Edit tour

Linux Analysis Report
ppc.elf

Overview

General Information

Sample name:	ppc.elf
Analysis ID:	1581811
MD5:	b04427559818a5788ea35574867fe599
SHA1:	ae08d3907d2e8f1b7909ae6df1359955a1790982
SHA256:	e2286c2fc91b4bd4780c7f35ab12af96397b0701dc051739684bf0c3b7c67360
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581811
Start date and time:	2024-12-29 01:57:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ppc.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@6/0

Runtime Messages

Command:	/tmp/ppc.elf
PID:	6238
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	have onna deez nutz
Standard Error:

Process Tree

system is lnxubuntu20

ppc.elf (PID: 6238, Parent: 6164, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/ppc.elf

ppc.elf New Fork (PID: 6241, Parent: 6238)

ppc.elf New Fork (PID: 6243, Parent: 6241)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ppc.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: ppc.elf

ReversingLabs: Detection: 18%

Source: global traffic

TCP traffic: 192.168.2.23:56508 -> 83.222.191.146:33211

Source: /tmp/ppc.elf (PID: 6238)

Socket: 127.0.0.1:8345

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: global traffic

DNS traffic detected: DNS query: secure-network-rebirthltd.ru

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.linELF@0/0@6/0

Source: /tmp/ppc.elf (PID: 6238)

Queries kernel information via 'uname':

Jump to behavior

Source: ppc.elf, 6238.1.00005652e08a7000.00005652e0957000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: ppc.elf, 6238.1.00005652e08a7000.00005652e0957000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: ppc.elf, 6238.1.00007ffe03eff000.00007ffe03f20000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: ppc.elf, 6238.1.00007ffe03eff000.00007ffe03f20000.rw-.sdmp	Binary or memory string: Ix86_64/usr/bin/qemu-ppc/tmp/ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ppc.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ppc.elf	18%	ReversingLabs	Linux.Exploit.Mirai
ppc.elf	100%	Avira	EXP/ELF.Mirai.W

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
secure-network-rebirthltd.ru	83.222.191.146	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
83.222.191.146	secure-network-rebirthltd.ru	Bulgaria	43561	NET1-ASBG	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
83.222.191.146	dlr.arm6.elf	Get hash	malicious	Gafgyt	Browse	/binaries/arm6
	dlr.mpsl.elf	Get hash	malicious	Gafgyt	Browse	/binaries/mpsl
	dlr.arm7.elf	Get hash	malicious	Unknown	Browse	/binaries/arm7
	dlr.mips.elf	Get hash	malicious	Gafgyt	Browse	/binaries/mips
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	Aqua.arm6.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	m68k.elf	Get hash	malicious	Unknown	Browse
	45.200.149.186-boatnet.arm5-2024-12-28T01_23_00.elf	Get hash	malicious	Mirai	Browse
91.189.91.42	Aqua.arm6.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse
	arm6.elf	Get hash	malicious	Unknown	Browse
	m68k.elf	Get hash	malicious	Unknown	Browse
	45.200.149.186-boatnet.arm5-2024-12-28T01_23_00.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
secure-network-rebirthltd.ru	x86.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm5.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm4.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.146
	spc.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	Aqua.arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm5.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
CANONICAL-ASGB	Aqua.arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.dbg.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm6.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm5.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
INIT7CH	Aqua.arm6.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Aqua.spc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm6.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	m68k.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	45.200.149.186-boatnet.arm5-2024-12-28T01_23_00.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
NET1-ASBG	x86.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm5.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	m68k.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm4.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	arm7.elf	Get hash	malicious	Mirai	Browse	83.222.191.146
	spc.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mpsl.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	mips.elf	Get hash	malicious	Unknown	Browse	83.222.191.146
	x86_64.elf	Get hash	malicious	Gafgyt	Browse	83.222.191.146

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.170757791712374
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ppc.elf
File size:	54'536 bytes
MD5:	b04427559818a5788ea35574867fe599
SHA1:	ae08d3907d2e8f1b7909ae6df1359955a1790982
SHA256:	e2286c2fc91b4bd4780c7f35ab12af96397b0701dc051739684bf0c3b7c67360
SHA512:	dc8eebb06ba101ca553f5d4efbe4f5532496a1f6dfcb59835fc849856c53e661a5d6168cfcd2a61034ca0dea0363bb30f02df8e231b2a191e70e0050a07a5e3c
SSDEEP:	768:5rH0dMF1RW5R0820jRtfJkCTIXwHEw9AfI3r1cKOSnuuHBFwhtGLuEIV:lUOrKVzjIgkyAg3RNOSnv8hEVO
TLSH:	EB334B42731C0A57D1A35AB43A3F67E093BEA99031E4F688651FDB4AD271E321186FCD
File Content Preview:	.ELF...........................4...(.....4. ...(..........................................................$4........dt.Q.............................!..\|......$H...H......$8!. \|...N.. .!..\|.......?..........(..../...@..\?........+../...A..$8...})......N..

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x100001f0
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	54056
Section Header Size:	40
Number of Section Headers:	12
Header String Table Index:	11

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10000094	0x94	0x24	0x0	0x6	AX	4
.text	PROGBITS	0x100000b8	0xb8	0xb9f8	0x0	0x6	AX	4
.fini	PROGBITS	0x1000bab0	0xbab0	0x20	0x0	0x6	AX	4
.rodata	PROGBITS	0x1000bad0	0xbad0	0x1148	0x0	0x2	A	8
.ctors	PROGBITS	0x1001d000	0xd000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1001d008	0xd008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1001d018	0xd018	0x290	0x0	0x3	WA	8
.sdata	PROGBITS	0x1001d2a8	0xd2a8	0x34	0x0	0x3	WA	4
.sbss	NOBITS	0x1001d2dc	0xd2dc	0x4c	0x0	0x3	WA	4
.bss	NOBITS	0x1001d328	0xd2dc	0x210c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xd2dc	0x4b	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000000	0x10000000	0xcc18	0xcc18	6.3075	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xd000	0x1001d000	0x1001d000	0x2dc	0x2434	1.7513	0x6	RW	0x10000	.ctors .dtors .data .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 01:57:50.872745991 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:50.992376089 CET	33211	56508	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:50.992628098 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:50.993238926 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:51.112725019 CET	33211	56508	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:51.112797976 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:51.232289076 CET	33211	56508	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:51.432595968 CET	43928	443	192.168.2.23	91.189.91.42
Dec 29, 2024 01:57:52.385710955 CET	33211	56508	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:52.385994911 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:52.386125088 CET	56508	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:53.522564888 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:53.642062902 CET	33211	56510	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:53.642142057 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:53.642757893 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:53.762271881 CET	33211	56510	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:53.762480021 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:53.881962061 CET	33211	56510	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:55.034832001 CET	33211	56510	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:55.035244942 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:55.035244942 CET	56510	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:56.172341108 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:56.291838884 CET	33211	56512	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:56.291980982 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:56.292715073 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:56.412123919 CET	33211	56512	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:56.412239075 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:56.531691074 CET	33211	56512	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:56.807918072 CET	42836	443	192.168.2.23	91.189.91.43
Dec 29, 2024 01:57:57.637577057 CET	33211	56512	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:57.637667894 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:57.637686968 CET	56512	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:58.343667984 CET	42516	80	192.168.2.23	109.202.202.202
Dec 29, 2024 01:57:58.773993969 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:58.895271063 CET	33211	56514	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:58.895369053 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:58.896091938 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:59.015516043 CET	33211	56514	83.222.191.146	192.168.2.23
Dec 29, 2024 01:57:59.015710115 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:57:59.135373116 CET	33211	56514	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:00.195794106 CET	33211	56514	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:00.195967913 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:00.195996046 CET	56514	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:01.437083006 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:01.556574106 CET	33211	56516	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:01.556803942 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:01.557495117 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:01.676908970 CET	33211	56516	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:01.677006006 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:01.796551943 CET	33211	56516	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:02.856353998 CET	33211	56516	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:02.856467009 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:02.856497049 CET	56516	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:04.096088886 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:04.215672970 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:04.215796947 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:04.217000961 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:04.336394072 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:04.336493969 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:04.456048965 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:11.909722090 CET	43928	443	192.168.2.23	91.189.91.42
Dec 29, 2024 01:58:14.225380898 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:14.345067024 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:14.647094965 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:58:14.647291899 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:58:24.195991993 CET	42836	443	192.168.2.23	91.189.91.43
Dec 29, 2024 01:58:28.291407108 CET	42516	80	192.168.2.23	109.202.202.202
Dec 29, 2024 01:58:52.863842964 CET	43928	443	192.168.2.23	91.189.91.42
Dec 29, 2024 01:59:14.699296951 CET	56518	33211	192.168.2.23	83.222.191.146
Dec 29, 2024 01:59:14.818958998 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:59:15.121171951 CET	33211	56518	83.222.191.146	192.168.2.23
Dec 29, 2024 01:59:15.121273994 CET	56518	33211	192.168.2.23	83.222.191.146

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2024 01:57:50.632123947 CET	43674	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:57:50.871963024 CET	53	43674	8.8.8.8	192.168.2.23
Dec 29, 2024 01:57:53.388062954 CET	36823	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:57:53.522006035 CET	53	36823	8.8.8.8	192.168.2.23
Dec 29, 2024 01:57:56.036904097 CET	46267	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:57:56.171524048 CET	53	46267	8.8.8.8	192.168.2.23
Dec 29, 2024 01:57:58.639687061 CET	56763	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:57:58.773464918 CET	53	56763	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:01.197369099 CET	43817	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:01.436275005 CET	53	43817	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:03.857810974 CET	42421	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:04.095102072 CET	53	42421	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:15.687365055 CET	41981	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:15.809614897 CET	53	41981	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:15.810642004 CET	58770	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:15.932843924 CET	53	58770	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:15.933794022 CET	49202	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:16.056193113 CET	53	49202	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:16.057153940 CET	45915	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:16.179502964 CET	53	45915	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:16.180502892 CET	58625	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:16.302789927 CET	53	58625	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:22.305641890 CET	58676	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:22.428206921 CET	53	58676	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:22.430197001 CET	45433	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:22.552447081 CET	53	45433	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:22.553559065 CET	49778	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:22.675795078 CET	53	49778	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:22.676937103 CET	46423	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:22.799125910 CET	53	46423	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:22.800179005 CET	38418	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:22.922377110 CET	53	38418	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:26.925740004 CET	47858	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:27.048348904 CET	53	47858	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:27.049519062 CET	33264	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:27.172050953 CET	53	33264	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:27.173094988 CET	44070	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:27.295295954 CET	53	44070	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:27.296613932 CET	40697	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:27.418783903 CET	53	40697	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:27.419841051 CET	47193	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:27.541963100 CET	53	47193	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:28.545206070 CET	55778	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:28.667505980 CET	53	55778	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:28.668746948 CET	50051	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:28.790950060 CET	53	50051	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:28.792124987 CET	48857	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:28.914350033 CET	53	48857	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:28.915997982 CET	46713	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:29.038203955 CET	53	46713	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:29.039566040 CET	37293	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:29.161849022 CET	53	37293	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:30.166353941 CET	37585	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:30.288671970 CET	53	37585	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:30.290226936 CET	56292	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:30.412537098 CET	53	56292	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:30.414304972 CET	36081	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:30.536514997 CET	53	36081	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:30.538207054 CET	34927	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:30.660362005 CET	53	34927	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:30.662004948 CET	44662	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:30.784265995 CET	53	44662	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:33.789804935 CET	42583	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:33.912544012 CET	53	42583	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:33.914108038 CET	50653	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:34.036362886 CET	53	50653	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:34.038059950 CET	49185	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:34.160864115 CET	53	49185	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:34.162684917 CET	33930	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:34.284931898 CET	53	33930	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:34.286787987 CET	35615	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:34.409142971 CET	53	35615	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:42.413038969 CET	50121	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:42.535388947 CET	53	50121	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:42.537010908 CET	34113	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:42.659370899 CET	53	34113	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:42.660854101 CET	33262	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:42.783162117 CET	53	33262	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:42.784607887 CET	41778	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:42.906806946 CET	53	41778	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:42.908559084 CET	33348	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:43.030879021 CET	53	33348	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:49.034435034 CET	35958	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:49.156848907 CET	53	35958	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:49.158090115 CET	38117	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:49.280395985 CET	53	38117	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:49.281778097 CET	50424	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:49.404082060 CET	53	50424	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:49.405261993 CET	52050	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:49.527601957 CET	53	52050	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:49.528970957 CET	47208	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:49.651243925 CET	53	47208	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:50.655507088 CET	33961	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:50.777803898 CET	53	33961	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:50.779758930 CET	40207	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:50.901930094 CET	53	40207	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:50.903558016 CET	45782	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:51.025758982 CET	53	45782	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:51.027374983 CET	52341	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:51.149679899 CET	53	52341	8.8.8.8	192.168.2.23
Dec 29, 2024 01:58:51.151380062 CET	59190	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:58:51.273675919 CET	53	59190	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:01.276381969 CET	44604	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:01.398864031 CET	53	44604	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:01.399929047 CET	48704	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:01.522948980 CET	53	48704	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:01.523976088 CET	54408	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:01.646305084 CET	53	54408	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:01.647438049 CET	60587	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:01.769795895 CET	53	60587	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:01.770864010 CET	49969	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:01.893141985 CET	53	49969	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:02.896189928 CET	44741	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:03.018752098 CET	53	44741	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:03.019815922 CET	60821	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:03.142282963 CET	53	60821	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:03.143491983 CET	43897	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:03.265696049 CET	53	43897	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:03.266823053 CET	58293	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:03.389033079 CET	53	58293	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:03.390069008 CET	47282	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:03.512377024 CET	53	47282	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:09.515346050 CET	40859	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:09.637842894 CET	53	40859	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:09.638848066 CET	46007	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:09.761054993 CET	53	46007	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:09.761904955 CET	46597	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:09.884217024 CET	53	46597	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:09.885207891 CET	37297	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:10.007494926 CET	53	37297	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:10.008910894 CET	50305	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:10.131342888 CET	53	50305	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:12.133856058 CET	52920	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:12.256248951 CET	53	52920	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:12.257194996 CET	48470	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:12.379466057 CET	53	48470	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:12.380884886 CET	43150	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:12.503133059 CET	53	43150	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:12.504550934 CET	60402	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:12.626684904 CET	53	60402	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:12.628201008 CET	55848	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:12.750349998 CET	53	55848	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:17.753998995 CET	33395	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:17.876427889 CET	53	33395	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:17.877818108 CET	40756	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:18.000200987 CET	53	40756	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:18.001701117 CET	55954	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:18.124064922 CET	53	55954	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:18.125231028 CET	60787	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:18.247528076 CET	53	60787	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:18.248728991 CET	56365	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:18.370937109 CET	53	56365	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:25.374510050 CET	42811	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:25.497200966 CET	53	42811	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:25.498650074 CET	56094	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:25.620909929 CET	53	56094	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:25.622555017 CET	50017	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:25.746555090 CET	53	50017	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:25.748207092 CET	55176	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:25.871864080 CET	53	55176	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:25.873553991 CET	51735	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:25.997186899 CET	53	51735	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:26.999968052 CET	32926	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:27.122478962 CET	53	32926	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:27.123460054 CET	59656	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:27.245690107 CET	53	59656	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:27.246812105 CET	37986	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:27.369035006 CET	53	37986	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:27.370595932 CET	60668	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:27.493007898 CET	53	60668	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:27.494254112 CET	50345	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:27.616559982 CET	53	50345	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:28.619673967 CET	38113	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:28.742229939 CET	53	38113	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:28.743694067 CET	33305	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:28.866014004 CET	53	33305	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:28.866955996 CET	38502	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:28.989209890 CET	53	38502	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:28.990400076 CET	46630	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:29.112693071 CET	53	46630	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:29.114248991 CET	56148	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:29.236469984 CET	53	56148	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:35.238751888 CET	42786	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:35.361092091 CET	53	42786	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:35.362134933 CET	45668	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:35.484292984 CET	53	45668	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:35.485373020 CET	53030	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:35.607579947 CET	53	53030	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:35.608828068 CET	55332	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:35.731066942 CET	53	55332	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:35.732255936 CET	42939	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:35.854933977 CET	53	42939	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:43.857424021 CET	46274	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:43.979800940 CET	53	46274	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:43.980550051 CET	46589	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:44.102771997 CET	53	46589	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:44.103658915 CET	39598	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:44.226047039 CET	53	39598	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:44.226890087 CET	39470	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:44.349148989 CET	53	39470	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:44.350375891 CET	36477	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:44.472526073 CET	53	36477	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:46.475378990 CET	50583	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:46.597589016 CET	53	50583	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:46.598354101 CET	48509	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:46.720556021 CET	53	48509	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:46.721333027 CET	38728	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:46.843547106 CET	53	38728	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:46.844845057 CET	41238	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:46.967106104 CET	53	41238	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:46.968393087 CET	58422	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:47.090689898 CET	53	58422	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:54.092530012 CET	33682	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:54.215964079 CET	53	33682	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:54.217322111 CET	45709	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:54.339567900 CET	53	45709	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:54.341018915 CET	45416	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:54.463279009 CET	53	45416	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:54.464608908 CET	58640	53	192.168.2.23	8.8.8.8
Dec 29, 2024 01:59:54.586965084 CET	53	58640	8.8.8.8	192.168.2.23
Dec 29, 2024 01:59:54.588376045 CET	39299	53	192.168.2.23	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 29, 2024 01:57:50.632123947 CET	192.168.2.23	8.8.8.8	0x1f79	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:53.388062954 CET	192.168.2.23	8.8.8.8	0x327c	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:56.036904097 CET	192.168.2.23	8.8.8.8	0x4934	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:58.639687061 CET	192.168.2.23	8.8.8.8	0xf196	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:58:01.197369099 CET	192.168.2.23	8.8.8.8	0xa30f	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:58:03.857810974 CET	192.168.2.23	8.8.8.8	0xc47e	Standard query (0)	secure-network-rebirthltd.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 29, 2024 01:57:50.871963024 CET	8.8.8.8	192.168.2.23	0x1f79	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:53.522006035 CET	8.8.8.8	192.168.2.23	0x327c	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:56.171524048 CET	8.8.8.8	192.168.2.23	0x4934	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:57:58.773464918 CET	8.8.8.8	192.168.2.23	0xf196	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:58:01.436275005 CET	8.8.8.8	192.168.2.23	0xa30f	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false
Dec 29, 2024 01:58:04.095102072 CET	8.8.8.8	192.168.2.23	0xc47e	No error (0)	secure-network-rebirthltd.ru	83.222.191.146	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: ppc.elf PID: 6238, Parent PID: 6164

General

Start time (UTC):	00:57:49
Start date (UTC):	29/12/2024
Path:	/tmp/ppc.elf
Arguments:	/tmp/ppc.elf
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6241, Parent PID: 6238

General

Start time (UTC):	00:57:49
Start date (UTC):	29/12/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: ppc.elf PID: 6243, Parent PID: 6241

General

Start time (UTC):	00:57:49
Start date (UTC):	29/12/2024
Path:	/tmp/ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ppc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: ppc.elf PID: 6238, Parent PID: 6164

General

Chronological Activities

Analysis Process: ppc.elf PID: 6241, Parent PID: 6238

General

Chronological Activities

Analysis Process: ppc.elf PID: 6243, Parent PID: 6241

General

Chronological Activities

Linux Analysis Report
ppc.elf