Edit tour
Linux
Analysis Report
zerppc.elf
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1580201 |
Start date and time: | 2024-12-24 04:13:29 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerppc.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@12/0 |
Command: | /tmp/zerppc.elf |
PID: | 5462 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | The Peoples Bank of China. |
Standard Error: |
- system is lnxubuntu20
- zerppc.elf New Fork (PID: 5464, Parent: 5462)
- zerppc.elf New Fork (PID: 5466, Parent: 5464)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Linux.Trojan.Mirai | ||
43% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
serisontop.dyn | 154.216.16.244 | true | false | high | |
serisbot.geek | 209.38.192.73 | true | false | high | |
serisbot.geek. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.216.16.244 | serisontop.dyn | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | false | |
154.216.16.250 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | true | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
209.38.192.73 | serisbot.geek | United States | 7018 | ATT-INTERNET4US | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
154.216.16.244 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
154.216.16.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
185.125.190.26 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai | Browse | |||
209.38.192.73 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
serisontop.dyn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
ATT-INTERNET4US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SKHT-ASShenzhenKatherineHengTechnologyInformationCo | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.16904858126552 |
TrID: |
|
File name: | zerppc.elf |
File size: | 46'048 bytes |
MD5: | 44d0c239684c1065160bd9f9c82ff48d |
SHA1: | 85c4aa3ea33358381b4efcc277190a29e8c8a336 |
SHA256: | 3cd7bc96919f59a7ffe00008a5a9a24063066108498b530ce5e10d56f5e5d60a |
SHA512: | 115030da37edcb6cc381d29e41e337ba374127256a2a27c9fe23fa16981fbd9b36db8b8692779977c9eba2ac78e7193fcfc24f1422d0e3addf89df563aff67df |
SSDEEP: | 768:gvxq32zARiw674rSHvb560gUGE0NtIdiSYz5766Th:WqGUElGiF60gRHNtgiSYF79Th |
TLSH: | 9D233B42721C0927C06257B4253E17E0E7FBBDA025F4FA88650FAB5A8575F372086F9E |
File Content Preview: | .ELF...........................4.........4. ...(.......................$...$........................................dt.Q.............................!..|......$H...H..5...$8!. |...N.. .!..|.......?.............../...@..\?........+../...A..$8...})......N.. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 45528 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10000094 | 0x94 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100000b8 | 0xb8 | 0xa68c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1000a744 | 0xa744 | 0x20 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1000a764 | 0xa764 | 0x7c0 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1001b000 | 0xb000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1001b008 | 0xb008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1001b010 | 0xb010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1001b018 | 0xb018 | 0x148 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.sdata | PROGBITS | 0x1001b160 | 0xb160 | 0x28 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.sbss | NOBITS | 0x1001b188 | 0xb188 | 0x5c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1001b1e4 | 0xb188 | 0x10c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xb188 | 0x50 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000000 | 0x10000000 | 0xaf24 | 0xaf24 | 6.2457 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xb000 | 0x1001b000 | 0x1001b000 | 0x188 | 0x2f0 | 0.8914 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data .sdata .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 04:14:27.722017050 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:27.841568947 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:27.841662884 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:27.842621088 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:27.962160110 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:27.962490082 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:28.081976891 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:34.678073883 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Dec 24, 2024 04:14:37.853200912 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:37.972929955 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:38.274146080 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:38.274454117 CET | 48450 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:38.393898010 CET | 38241 | 48450 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:39.595434904 CET | 48452 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:39.715109110 CET | 38241 | 48452 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:39.715246916 CET | 48452 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:39.716221094 CET | 48452 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:39.835750103 CET | 38241 | 48452 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:39.835958958 CET | 48452 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:39.955425978 CET | 38241 | 48452 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:50.826834917 CET | 38241 | 48452 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:50.827150106 CET | 48452 | 38241 | 192.168.2.13 | 209.38.192.73 |
Dec 24, 2024 04:14:50.946629047 CET | 38241 | 48452 | 209.38.192.73 | 192.168.2.13 |
Dec 24, 2024 04:14:52.070384979 CET | 44654 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:14:52.189887047 CET | 38241 | 44654 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:14:52.190001965 CET | 44654 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:14:52.191333055 CET | 44654 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:14:52.310795069 CET | 38241 | 44654 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:14:52.310890913 CET | 44654 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:14:52.430383921 CET | 38241 | 44654 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:03.299141884 CET | 38241 | 44654 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:03.299428940 CET | 44654 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:03.419007063 CET | 38241 | 44654 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:04.544327021 CET | 44656 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:04.663738966 CET | 38241 | 44656 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:04.663836002 CET | 44656 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:04.665580034 CET | 44656 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:04.785402060 CET | 38241 | 44656 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:04.785495043 CET | 44656 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:04.905002117 CET | 38241 | 44656 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:06.934250116 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Dec 24, 2024 04:15:15.771653891 CET | 38241 | 44656 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:15.771910906 CET | 44656 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:15.891362906 CET | 38241 | 44656 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:17.013252974 CET | 44658 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:17.132791996 CET | 38241 | 44658 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:17.132915020 CET | 44658 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:17.134135962 CET | 44658 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:17.253101110 CET | 38241 | 44658 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:17.253257990 CET | 44658 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:17.254722118 CET | 38241 | 44658 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:17.373142004 CET | 38241 | 44658 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:18.500936985 CET | 44660 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:18.621284008 CET | 38241 | 44660 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:18.621439934 CET | 44660 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:18.622571945 CET | 44660 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:18.742084026 CET | 38241 | 44660 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:18.742351055 CET | 44660 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:18.861932039 CET | 38241 | 44660 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:29.730752945 CET | 38241 | 44660 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:29.731143951 CET | 44660 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:15:29.850884914 CET | 38241 | 44660 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:15:30.995995998 CET | 58394 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:31.115576982 CET | 38241 | 58394 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:31.115746975 CET | 58394 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:31.117403030 CET | 58394 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:31.236906052 CET | 38241 | 58394 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:31.237051964 CET | 58394 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:31.356559038 CET | 38241 | 58394 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:42.225544930 CET | 38241 | 58394 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:42.225929022 CET | 58394 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:42.345449924 CET | 38241 | 58394 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:43.479768038 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:43.599342108 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:43.599689960 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:43.601195097 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:43.720598936 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:43.720716000 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:43.840246916 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:53.611377001 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:53.730848074 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:54.031866074 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:54.032157898 CET | 58396 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:54.151550055 CET | 38241 | 58396 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:55.276323080 CET | 58398 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:55.395829916 CET | 38241 | 58398 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:55.396008015 CET | 58398 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:55.397342920 CET | 58398 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:55.516767025 CET | 38241 | 58398 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:15:55.516866922 CET | 58398 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:15:55.636373997 CET | 38241 | 58398 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:06.502777100 CET | 38241 | 58398 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:06.502993107 CET | 58398 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:06.622456074 CET | 38241 | 58398 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:07.745050907 CET | 58400 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:07.864500046 CET | 38241 | 58400 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:07.864736080 CET | 58400 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:07.866290092 CET | 58400 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:07.985726118 CET | 38241 | 58400 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:07.986013889 CET | 58400 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:08.105683088 CET | 38241 | 58400 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:18.971518040 CET | 38241 | 58400 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:18.971715927 CET | 58400 | 38241 | 192.168.2.13 | 154.216.16.250 |
Dec 24, 2024 04:16:19.091378927 CET | 38241 | 58400 | 154.216.16.250 | 192.168.2.13 |
Dec 24, 2024 04:16:20.214579105 CET | 44670 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:16:20.334158897 CET | 38241 | 44670 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:16:20.334394932 CET | 44670 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:16:20.335455894 CET | 44670 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:16:20.454996109 CET | 38241 | 44670 | 154.216.16.244 | 192.168.2.13 |
Dec 24, 2024 04:16:20.455184937 CET | 44670 | 38241 | 192.168.2.13 | 154.216.16.244 |
Dec 24, 2024 04:16:20.576040983 CET | 38241 | 44670 | 154.216.16.244 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 24, 2024 04:14:25.239579916 CET | 55647 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 04:14:25.478101015 CET | 53 | 55647 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 04:14:27.481241941 CET | 48271 | 53 | 192.168.2.13 | 194.36.144.87 |
Dec 24, 2024 04:14:27.720827103 CET | 53 | 48271 | 194.36.144.87 | 192.168.2.13 |
Dec 24, 2024 04:14:39.277281046 CET | 36354 | 53 | 192.168.2.13 | 168.235.111.72 |
Dec 24, 2024 04:14:39.594444990 CET | 53 | 36354 | 168.235.111.72 | 192.168.2.13 |
Dec 24, 2024 04:14:51.830513000 CET | 41941 | 53 | 192.168.2.13 | 51.158.108.203 |
Dec 24, 2024 04:14:52.069561005 CET | 53 | 41941 | 51.158.108.203 | 192.168.2.13 |
Dec 24, 2024 04:15:04.303280115 CET | 47763 | 53 | 192.168.2.13 | 51.158.108.203 |
Dec 24, 2024 04:15:04.543057919 CET | 53 | 47763 | 51.158.108.203 | 192.168.2.13 |
Dec 24, 2024 04:15:16.774518013 CET | 44065 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 04:15:17.012433052 CET | 53 | 44065 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 04:15:18.255887032 CET | 40725 | 53 | 192.168.2.13 | 202.61.197.122 |
Dec 24, 2024 04:15:18.499969959 CET | 53 | 40725 | 202.61.197.122 | 192.168.2.13 |
Dec 24, 2024 04:15:30.735974073 CET | 49958 | 53 | 192.168.2.13 | 185.181.61.24 |
Dec 24, 2024 04:15:30.994853973 CET | 53 | 49958 | 185.181.61.24 | 192.168.2.13 |
Dec 24, 2024 04:15:43.229182005 CET | 55613 | 53 | 192.168.2.13 | 152.53.15.127 |
Dec 24, 2024 04:15:43.478591919 CET | 53 | 55613 | 152.53.15.127 | 192.168.2.13 |
Dec 24, 2024 04:15:55.034626007 CET | 50000 | 53 | 192.168.2.13 | 202.61.197.122 |
Dec 24, 2024 04:15:55.275574923 CET | 53 | 50000 | 202.61.197.122 | 192.168.2.13 |
Dec 24, 2024 04:16:07.505822897 CET | 39323 | 53 | 192.168.2.13 | 81.169.136.222 |
Dec 24, 2024 04:16:07.744119883 CET | 53 | 39323 | 81.169.136.222 | 192.168.2.13 |
Dec 24, 2024 04:16:19.974411964 CET | 60746 | 53 | 192.168.2.13 | 51.158.108.203 |
Dec 24, 2024 04:16:20.213875055 CET | 53 | 60746 | 51.158.108.203 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 24, 2024 04:14:25.239579916 CET | 192.168.2.13 | 81.169.136.222 | 0x4651 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:14:27.481241941 CET | 192.168.2.13 | 194.36.144.87 | 0x1ccb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:14:39.277281046 CET | 192.168.2.13 | 168.235.111.72 | 0x8fb1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:14:51.830513000 CET | 192.168.2.13 | 51.158.108.203 | 0xf12c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:15:04.303280115 CET | 192.168.2.13 | 51.158.108.203 | 0x823e | Standard query (0) | 256 | 312 | false | |
Dec 24, 2024 04:15:16.774518013 CET | 192.168.2.13 | 81.169.136.222 | 0xcb4a | Standard query (0) | 256 | 325 | false | |
Dec 24, 2024 04:15:18.255887032 CET | 192.168.2.13 | 202.61.197.122 | 0x4dad | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:15:30.735974073 CET | 192.168.2.13 | 185.181.61.24 | 0x137d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:15:43.229182005 CET | 192.168.2.13 | 152.53.15.127 | 0x32e6 | Standard query (0) | 256 | 351 | false | |
Dec 24, 2024 04:15:55.034626007 CET | 192.168.2.13 | 202.61.197.122 | 0xd683 | Standard query (0) | 256 | 363 | false | |
Dec 24, 2024 04:16:07.505822897 CET | 192.168.2.13 | 81.169.136.222 | 0x8d90 | Standard query (0) | 256 | 375 | false | |
Dec 24, 2024 04:16:19.974411964 CET | 192.168.2.13 | 51.158.108.203 | 0x2841 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 24, 2024 04:14:25.478101015 CET | 81.169.136.222 | 192.168.2.13 | 0x4651 | Refused (5) | none | none | A (IP address) | IN (0x0001) | false | |
Dec 24, 2024 04:14:27.720827103 CET | 194.36.144.87 | 192.168.2.13 | 0x1ccb | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:39.594444990 CET | 168.235.111.72 | 192.168.2.13 | 0x8fb1 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:39.594444990 CET | 168.235.111.72 | 192.168.2.13 | 0x8fb1 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:39.594444990 CET | 168.235.111.72 | 192.168.2.13 | 0x8fb1 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:52.069561005 CET | 51.158.108.203 | 192.168.2.13 | 0xf12c | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:52.069561005 CET | 51.158.108.203 | 192.168.2.13 | 0xf12c | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:14:52.069561005 CET | 51.158.108.203 | 192.168.2.13 | 0xf12c | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:04.543057919 CET | 51.158.108.203 | 192.168.2.13 | 0x823e | Format error (1) | none | none | 256 | 312 | false | |
Dec 24, 2024 04:15:18.499969959 CET | 202.61.197.122 | 192.168.2.13 | 0x4dad | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:18.499969959 CET | 202.61.197.122 | 192.168.2.13 | 0x4dad | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:18.499969959 CET | 202.61.197.122 | 192.168.2.13 | 0x4dad | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:30.994853973 CET | 185.181.61.24 | 192.168.2.13 | 0x137d | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:30.994853973 CET | 185.181.61.24 | 192.168.2.13 | 0x137d | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:30.994853973 CET | 185.181.61.24 | 192.168.2.13 | 0x137d | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:15:43.478591919 CET | 152.53.15.127 | 192.168.2.13 | 0x32e6 | Format error (1) | none | none | 256 | 351 | false | |
Dec 24, 2024 04:16:20.213875055 CET | 51.158.108.203 | 192.168.2.13 | 0x2841 | No error (0) | 154.216.16.250 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:16:20.213875055 CET | 51.158.108.203 | 192.168.2.13 | 0x2841 | No error (0) | 154.216.16.244 | A (IP address) | IN (0x0001) | false | ||
Dec 24, 2024 04:16:20.213875055 CET | 51.158.108.203 | 192.168.2.13 | 0x2841 | No error (0) | 209.38.192.73 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 03:14:24 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerppc.elf |
Arguments: | /tmp/zerppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 03:14:24 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 03:14:24 |
Start date (UTC): | 24/12/2024 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |