Edit tour

Linux Analysis Report
Aqua.arm4.elf

Overview

General Information

Sample name:	Aqua.arm4.elf
Analysis ID:	1581787
MD5:	69039bfe2718fb4235b4d6f54a364ad1
SHA1:	60bce12363986fe5e5bad07edf575ff7ea6583a7
SHA256:	80798a1196b63f9c18ffb84719cbb0506a3d24e735e4a3f205ae5d1450e8d14b
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample deletes itself

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581787
Start date and time:	2024-12-29 00:09:39 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Aqua.arm4.elf
Detection:	MAL
Classification:	mal64.troj.evad.linELF@0/1@56/0

Warnings

VT rate limit hit for: Aqua.arm4.elf

Runtime Messages

Command:	/tmp/Aqua.arm4.elf
PID:	5597
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	about to cum inside a femboy btw
Standard Error:

Process Tree

system is lnxubuntu20

Aqua.arm4.elf (PID: 5597, Parent: 5521, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/Aqua.arm4.elf

Aqua.arm4.elf New Fork (PID: 5599, Parent: 5597)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Aqua.arm4.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Aqua.arm4.elf

ReversingLabs: Detection: 43%

Networking

Sends malformed DNS queries

Source: global traffic

DNS traffic detected: malformed DNS query: raw.intenseapi.com. [malformed]

Source: global traffic

TCP traffic: 192.168.2.15:41346 -> 193.200.78.37:33966

Source: global traffic	DNS traffic detected: DNS query: raw.intenseapi.com
Source: global traffic	DNS traffic detected: DNS query: raw.intenseapi.com. [malformed]

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.evad.linELF@0/1@56/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/Aqua.arm4.elf (PID: 5599)

File: /tmp/Aqua.arm4.elf

Jump to behavior

Source: /tmp/Aqua.arm4.elf (PID: 5597)

Queries kernel information via 'uname':

Jump to behavior

Source: Aqua.arm4.elf, 5597.1.00007ffcc8f04000.00007ffcc8f25000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.5frjnq
Source: Aqua.arm4.elf, 5597.1.00007ffcc8f04000.00007ffcc8f25000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/Aqua.arm4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Aqua.arm4.elf
Source: Aqua.arm4.elf, 5597.1.0000561cae608000.0000561cae736000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: Aqua.arm4.elf, 5597.1.0000561cae608000.0000561cae736000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/arm
Source: Aqua.arm4.elf, 5597.1.00007ffcc8f04000.00007ffcc8f25000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: Aqua.arm4.elf, 5597.1.00007ffcc8f04000.00007ffcc8f25000.rw-.sdmp	Binary or memory string: V/tmp/qemu-open.5frjnq:

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Aqua.arm4.elf	43%	ReversingLabs	Linux.Backdoor.Mirai
Aqua.arm4.elf	100%	Avira	EXP/ELF.Mirai.W

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
raw.intenseapi.com	193.200.78.37	true	false		high
raw.intenseapi.com. [malformed]	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.200.78.37	raw.intenseapi.com	Switzerland		29496	LINK-SERVICE-ASUA	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
193.200.78.37	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse
	Aqua.sh4.elf	Get hash	malicious	Unknown	Browse
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.intenseapi.com	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	193.200.78.37

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LINK-SERVICE-ASUA	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.m68k.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.sh4.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.x86_64.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	193.200.78.37
	KCmfLMBjHJ.elf	Get hash	malicious	Unknown	Browse	193.200.79.115
	assailant.i586	Get hash	malicious	Mirai	Browse	194.146.110.216
	9CSfviwl3l	Get hash	malicious	Mirai	Browse	193.200.79.137

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/tmp/qemu-open.5frjnq (deleted)

Download File

Process:	/tmp/Aqua.arm4.elf
File Type:	data
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.1162646156680225
Encrypted:	false
SSDEEP:	3:Tg10J5oHJN:Tg10J5aJN
MD5:	A112D952263191E835214AE26416ABBC
SHA1:	349E32C34582E368CAC130154198CB6CD69DEBA8
SHA-256:	2297F112B5819C8C8761662897BD7D67EA1C90C0B34719B1ACFC6338371CF666
SHA-512:	907499D43E86878AE33DC88E09A22A69FE8E8487FCB31491D625C5BB5BE5E6444DA4FF33B3B2BB50C59A29E8DEB941BD54B13B8A34216AE9110CD7D1C7E43FDC
Malicious:	false
Reputation:	low
Preview:	/tmp/Aqua.arm4.elf.nwlrbbmqbh

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.05488596937032
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Aqua.arm4.elf
File size:	54'900 bytes
MD5:	69039bfe2718fb4235b4d6f54a364ad1
SHA1:	60bce12363986fe5e5bad07edf575ff7ea6583a7
SHA256:	80798a1196b63f9c18ffb84719cbb0506a3d24e735e4a3f205ae5d1450e8d14b
SHA512:	6936658d67b65bd8034cc7a702954c8a3c59ddb80e09b0ba7c298c5bef230d554fcd2ddb1216b94118f0867457afc1b58e62d6d9395636e7bb3280c318a329ae
SSDEEP:	768:n1CST8G7qe2vcp4ImAld0mTtWzhqVMZYLMMYNvzjd1W/LMN7BuKaX6btvVIeI:gSIG732Kd0m4UTMvPtN7CKbtae
TLSH:	7C332982B8829613C6D412BBFB6E418D772617A8E2DF3207DD166F10379692F0E77711
File Content Preview:	.ELF...a..........(.........4...........4. ...(.........................................................x%..........Q.td..................................-...L."..../..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	54500
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0xbf0c	0x0	0x6	AX	16
.fini	PROGBITS	0x13fbc	0xbfbc	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x13fd0	0xbfd0	0x1120	0x0	0x2	A	4
.ctors	PROGBITS	0x1d0f4	0xd0f4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1d0fc	0xd0fc	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1d108	0xd108	0x39c	0x0	0x3	WA	4
.bss	NOBITS	0x1d4a4	0xd4a4	0x21c8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xd4a4	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0xd0f0	0xd0f0	6.0908	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0xd0f4	0x1d0f4	0x1d0f4	0x3b0	0x2578	3.2146	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 00:10:39.222870111 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:39.342427015 CET	33966	41346	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:39.342614889 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:39.344022989 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:39.463469982 CET	33966	41346	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:39.463736057 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:39.583225012 CET	33966	41346	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:40.678308010 CET	33966	41346	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:40.678584099 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:40.678702116 CET	41346	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:41.924014091 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:42.045037985 CET	33966	41348	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:42.045239925 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:42.046075106 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:42.167340040 CET	33966	41348	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:42.167429924 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:42.289980888 CET	33966	41348	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:43.328593016 CET	33966	41348	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:43.328751087 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:43.328752041 CET	41348	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:44.570652008 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:44.690264940 CET	33966	41350	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:44.690495014 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:44.691365957 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:44.811553955 CET	33966	41350	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:44.811795950 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:44.931628942 CET	33966	41350	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:45.979782104 CET	33966	41350	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:45.980091095 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:45.980091095 CET	41350	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:47.223628044 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:47.344791889 CET	33966	41352	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:47.345190048 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:47.346095085 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:47.465509892 CET	33966	41352	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:47.465912104 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:47.585427999 CET	33966	41352	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:48.581391096 CET	33966	41352	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:48.581629992 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:48.581700087 CET	41352	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:49.822721004 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:49.943517923 CET	33966	41354	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:49.943702936 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:49.944822073 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:50.065694094 CET	33966	41354	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:50.065942049 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:50.187330961 CET	33966	41354	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:51.263451099 CET	33966	41354	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:51.263622999 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:51.263897896 CET	41354	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:52.519454956 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:52.640940905 CET	33966	41356	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:52.641207933 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:52.642663002 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:52.764256001 CET	33966	41356	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:52.764519930 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:52.886315107 CET	33966	41356	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:53.978446007 CET	33966	41356	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:53.978621006 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:53.978715897 CET	41356	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:55.222328901 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:55.341934919 CET	33966	41358	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:55.342058897 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:55.343132973 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:55.462723017 CET	33966	41358	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:55.462954998 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:55.582561016 CET	33966	41358	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:56.631524086 CET	33966	41358	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:56.631781101 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:56.631891012 CET	41358	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:57.880018950 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:57.999641895 CET	33966	41360	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:57.999882936 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:58.001271963 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:58.120760918 CET	33966	41360	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:58.120997906 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:58.240643978 CET	33966	41360	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:59.235563040 CET	33966	41360	193.200.78.37	192.168.2.15
Dec 29, 2024 00:10:59.235996962 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:10:59.236150980 CET	41360	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:00.488018990 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:00.609004021 CET	33966	41362	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:00.609196901 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:00.610213041 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:00.731972933 CET	33966	41362	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:00.732295036 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:00.853372097 CET	33966	41362	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:01.846406937 CET	33966	41362	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:01.846632957 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:01.846709967 CET	41362	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:03.095724106 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:03.217047930 CET	33966	41364	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:03.217547894 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:03.218807936 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:03.339924097 CET	33966	41364	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:03.340157032 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:03.461329937 CET	33966	41364	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:04.509064913 CET	33966	41364	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:04.509552002 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:04.509552002 CET	41364	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:05.744579077 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:05.864173889 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:05.864284039 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:05.865037918 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:05.984544992 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:11:05.984607935 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:11:06.104348898 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:12:15.920365095 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:12:16.040236950 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:12:16.322663069 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:12:16.322758913 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:12:26.332813025 CET	41366	33966	192.168.2.15	193.200.78.37
Dec 29, 2024 00:12:26.454071045 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:12:26.732777119 CET	33966	41366	193.200.78.37	192.168.2.15
Dec 29, 2024 00:12:26.732940912 CET	41366	33966	192.168.2.15	193.200.78.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 00:10:38.363713980 CET	44712	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:38.603543043 CET	53	44712	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:38.604918957 CET	47227	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:38.727420092 CET	53	47227	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:38.728564024 CET	59055	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:38.851006985 CET	53	59055	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:38.852169991 CET	52277	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:38.974421978 CET	53	52277	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:38.975702047 CET	59204	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:39.098167896 CET	53	59204	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:39.099538088 CET	55868	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:39.222045898 CET	53	55868	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:40.679584980 CET	42847	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:40.801791906 CET	53	42847	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:40.802978992 CET	35493	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:40.926732063 CET	53	35493	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:40.927752018 CET	44832	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.050005913 CET	53	44832	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.051182032 CET	47050	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.173469067 CET	53	47050	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.174652100 CET	47166	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.297039032 CET	53	47166	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.298402071 CET	47786	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.422455072 CET	53	47786	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.423598051 CET	52015	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.547703028 CET	53	52015	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.548860073 CET	45319	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.672902107 CET	53	45319	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.674227953 CET	40577	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.798209906 CET	53	40577	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:41.799262047 CET	34414	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:41.923362970 CET	53	34414	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.329814911 CET	39225	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:43.451996088 CET	53	39225	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.453136921 CET	60896	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:43.575753927 CET	53	60896	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.576987982 CET	50049	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:43.699297905 CET	53	50049	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.700344086 CET	55957	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:43.823333025 CET	53	55957	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.824367046 CET	52429	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:43.948041916 CET	53	52429	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:43.949050903 CET	59245	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:44.071258068 CET	53	59245	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:44.072388887 CET	44193	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:44.196130991 CET	53	44193	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:44.197276115 CET	57880	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:44.321275949 CET	53	57880	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:44.322350979 CET	55804	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:44.446516037 CET	53	55804	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:44.447617054 CET	58217	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:44.569914103 CET	53	58217	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:45.981101990 CET	34291	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.103354931 CET	53	34291	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.104579926 CET	55486	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.226979017 CET	53	55486	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.227947950 CET	56640	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.350786924 CET	53	56640	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.351649046 CET	59668	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.474664927 CET	53	59668	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.475677013 CET	54191	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.599299908 CET	53	54191	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.600148916 CET	35395	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.723892927 CET	53	35395	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.724641085 CET	43274	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.848524094 CET	53	43274	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.849462032 CET	58503	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:46.972997904 CET	53	58503	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:46.973751068 CET	34149	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:47.098397017 CET	53	34149	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:47.099288940 CET	37137	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:47.222891092 CET	53	37137	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:48.582930088 CET	40255	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:48.706854105 CET	53	40255	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:48.708055973 CET	52565	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:48.831969023 CET	53	52565	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:48.832870960 CET	42145	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:48.956661940 CET	53	42145	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:48.957617044 CET	49295	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.079891920 CET	53	49295	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.080915928 CET	50334	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.203356028 CET	53	50334	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.204318047 CET	43581	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.326689959 CET	53	43581	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.327533007 CET	49717	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.449878931 CET	53	49717	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.450861931 CET	43272	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.573158026 CET	53	43272	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.574640989 CET	58242	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.696970940 CET	53	58242	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:49.698076010 CET	47053	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:49.821984053 CET	53	47053	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.265268087 CET	38199	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:51.389008045 CET	53	38199	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.390331984 CET	41431	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:51.514180899 CET	53	41431	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.515742064 CET	35460	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:51.639698982 CET	53	35460	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.641299963 CET	53794	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:51.765028000 CET	53	53794	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.766614914 CET	55994	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:51.890815973 CET	53	55994	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:51.892474890 CET	59757	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:52.016587019 CET	53	59757	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:52.018337965 CET	57394	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:52.142437935 CET	53	57394	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:52.143884897 CET	40211	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:52.267558098 CET	53	40211	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:52.269002914 CET	54852	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:52.392971039 CET	53	54852	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:52.394377947 CET	42813	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:52.518449068 CET	53	42813	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:53.980043888 CET	59308	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.102343082 CET	53	59308	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.103768110 CET	37154	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.226046085 CET	53	37154	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.229347944 CET	46251	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.351672888 CET	53	46251	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.353032112 CET	50317	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.475708961 CET	53	50317	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.477438927 CET	44197	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.601643085 CET	53	44197	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.603096008 CET	43985	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.725383997 CET	53	43985	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.726708889 CET	49673	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.849065065 CET	53	49673	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.850626945 CET	38569	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:54.973503113 CET	53	38569	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:54.975181103 CET	39924	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:55.097481966 CET	53	39924	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:55.098767996 CET	50030	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:55.221287012 CET	53	50030	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:56.633244991 CET	50002	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:56.755661964 CET	53	50002	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:56.757288933 CET	35281	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:56.879679918 CET	53	35281	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:56.881659031 CET	43340	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.003947973 CET	53	43340	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.005335093 CET	46768	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.127729893 CET	53	46768	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.129151106 CET	47368	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.251961946 CET	53	47368	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.253597975 CET	36353	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.377460003 CET	53	36353	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.378585100 CET	40605	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.502660990 CET	53	40605	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.503792048 CET	50398	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.628235102 CET	53	50398	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.629585981 CET	43890	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.753716946 CET	53	43890	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:57.755249023 CET	55765	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:57.878957987 CET	53	55765	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.237627029 CET	43272	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.361398935 CET	53	43272	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.362791061 CET	52590	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.486879110 CET	53	52590	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.487848997 CET	34676	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.612173080 CET	53	34676	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.613065004 CET	43727	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.736596107 CET	53	43727	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.737678051 CET	44672	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.861433029 CET	53	44672	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.862417936 CET	60607	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:10:59.986032963 CET	53	60607	8.8.8.8	192.168.2.15
Dec 29, 2024 00:10:59.987258911 CET	49143	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:00.111434937 CET	53	49143	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:00.112483978 CET	35778	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:00.236357927 CET	53	35778	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:00.237525940 CET	42901	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:00.361902952 CET	53	42901	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:00.363074064 CET	56215	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:00.487189054 CET	53	56215	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:01.847939014 CET	58343	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:01.971939087 CET	53	58343	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:01.972981930 CET	34524	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.096582890 CET	53	34524	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.097780943 CET	45257	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.221887112 CET	53	45257	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.223345041 CET	50374	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.347789049 CET	53	50374	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.349277973 CET	45060	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.473474979 CET	53	45060	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.474819899 CET	54635	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.599123001 CET	53	54635	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.600750923 CET	57137	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.723166943 CET	53	57137	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.724715948 CET	43220	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.847029924 CET	53	43220	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.848512888 CET	60649	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:02.970839977 CET	53	60649	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:02.971960068 CET	44779	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:03.094825983 CET	53	44779	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:04.510832071 CET	55379	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:04.633121014 CET	53	55379	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:04.634191036 CET	56255	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:04.756499052 CET	53	56255	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:04.757620096 CET	48337	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:04.879978895 CET	53	48337	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:04.880939960 CET	45502	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.003348112 CET	53	45502	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.004240036 CET	38260	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.126902103 CET	53	38260	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.127784967 CET	36126	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.250190020 CET	53	36126	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.250998974 CET	54554	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.373198986 CET	53	54554	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.373995066 CET	33673	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.496517897 CET	53	33673	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.498009920 CET	35481	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.620620012 CET	53	35481	8.8.8.8	192.168.2.15
Dec 29, 2024 00:11:05.621571064 CET	42980	53	192.168.2.15	8.8.8.8
Dec 29, 2024 00:11:05.743935108 CET	53	42980	8.8.8.8	192.168.2.15

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 29, 2024 00:10:38.363713980 CET	192.168.2.15	8.8.8.8	0xa5dc	Standard query (0)	raw.intenseapi.com	A (IP address)	IN (0x0001)	false
Dec 29, 2024 00:10:38.604918957 CET	192.168.2.15	8.8.8.8	0x7887	Standard query (0)	raw.intenseapi.com. [malformed]	256	366	false
Dec 29, 2024 00:10:38.728564024 CET	192.168.2.15	8.8.8.8	0x7887	Standard query (0)	raw.intenseapi.com. [malformed]	256	366	false
Dec 29, 2024 00:10:38.852169991 CET	192.168.2.15	8.8.8.8	0x7887	Standard query (0)	raw.intenseapi.com. [malformed]	256	366	false
Dec 29, 2024 00:10:38.975702047 CET	192.168.2.15	8.8.8.8	0x7887	Standard query (0)	raw.intenseapi.com. [malformed]	256	367	false
Dec 29, 2024 00:10:39.099538088 CET	192.168.2.15	8.8.8.8	0x7887	Standard query (0)	raw.intenseapi.com. [malformed]	256	367	false
Dec 29, 2024 00:10:41.298402071 CET	192.168.2.15	8.8.8.8	0xb9e7	Standard query (0)	raw.intenseapi.com. [malformed]	256	369	false
Dec 29, 2024 00:10:41.423598051 CET	192.168.2.15	8.8.8.8	0xb9e7	Standard query (0)	raw.intenseapi.com. [malformed]	256	369	false
Dec 29, 2024 00:10:41.548860073 CET	192.168.2.15	8.8.8.8	0xb9e7	Standard query (0)	raw.intenseapi.com. [malformed]	256	369	false
Dec 29, 2024 00:10:41.674227953 CET	192.168.2.15	8.8.8.8	0xb9e7	Standard query (0)	raw.intenseapi.com. [malformed]	256	369	false
Dec 29, 2024 00:10:41.799262047 CET	192.168.2.15	8.8.8.8	0xb9e7	Standard query (0)	raw.intenseapi.com. [malformed]	256	369	false
Dec 29, 2024 00:10:43.949050903 CET	192.168.2.15	8.8.8.8	0xe6f5	Standard query (0)	raw.intenseapi.com. [malformed]	256	372	false
Dec 29, 2024 00:10:44.072388887 CET	192.168.2.15	8.8.8.8	0xe6f5	Standard query (0)	raw.intenseapi.com. [malformed]	256	372	false
Dec 29, 2024 00:10:44.197276115 CET	192.168.2.15	8.8.8.8	0xe6f5	Standard query (0)	raw.intenseapi.com. [malformed]	256	372	false
Dec 29, 2024 00:10:44.322350979 CET	192.168.2.15	8.8.8.8	0xe6f5	Standard query (0)	raw.intenseapi.com. [malformed]	256	372	false
Dec 29, 2024 00:10:44.447617054 CET	192.168.2.15	8.8.8.8	0xe6f5	Standard query (0)	raw.intenseapi.com. [malformed]	256	372	false
Dec 29, 2024 00:10:46.600148916 CET	192.168.2.15	8.8.8.8	0x10a5	Standard query (0)	raw.intenseapi.com. [malformed]	256	374	false
Dec 29, 2024 00:10:46.724641085 CET	192.168.2.15	8.8.8.8	0x10a5	Standard query (0)	raw.intenseapi.com. [malformed]	256	374	false
Dec 29, 2024 00:10:46.849462032 CET	192.168.2.15	8.8.8.8	0x10a5	Standard query (0)	raw.intenseapi.com. [malformed]	256	374	false
Dec 29, 2024 00:10:46.973751068 CET	192.168.2.15	8.8.8.8	0x10a5	Standard query (0)	raw.intenseapi.com. [malformed]	256	375	false
Dec 29, 2024 00:10:47.099288940 CET	192.168.2.15	8.8.8.8	0x10a5	Standard query (0)	raw.intenseapi.com. [malformed]	256	375	false
Dec 29, 2024 00:10:49.204318047 CET	192.168.2.15	8.8.8.8	0x78af	Standard query (0)	raw.intenseapi.com. [malformed]	256	377	false
Dec 29, 2024 00:10:49.327533007 CET	192.168.2.15	8.8.8.8	0x78af	Standard query (0)	raw.intenseapi.com. [malformed]	256	377	false
Dec 29, 2024 00:10:49.450861931 CET	192.168.2.15	8.8.8.8	0x78af	Standard query (0)	raw.intenseapi.com. [malformed]	256	377	false
Dec 29, 2024 00:10:49.574640989 CET	192.168.2.15	8.8.8.8	0x78af	Standard query (0)	raw.intenseapi.com. [malformed]	256	377	false
Dec 29, 2024 00:10:49.698076010 CET	192.168.2.15	8.8.8.8	0x78af	Standard query (0)	raw.intenseapi.com. [malformed]	256	377	false
Dec 29, 2024 00:10:51.892474890 CET	192.168.2.15	8.8.8.8	0x7816	Standard query (0)	raw.intenseapi.com. [malformed]	256	380	false
Dec 29, 2024 00:10:52.018337965 CET	192.168.2.15	8.8.8.8	0x7816	Standard query (0)	raw.intenseapi.com. [malformed]	256	380	false
Dec 29, 2024 00:10:52.143884897 CET	192.168.2.15	8.8.8.8	0x7816	Standard query (0)	raw.intenseapi.com. [malformed]	256	380	false
Dec 29, 2024 00:10:52.269002914 CET	192.168.2.15	8.8.8.8	0x7816	Standard query (0)	raw.intenseapi.com. [malformed]	256	380	false
Dec 29, 2024 00:10:52.394377947 CET	192.168.2.15	8.8.8.8	0x7816	Standard query (0)	raw.intenseapi.com. [malformed]	256	380	false
Dec 29, 2024 00:10:54.603096008 CET	192.168.2.15	8.8.8.8	0xbfb9	Standard query (0)	raw.intenseapi.com. [malformed]	256	382	false
Dec 29, 2024 00:10:54.726708889 CET	192.168.2.15	8.8.8.8	0xbfb9	Standard query (0)	raw.intenseapi.com. [malformed]	256	382	false
Dec 29, 2024 00:10:54.850626945 CET	192.168.2.15	8.8.8.8	0xbfb9	Standard query (0)	raw.intenseapi.com. [malformed]	256	382	false
Dec 29, 2024 00:10:54.975181103 CET	192.168.2.15	8.8.8.8	0xbfb9	Standard query (0)	raw.intenseapi.com. [malformed]	256	383	false
Dec 29, 2024 00:10:55.098767996 CET	192.168.2.15	8.8.8.8	0xbfb9	Standard query (0)	raw.intenseapi.com. [malformed]	256	383	false
Dec 29, 2024 00:10:57.253597975 CET	192.168.2.15	8.8.8.8	0x9d0a	Standard query (0)	raw.intenseapi.com. [malformed]	256	385	false
Dec 29, 2024 00:10:57.378585100 CET	192.168.2.15	8.8.8.8	0x9d0a	Standard query (0)	raw.intenseapi.com. [malformed]	256	385	false
Dec 29, 2024 00:10:57.503792048 CET	192.168.2.15	8.8.8.8	0x9d0a	Standard query (0)	raw.intenseapi.com. [malformed]	256	385	false
Dec 29, 2024 00:10:57.629585981 CET	192.168.2.15	8.8.8.8	0x9d0a	Standard query (0)	raw.intenseapi.com. [malformed]	256	385	false
Dec 29, 2024 00:10:57.755249023 CET	192.168.2.15	8.8.8.8	0x9d0a	Standard query (0)	raw.intenseapi.com. [malformed]	256	385	false
Dec 29, 2024 00:10:59.862417936 CET	192.168.2.15	8.8.8.8	0x8124	Standard query (0)	raw.intenseapi.com. [malformed]	256	387	false
Dec 29, 2024 00:10:59.987258911 CET	192.168.2.15	8.8.8.8	0x8124	Standard query (0)	raw.intenseapi.com. [malformed]	256	388	false
Dec 29, 2024 00:11:00.112483978 CET	192.168.2.15	8.8.8.8	0x8124	Standard query (0)	raw.intenseapi.com. [malformed]	256	388	false
Dec 29, 2024 00:11:00.237525940 CET	192.168.2.15	8.8.8.8	0x8124	Standard query (0)	raw.intenseapi.com. [malformed]	256	388	false
Dec 29, 2024 00:11:00.363074064 CET	192.168.2.15	8.8.8.8	0x8124	Standard query (0)	raw.intenseapi.com. [malformed]	256	388	false
Dec 29, 2024 00:11:02.474819899 CET	192.168.2.15	8.8.8.8	0x76d9	Standard query (0)	raw.intenseapi.com. [malformed]	256	390	false
Dec 29, 2024 00:11:02.600750923 CET	192.168.2.15	8.8.8.8	0x76d9	Standard query (0)	raw.intenseapi.com. [malformed]	256	390	false
Dec 29, 2024 00:11:02.724715948 CET	192.168.2.15	8.8.8.8	0x76d9	Standard query (0)	raw.intenseapi.com. [malformed]	256	390	false
Dec 29, 2024 00:11:02.848512888 CET	192.168.2.15	8.8.8.8	0x76d9	Standard query (0)	raw.intenseapi.com. [malformed]	256	390	false
Dec 29, 2024 00:11:02.971960068 CET	192.168.2.15	8.8.8.8	0x76d9	Standard query (0)	raw.intenseapi.com. [malformed]	256	391	false
Dec 29, 2024 00:11:05.127784967 CET	192.168.2.15	8.8.8.8	0x236d	Standard query (0)	raw.intenseapi.com. [malformed]	256	393	false
Dec 29, 2024 00:11:05.250998974 CET	192.168.2.15	8.8.8.8	0x236d	Standard query (0)	raw.intenseapi.com. [malformed]	256	393	false
Dec 29, 2024 00:11:05.373995066 CET	192.168.2.15	8.8.8.8	0x236d	Standard query (0)	raw.intenseapi.com. [malformed]	256	393	false
Dec 29, 2024 00:11:05.498009920 CET	192.168.2.15	8.8.8.8	0x236d	Standard query (0)	raw.intenseapi.com. [malformed]	256	393	false
Dec 29, 2024 00:11:05.621571064 CET	192.168.2.15	8.8.8.8	0x236d	Standard query (0)	raw.intenseapi.com. [malformed]	256	393	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 29, 2024 00:10:38.603543043 CET	8.8.8.8	192.168.2.15	0xa5dc	No error (0)	raw.intenseapi.com		193.200.78.37	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: Aqua.arm4.elf PID: 5597, Parent PID: 5521

General

Start time (UTC):	23:10:37
Start date (UTC):	28/12/2024
Path:	/tmp/Aqua.arm4.elf
Arguments:	/tmp/Aqua.arm4.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: Aqua.arm4.elf PID: 5599, Parent PID: 5597

General

Start time (UTC):	23:10:37
Start date (UTC):	28/12/2024
Path:	/tmp/Aqua.arm4.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Aqua.arm4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/tmp/qemu-open.5frjnq (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: Aqua.arm4.elf PID: 5597, Parent PID: 5521

General

Chronological Activities

Analysis Process: Aqua.arm4.elf PID: 5599, Parent PID: 5597

General

Chronological Activities

Linux Analysis Report
Aqua.arm4.elf