CET3824148472209.38.192.73192.168.2.13
                          Dec 24, 2024 03:49:56.747920036 CET4847238241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:49:56.867476940 CET3824148472209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:07.737503052 CET3824148472209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:07.737787008 CET4847238241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:07.857359886 CET3824148472209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:07.977929115 CET4847438241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.097356081 CET3824148474209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.097671032 CET4847438241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.098750114 CET4847438241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.218163967 CET3824148474209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.218360901 CET4847438241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.224945068 CET3824148474209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.338313103 CET3824148474209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.465029001 CET4847638241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.585773945 CET3824148476209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.585853100 CET4847638241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.587202072 CET4847638241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.706743002 CET3824148476209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:08.706896067 CET4847638241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:08.826437950 CET3824148476209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:19.707050085 CET3824148476209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:19.707453012 CET4847638241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:19.826994896 CET3824148476209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:20.021912098 CET4847838241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:20.141469955 CET3824148478209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:20.141571999 CET4847838241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:20.142647982 CET4847838241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:20.262073994 CET3824148478209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:20.262162924 CET4847838241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:20.381643057 CET3824148478209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:31.255531073 CET3824148478209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:31.255871058 CET4847838241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:31.375395060 CET3824148478209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:31.514414072 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:31.633913994 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:31.634036064 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:31.635255098 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:31.754668951 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:31.754848003 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:31.874387026 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:41.645559072 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:41.765096903 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:42.070976973 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:42.071170092 CET4848038241192.168.2.13209.38.192.73
                          Dec 24, 2024 03:50:42.190849066 CET3824148480209.38.192.73192.168.2.13
                          Dec 24, 2024 03:50:42.379935980 CET5841438241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:42.500896931 CET3824158414154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:42.501060009 CET5841438241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:42.502599001 CET5841438241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:42.622021914 CET3824158414154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:42.622270107 CET5841438241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:42.741857052 CET3824158414154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:53.610023975 CET3824158414154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:53.610383034 CET5841438241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:53.730293989 CET3824158414154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:53.921914101 CET5841638241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:54.041465044 CET3824158416154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:54.041528940 CET5841638241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:54.042684078 CET5841638241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:54.162102938 CET3824158416154.216.16.250192.168.2.13
                          Dec 24, 2024 03:50:54.162298918 CET5841638241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:50:54.281774998 CET3824158416154.216.16.250192.168.2.13
                          Dec 24, 2024 03:51:05.148618937 CET3824158416154.216.16.250192.168.2.13
                          Dec 24, 2024 03:51:05.149158955 CET5841638241192.168.2.13154.216.16.250
                          Dec 24, 2024 03:51:05.271110058 CET3824158416154.216.16.250192.168.2.13
                          Dec 24, 2024 03:51:05.402549982 CET4468638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:05.522231102 CET3824144686154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:05.522460938 CET4468638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:05.523787975 CET4468638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:05.643271923 CET3824144686154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:05.643423080 CET4468638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:05.762955904 CET3824144686154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:16.630048990 CET3824144686154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:16.630222082 CET4468638241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:16.749773026 CET3824144686154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:16.945499897 CET4468838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:17.065054893 CET3824144688154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:17.065124035 CET4468838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:17.066211939 CET4468838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:17.185671091 CET3824144688154.216.16.244192.168.2.13
                          Dec 24, 2024 03:51:17.185744047 CET4468838241192.168.2.13154.216.16.244
                          Dec 24, 2024 03:51:17.305224895 CET3824144688154.216.16.244192.168.2.13
                          TimestampSource PortDest PortSource IPDest IP
                          Dec 24, 2024 03:49:21.558701992 CET4713153192.168.2.1381.169.136.222
                          Dec 24, 2024 03:49:21.796088934 CET534713181.169.136.222192.168.2.13
                          Dec 24, 2024 03:49:21.799063921 CET4537153192.168.2.13168.235.111.72
                          Dec 24, 2024 03:49:22.108433008 CET5345371168.235.111.72192.168.2.13
                          Dec 24, 2024 03:49:32.667643070 CET4158953192.168.2.13185.181.61.24
                          Dec 24, 2024 03:49:32.928607941 CET5341589185.181.61.24192.168.2.13
                          Dec 24, 2024 03:49:44.160298109 CET5790253192.168.2.1351.158.108.203
                          Dec 24, 2024 03:49:44.399449110 CET535790251.158.108.203192.168.2.13
                          Dec 24, 2024 03:49:44.795816898 CET3920453192.168.2.1351.158.108.203
                          Dec 24, 2024 03:49:45.035706997 CET533920451.158.108.203192.168.2.13
                          Dec 24, 2024 03:49:56.269150019 CET3958553192.168.2.1381.169.136.222
                          Dec 24, 2024 03:49:56.506333113 CET533958581.169.136.222192.168.2.13
                          Dec 24, 2024 03:50:07.739487886 CET5938653192.168.2.1381.169.136.222
                          Dec 24, 2024 03:50:07.977094889 CET535938681.169.136.222192.168.2.13
                          Dec 24, 2024 03:50:08.226553917 CET4409653192.168.2.1381.169.136.222
                          Dec 24, 2024 03:50:08.464045048 CET534409681.169.136.222192.168.2.13
                          Dec 24, 2024 03:50:19.709069014 CET4039353192.168.2.13168.235.111.72
                          Dec 24, 2024 03:50:20.020886898 CET5340393168.235.111.72192.168.2.13
                          Dec 24, 2024 03:50:31.256978035 CET6028453192.168.2.13185.181.61.24
                          Dec 24, 2024 03:50:31.513494015 CET5360284185.181.61.24192.168.2.13
                          Dec 24, 2024 03:50:42.072509050 CET4976453192.168.2.13168.235.111.72
                          Dec 24, 2024 03:50:42.378705978 CET5349764168.235.111.72192.168.2.13
                          Dec 24, 2024 03:50:53.611735106 CET3645453192.168.2.13168.235.111.72
                          Dec 24, 2024 03:50:53.921178102 CET5336454168.235.111.72192.168.2.13
                          Dec 24, 2024 03:51:05.150294065 CET3793153192.168.2.13152.53.15.127
                          Dec 24, 2024 03:51:05.401748896 CET5337931152.53.15.127192.168.2.13
                          Dec 24, 2024 03:51:16.631297112 CET5865953192.168.2.13168.235.111.72
                          Dec 24, 2024 03:51:16.944762945 CET5358659168.235.111.72192.168.2.13
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Dec 24, 2024 03:49:21.558701992 CET192.168.2.1381.169.136.2220x7d3bStandard query (0)serisbot.geekA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:21.799063921 CET192.168.2.13168.235.111.720xd3ccStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:32.667643070 CET192.168.2.13185.181.61.240xbbc8Standard query (0)serisbot.geek. [malformed]256316false
                          Dec 24, 2024 03:49:44.160298109 CET192.168.2.1351.158.108.2030x3284Standard query (0)serisbot.geek. [malformed]256328false
                          Dec 24, 2024 03:49:44.795816898 CET192.168.2.1351.158.108.2030x45fStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:56.269150019 CET192.168.2.1381.169.136.2220x78abStandard query (0)serisbot.geek. [malformed]256340false
                          Dec 24, 2024 03:50:07.739487886 CET192.168.2.1381.169.136.2220x7cccStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:08.226553917 CET192.168.2.1381.169.136.2220x55aeStandard query (0)serisbot.geek. [malformed]256352false
                          Dec 24, 2024 03:50:19.709069014 CET192.168.2.13168.235.111.720x9ce0Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:31.256978035 CET192.168.2.13185.181.61.240xd2caStandard query (0)serisbot.geek. [malformed]256375false
                          Dec 24, 2024 03:50:42.072509050 CET192.168.2.13168.235.111.720x722eStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:53.611735106 CET192.168.2.13168.235.111.720x789cStandard query (0)serisbot.geek. [malformed]256397false
                          Dec 24, 2024 03:51:05.150294065 CET192.168.2.13152.53.15.1270xf354Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:16.631297112 CET192.168.2.13168.235.111.720xca66Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Dec 24, 2024 03:49:21.796088934 CET81.169.136.222192.168.2.130x7d3bRefused (5)serisbot.geeknonenoneA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:22.108433008 CET168.235.111.72192.168.2.130xd3ccNo error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:22.108433008 CET168.235.111.72192.168.2.130xd3ccNo error (0)serisontop.dyn154.216.16.250A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:22.108433008 CET168.235.111.72192.168.2.130xd3ccNo error (0)serisontop.dyn154.216.16.244A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:49:44.399449110 CET51.158.108.203192.168.2.130x3284Format error (1)serisbot.geek. [malformed]nonenone256328false
                          Dec 24, 2024 03:49:45.035706997 CET51.158.108.203192.168.2.130x45fNo error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:07.977094889 CET81.169.136.222192.168.2.130x7cccRefused (5)serisontop.dynnonenoneA (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:20.020886898 CET168.235.111.72192.168.2.130x9ce0No error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:20.020886898 CET168.235.111.72192.168.2.130x9ce0No error (0)serisontop.dyn154.216.16.250A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:20.020886898 CET168.235.111.72192.168.2.130x9ce0No error (0)serisontop.dyn154.216.16.244A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:42.378705978 CET168.235.111.72192.168.2.130x722eNo error (0)serisontop.dyn154.216.16.244A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:42.378705978 CET168.235.111.72192.168.2.130x722eNo error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:50:42.378705978 CET168.235.111.72192.168.2.130x722eNo error (0)serisontop.dyn154.216.16.250A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:05.401748896 CET152.53.15.127192.168.2.130xf354No error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:05.401748896 CET152.53.15.127192.168.2.130xf354No error (0)serisontop.dyn154.216.16.244A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:05.401748896 CET152.53.15.127192.168.2.130xf354No error (0)serisontop.dyn154.216.16.250A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:16.944762945 CET168.235.111.72192.168.2.130xca66No error (0)serisontop.dyn154.216.16.244A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:16.944762945 CET168.235.111.72192.168.2.130xca66No error (0)serisontop.dyn154.216.16.250A (IP address)IN (0x0001)false
                          Dec 24, 2024 03:51:16.944762945 CET168.235.111.72192.168.2.130xca66No error (0)serisontop.dyn209.38.192.73A (IP address)IN (0x0001)false

                          System Behavior

                          Start time (UTC):02:49:20
                          Start date (UTC):24/12/2024
                          Path:/tmp/zerspc.elf
                          Arguments:/tmp/zerspc.elf
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:49:20
                          Start date (UTC):24/12/2024
                          Path:/tmp/zerspc.elf
                          Arguments:-
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e

                          Start time (UTC):02:49:20
                          Start date (UTC):24/12/2024
                          Path:/tmp/zerspc.elf
                          Arguments:-
                          File size:4379400 bytes
                          MD5 hash:7dc1c0e23cd5e102bb12e5c29403410e