Edit tour
Linux
Analysis Report
zerspc.elf
Overview
General Information
Sample name: | zerspc.elf |
Analysis ID: | 1580180 |
MD5: | b9cfdb4d146b10ac1726e96f11661b8a |
SHA1: | b6b7c2f432cb30f917941b5620f28752c37fa463 |
SHA256: | 9dc21175630e9fa1ddfe6847dad692279880c61eb449db214551dfbff49e78df |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1580180 |
Start date and time: | 2024-12-24 03:48:08 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerspc.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@14/0 |
Command: | /tmp/zerspc.elf |
PID: | 5512 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | The Peoples Bank of China. |
Standard Error: |
- system is lnxubuntu20
- zerspc.elf New Fork (PID: 5515, Parent: 5512)
- zerspc.elf New Fork (PID: 5517, Parent: 5515)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | Linux.Backdoor.Mirai | ||
43% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
serisontop.dyn | 209.38.192.73 | true | false | high | |
serisbot.geek. [malformed] | unknown | unknown | false | high | |
serisbot.geek | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.216.16.244 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | true | |
154.216.16.250 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | true | |
209.38.192.73 | serisontop.dyn | United States | 7018 | ATT-INTERNET4US | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
154.216.16.244 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
154.216.16.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
209.38.192.73 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
serisontop.dyn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ATT-INTERNET4US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.01178331190177 |
TrID: |
|
File name: | zerspc.elf |
File size: | 50'056 bytes |
MD5: | b9cfdb4d146b10ac1726e96f11661b8a |
SHA1: | b6b7c2f432cb30f917941b5620f28752c37fa463 |
SHA256: | 9dc21175630e9fa1ddfe6847dad692279880c61eb449db214551dfbff49e78df |
SHA512: | dd700b06ce5365fd5d3dda9752fc4dc439f5ee12d3273be05c80a145b70d24150ab639ff618ddf0ca8293b0c0846caddd38c9da8c22b89058fa57fa6294c45a7 |
SSDEEP: | 768:Jjo1lq9xXgrIsewjP8loFZWnA0SS3ixoL/O+Z/j5Fz4:JjKlStg0seMP8loenAlS3QoLDZLDz4 |
TLSH: | 71235C2179392E27C4D1B8BE51F74728B2F1270E36B8CA5A7D721E4EFF10A4095136B8 |
File Content Preview: | .ELF...........................4.........4. ...(....................................................................dt.Q................................@..(....@.-.................#.....a...`.....!..... ...@.....".........`......$ ... ...@...........`.... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 49616 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100b0 | 0xb0 | 0xb4f0 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1b5a0 | 0xb5a0 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1b5b8 | 0xb5b8 | 0x858 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ctors | PROGBITS | 0x2c000 | 0xc000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x2c008 | 0xc008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x2c010 | 0xc010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x2c018 | 0xc018 | 0x174 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.bss | NOBITS | 0x2c190 | 0xc18c | 0x180 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.shstrtab | STRTAB | 0x0 | 0xc18c | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000 | 0x10000 | 0xbe10 | 0xbe10 | 6.0871 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xc000 | 0x2c000 | 0x2c000 | 0x18c | 0x310 | 0.8475 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 03:49:22.109662056 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:22.229827881 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:22.230046034 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:22.234987974 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:22.355741978 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:22.355838060 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:22.475444078 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:32.245362997 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:32.364932060 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:32.666008949 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:32.666517019 CET | 44664 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:32.786113024 CET | 38241 | 44664 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:32.929630995 CET | 44666 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:33.049242020 CET | 38241 | 44666 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:33.049541950 CET | 44666 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:33.050973892 CET | 44666 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:33.171140909 CET | 38241 | 44666 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:33.171360970 CET | 44666 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:33.290744066 CET | 38241 | 44666 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.158080101 CET | 38241 | 44666 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.158638000 CET | 44666 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:44.278297901 CET | 38241 | 44666 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.400500059 CET | 44668 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:44.554739952 CET | 38241 | 44668 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.555088997 CET | 44668 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:44.556626081 CET | 44668 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:44.794007063 CET | 38241 | 44668 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.794112921 CET | 44668 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:49:44.794167042 CET | 38241 | 44668 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:44.913994074 CET | 38241 | 44668 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:49:45.036839962 CET | 48470 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:45.157392979 CET | 38241 | 48470 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:45.157532930 CET | 48470 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:45.158787012 CET | 48470 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:45.278297901 CET | 38241 | 48470 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:45.278527975 CET | 48470 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:45.398751974 CET | 38241 | 48470 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:56.267793894 CET | 38241 | 48470 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:56.268100023 CET | 48470 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:56.387595892 CET | 38241 | 48470 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:56.507211924 CET | 48472 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:56.626699924 CET | 38241 | 48472 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:56.626827002 CET | 48472 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:56.628139019 CET | 48472 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:56.747565031 CET | 38241 | 48472 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:49:56.747920036 CET | 48472 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:49:56.867476940 CET | 38241 | 48472 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:07.737503052 CET | 38241 | 48472 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:07.737787008 CET | 48472 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:07.857359886 CET | 38241 | 48472 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:07.977929115 CET | 48474 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.097356081 CET | 38241 | 48474 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.097671032 CET | 48474 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.098750114 CET | 48474 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.218163967 CET | 38241 | 48474 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.218360901 CET | 48474 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.224945068 CET | 38241 | 48474 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.338313103 CET | 38241 | 48474 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.465029001 CET | 48476 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.585773945 CET | 38241 | 48476 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.585853100 CET | 48476 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.587202072 CET | 48476 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.706743002 CET | 38241 | 48476 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:08.706896067 CET | 48476 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:08.826437950 CET | 38241 | 48476 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:19.707050085 CET | 38241 | 48476 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:19.707453012 CET | 48476 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:19.826994896 CET | 38241 | 48476 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:20.021912098 CET | 48478 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:20.141469955 CET | 38241 | 48478 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:20.141571999 CET | 48478 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:20.142647982 CET | 48478 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:20.262073994 CET | 38241 | 48478 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:20.262162924 CET | 48478 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:20.381643057 CET | 38241 | 48478 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:31.255531073 CET | 38241 | 48478 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:31.255871058 CET | 48478 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:31.375395060 CET | 38241 | 48478 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:31.514414072 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:31.633913994 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:31.634036064 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:31.635255098 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:31.754668951 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:31.754848003 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:31.874387026 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:41.645559072 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:41.765096903 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:42.070976973 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:42.071170092 CET | 48480 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 03:50:42.190849066 CET | 38241 | 48480 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 03:50:42.379935980 CET | 58414 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:42.500896931 CET | 38241 | 58414 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:42.501060009 CET | 58414 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:42.502599001 CET | 58414 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:42.622021914 CET | 38241 | 58414 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:42.622270107 CET | 58414 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:42.741857052 CET | 38241 | 58414 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:53.610023975 CET | 38241 | 58414 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:53.610383034 CET | 58414 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:53.730293989 CET | 38241 | 58414 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:53.921914101 CET | 58416 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:54.041465044 CET | 38241 | 58416 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:54.041528940 CET | 58416 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:54.042684078 CET | 58416 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:54.162102938 CET | 38241 | 58416 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:50:54.162298918 CET | 58416 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:50:54.281774998 CET | 38241 | 58416 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:51:05.148618937 CET | 38241 | 58416 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:51:05.149158955 CET | 58416 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 03:51:05.271110058 CET | 38241 | 58416 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 03:51:05.402549982 CET | 44686 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:05.522231102 CET | 38241 | 44686 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:05.522460938 CET | 44686 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:05.523787975 CET | 44686 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:05.643271923 CET | 38241 | 44686 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:05.643423080 CET | 44686 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:05.762955904 CET | 38241 | 44686 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:16.630048990 CET | 38241 | 44686 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:16.630222082 CET | 44686 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:16.749773026 CET | 38241 | 44686 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:16.945499897 CET | 44688 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:17.065054893 CET | 38241 | 44688 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:17.065124035 CET | 44688 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:17.066211939 CET | 44688 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:17.185671091 CET | 38241 | 44688 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 03:51:17.185744047 CET | 44688 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 03:51:17.305224895 CET | 38241 | 44688 | 154.216.16.244 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 03:49:21.558701992 CET | 47131 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 03:49:21.796088934 CET | 53 | 47131 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 03:49:21.799063921 CET | 45371 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 03:49:22.108433008 CET | 53 | 45371 | 168.235.111.72 | 192.168.2.13 |
Dec 24, 2024 03:49:32.667643070 CET | 41589 | 53 | 192.168.2.13 | 185.181.61.24 |
Dec 24, 2024 03:49:32.928607941 CET | 53 | 41589 | 185.181.61.24 | 192.168.2.13 |
Dec 24, 2024 03:49:44.160298109 CET | 57902 | 53 | 192.168.2.13 | 51.158.108.203 |
Dec 24, 2024 03:49:44.399449110 CET | 53 | 57902 | 51.158.108.203 | 192.168.2.13 |
Dec 24, 2024 03:49:44.795816898 CET | 39204 | 53 | 192.168.2.13 | 51.158.108.203 |
Dec 24, 2024 03:49:45.035706997 CET | 53 | 39204 | 51.158.108.203 | 192.168.2.13 |
Dec 24, 2024 03:49:56.269150019 CET | 39585 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 03:49:56.506333113 CET | 53 | 39585 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 03:50:07.739487886 CET | 59386 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 03:50:07.977094889 CET | 53 | 59386 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 03:50:08.226553917 CET | 44096 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 03:50:08.464045048 CET | 53 | 44096 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 03:50:19.709069014 CET | 40393 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 03:50:20.020886898 CET | 53 | 40393 | 168.235.111.72 | 192.168.2.13 |
Dec 24, 2024 03:50:31.256978035 CET | 60284 | 53 | 192.168.2.13 | 185.181.61.24 |
Dec 24, 2024 03:50:31.513494015 CET | 53 | 60284 | 185.181.61.24 | 192.168.2.13 |
Dec 24, 2024 03:50:42.072509050 CET | 49764 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 03:50:42.378705978 CET | 53 | 49764 | 168.235.111.72 | 192.168.2.13 |
Dec 24, 2024 03:50:53.611735106 CET | 36454 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 03:50:53.921178102 CET | 53 | 36454 | 168.235.111.72 | 192.168.2.13 |
Dec 24, 2024 03:51:05.150294065 CET | 37931 | 53 | 192.168.2.13 | 152.53.15.127 |
Dec 24, 2024 03:51:05.401748896 CET | 53 | 37931 | 152.53.15.127 | 192.168.2.13 |
Dec 24, 2024 03:51:16.631297112 CET | 58659 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 03:51:16.944762945 CET | 53 | 58659 | 168.235.111.72 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 24, 2024 03:49:21.558701992 CET | 192.168.2.13 | 81.169.136.222 | 0x7d3b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:49:21.799063921 CET | 192.168.2.13 | 168.235.111.72 | 0xd3cc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:49:32.667643070 CET | 192.168.2.13 | 185.181.61.24 | 0xbbc8 | Standard query (0) | 256 | 316 | false | |
Dec 24, 2024 03:49:44.160298109 CET | 192.168.2.13 | 51.158.108.203 | 0x3284 | Standard query (0) | 256 | 328 | false | |
Dec 24, 2024 03:49:44.795816898 CET | 192.168.2.13 | 51.158.108.203 | 0x45f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:49:56.269150019 CET | 192.168.2.13 | 81.169.136.222 | 0x78ab | Standard query (0) | 256 | 340 | false | |
Dec 24, 2024 03:50:07.739487886 CET | 192.168.2.13 | 81.169.136.222 | 0x7ccc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:50:08.226553917 CET | 192.168.2.13 | 81.169.136.222 | 0x55ae | Standard query (0) | 256 | 352 | false | |
Dec 24, 2024 03:50:19.709069014 CET | 192.168.2.13 | 168.235.111.72 | 0x9ce0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:50:31.256978035 CET | 192.168.2.13 | 185.181.61.24 | 0xd2ca | Standard query (0) | 256 | 375 | false | |
Dec 24, 2024 03:50:42.072509050 CET | 192.168.2.13 | 168.235.111.72 | 0x722e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:50:53.611735106 CET | 192.168.2.13 | 168.235.111.72 | 0x789c | Standard query (0) | 256 | 397 | false | |
Dec 24, 2024 03:51:05.150294065 CET | 192.168.2.13 | 152.53.15.127 | 0xf354 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:51:16.631297112 CET | 192.168.2.13 | 168.235.111.72 | 0xca66 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 24, 2024 03:49:21.796088934 CET | 81.169.136.222 | 192.168.2.13 | 0x7d3b | Refused (5) | none | none | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:49:22.108433008 CET | 168.235.111.72 | 192.168.2.13 | 0xd3cc | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:49:22.108433008 CET | 168.235.111.72 | 192.168.2.13 | 0xd3cc | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:49:22.108433008 CET | 168.235.111.72 | 192.168.2.13 | 0xd3cc | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:49:44.399449110 CET | 51.158.108.203 | 192.168.2.13 | 0x3284 | Format error (1) | none | none | 256 | 328 | false | |
Dec 24, 2024 03:49:45.035706997 CET | 51.158.108.203 | 192.168.2.13 | 0x45f | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:07.977094889 CET | 81.169.136.222 | 192.168.2.13 | 0x7ccc | Refused (5) | none | none | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 03:50:20.020886898 CET | 168.235.111.72 | 192.168.2.13 | 0x9ce0 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:20.020886898 CET | 168.235.111.72 | 192.168.2.13 | 0x9ce0 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:20.020886898 CET | 168.235.111.72 | 192.168.2.13 | 0x9ce0 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:42.378705978 CET | 168.235.111.72 | 192.168.2.13 | 0x722e | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:42.378705978 CET | 168.235.111.72 | 192.168.2.13 | 0x722e | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:50:42.378705978 CET | 168.235.111.72 | 192.168.2.13 | 0x722e | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:05.401748896 CET | 152.53.15.127 | 192.168.2.13 | 0xf354 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:05.401748896 CET | 152.53.15.127 | 192.168.2.13 | 0xf354 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:05.401748896 CET | 152.53.15.127 | 192.168.2.13 | 0xf354 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:16.944762945 CET | 168.235.111.72 | 192.168.2.13 | 0xca66 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:16.944762945 CET | 168.235.111.72 | 192.168.2.13 | 0xca66 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 03:51:16.944762945 CET | 168.235.111.72 | 192.168.2.13 | 0xca66 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 02:49:20 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerspc.elf |
Arguments: | /tmp/zerspc.elf |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time (UTC): | 02:49:20 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerspc.elf |
Arguments: | - |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time (UTC): | 02:49:20 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerspc.elf |
Arguments: | - |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |