Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Aqua.i686.elf

Overview

General Information

Sample name:Aqua.i686.elf
Analysis ID:1581825
MD5:e9eccfb9834ec789ab345b0e6e62e16a
SHA1:5ddc158f3bf417469945cc18c97259b67a9f1c08
SHA256:d2eb57a740a285202cb4224d7453334fd5c0b3d170288575a5eb91fb191bd5b3
Tags:elfuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample deletes itself
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1581825
Start date and time:2024-12-29 02:57:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Aqua.i686.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@36/0

Runtime Messages

Command:/tmp/Aqua.i686.elf
PID:6237
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
about to cum inside a femboy btw
Standard Error:

Process Tree

  • system is lnxubuntu20
  • Aqua.i686.elf (PID: 6237, Parent: 6160, MD5: e9eccfb9834ec789ab345b0e6e62e16a) Arguments: /tmp/Aqua.i686.elf
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Aqua.i686.elfLinux_Trojan_Mirai_268aac0bunknownunknown
  • 0x4d3f:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
Aqua.i686.elfLinux_Trojan_Mirai_0cb1699cunknownunknown
  • 0x4cf2:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
Aqua.i686.elfLinux_Trojan_Mirai_70ef58f1unknownunknown
  • 0x628d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
  • 0x632d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
Aqua.i686.elfLinux_Trojan_Mirai_3a85a418unknownunknown
  • 0x47b7:$a: 01 D8 66 C1 C8 08 C1 C8 10 66 C1 C8 08 66 83 7C 24 2C FF 89
Aqua.i686.elfLinux_Trojan_Mirai_2e3f67a9unknownunknown
  • 0x522:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
  • 0x582:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
Click to see the 2 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
6237.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_268aac0bunknownunknown
  • 0x4d3f:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
6237.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_0cb1699cunknownunknown
  • 0x4cf2:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
6237.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_70ef58f1unknownunknown
  • 0x628d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
  • 0x632d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
6237.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_3a85a418unknownunknown
  • 0x47b7:$a: 01 D8 66 C1 C8 08 C1 C8 10 66 C1 C8 08 66 83 7C 24 2C FF 89
6237.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_2e3f67a9unknownunknown
  • 0x522:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
  • 0x582:$a: 53 83 EC 04 0F B6 74 24 14 8B 5C 24 18 8B 7C 24 20 0F B6 44
Click to see the 2 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Aqua.i686.elfVirustotal: Detection: 26%Perma Link
Source: Aqua.i686.elfReversingLabs: Detection: 23%
Machine Learning detection for sample
Source: Aqua.i686.elfJoe Sandbox ML: detected

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: raw.intenseapi.com. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:40836 -> 193.200.78.37:33966
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: global trafficDNS traffic detected: DNS query: raw.intenseapi.com
Source: global trafficDNS traffic detected: DNS query: raw.intenseapi.com. [malformed]
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: Aqua.i686.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a85a418 reference_sample = 86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 554aff5770bfe8fdeae94f5f5a0fd7f7786340a95633433d8e686af1c25b8cec, id = 3a85a418-2bd9-445a-86cb-657ca7edf566, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6237.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@36/0

Hooking and other Techniques for Hiding and Protection

barindex
Sample deletes itself
Source: /tmp/Aqua.i686.elf (PID: 6238)File: /tmp/Aqua.i686.elfJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
File Deletion		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Aqua.i686.elf27%VirustotalBrowse
Aqua.i686.elf24%ReversingLabsLinux.Backdoor.Mirai
Aqua.i686.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
raw.intenseapi.com
193.200.78.37
truefalse
    		high
    raw.intenseapi.com. [malformed]
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      193.200.78.37
      		raw.intenseapi.comSwitzerland
      		29496LINK-SERVICE-ASUAfalse
      109.202.202.202
      		unknownSwitzerland
      		13030INIT7CHfalse
      91.189.91.43
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse
      91.189.91.42
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      193.200.78.37Aqua.ppc.elfGet hashmaliciousUnknownBrowse
        Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
          Aqua.sh4.elfGet hashmaliciousUnknownBrowse
            Aqua.ppc.elfGet hashmaliciousUnknownBrowse
              Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                Aqua.dbg.elfGet hashmaliciousUnknownBrowse
                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                    Aqua.mips.elfGet hashmaliciousUnknownBrowse
                      Aqua.x86_64.elfGet hashmaliciousUnknownBrowse
                        Aqua.x86.elfGet hashmaliciousUnknownBrowse
                          109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                          • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                          91.189.91.43Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                            db0fa4b8db0333367e9bda3ab68b8042.ppc.elfGet hashmaliciousUnknownBrowse
                              Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                    ppc.elfGet hashmaliciousUnknownBrowse
                                      Aqua.arm6.elfGet hashmaliciousUnknownBrowse
                                        Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                          Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                            Aqua.x86.elfGet hashmaliciousUnknownBrowse
                                              91.189.91.42Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                db0fa4b8db0333367e9bda3ab68b8042.ppc.elfGet hashmaliciousUnknownBrowse
                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                    Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                      Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                        ppc.elfGet hashmaliciousUnknownBrowse
                                                          Aqua.arm6.elfGet hashmaliciousUnknownBrowse
                                                            Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                              Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                Aqua.x86.elfGet hashmaliciousUnknownBrowse

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  raw.intenseapi.comAqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.dbg.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CANONICAL-ASGBAqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  db0fa4b8db0333367e9bda3ab68b8042.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.arm6.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.dbg.elfGet hashmaliciousUnknownBrowse
                                                                  • 185.125.190.26
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  CANONICAL-ASGBAqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  db0fa4b8db0333367e9bda3ab68b8042.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.arm6.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.dbg.elfGet hashmaliciousUnknownBrowse
                                                                  • 185.125.190.26
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  INIT7CHAqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  db0fa4b8db0333367e9bda3ab68b8042.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.arm6.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  Aqua.x86.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  LINK-SERVICE-ASUAAqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.sh4.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.ppc.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.dbg.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.arm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37
                                                                  Aqua.x86.elfGet hashmaliciousUnknownBrowse
                                                                  • 193.200.78.37

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  No created / dropped files found

                                                                  Static File Info

                                                                  General

                                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
                                                                  Entropy (8bit):6.291388629720281
                                                                  TrID:
                                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                  File name:Aqua.i686.elf
                                                                  File size:50'352 bytes
                                                                  MD5:e9eccfb9834ec789ab345b0e6e62e16a
                                                                  SHA1:5ddc158f3bf417469945cc18c97259b67a9f1c08
                                                                  SHA256:d2eb57a740a285202cb4224d7453334fd5c0b3d170288575a5eb91fb191bd5b3
                                                                  SHA512:9263ccddf423780a1d61cd458dc5e60ae4de6e714c28de12c19f600473125fdcfc10ca5956d3f0555af20c3aaa7317c85b1045284166c3bd653fd08b99b19db8
                                                                  SSDEEP:1536:j7WsI7YXIRWH+MK+77eVDzJxrRWsw3wgGbnPwC7FQEDc:j7W37Y4RAK+77eVDzXwdAgGLPbRHD
                                                                  TLSH:2A332AC1F54F84F9D95B49304063F33FCF32D5294275CAAEEF99AE36DA23541821A298
                                                                  File Content Preview:.ELF....................h...4... .......4. ...(.....................\...\....................@...@.......(..........Q.td............................U..S.......w....h........[]...$.............U......=.B...t..1....$@.....$@......u........t...$\?..........B

                                                                  Static ELF Info

                                                                  ELF header

                                                                  Class:ELF32
                                                                  Data:2's complement, little endian
                                                                  Version:1 (current)
                                                                  Machine:Intel 80386
                                                                  Version Number:0x1
                                                                  Type:EXEC (Executable file)
                                                                  OS/ABI:UNIX - System V
                                                                  ABI Version:0
                                                                  Entry Point Address:0x8048168
                                                                  Flags:0x0
                                                                  ELF Header Size:52
                                                                  Program Header Offset:52
                                                                  Program Header Size:32
                                                                  Number of Program Headers:3
                                                                  Section Header Offset:49952
                                                                  Section Header Size:40
                                                                  Number of Section Headers:10
                                                                  Header String Table Index:9

                                                                  Sections

                                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                  NULL0x00x00x00x00x0000
                                                                  .initPROGBITS0x80480940x940x1c0x00x6AX001
                                                                  .textPROGBITS0x80480b00xb00xaac10x00x6AX0016
                                                                  .finiPROGBITS0x8052b710xab710x170x00x6AX001
                                                                  .rodataPROGBITS0x8052ba00xaba00x13bc0x00x2A0032
                                                                  .ctorsPROGBITS0x80540000xc0000x80x00x3WA004
                                                                  .dtorsPROGBITS0x80540080xc0080x80x00x3WA004
                                                                  .dataPROGBITS0x80540200xc0200x2c00x00x3WA0032
                                                                  .bssNOBITS0x80542e00xc2e00x25200x00x3WA0032
                                                                  .shstrtabSTRTAB0x00xc2e00x3e0x00x0001

                                                                  Program Segments

                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                  LOAD0x00x80480000x80480000xbf5c0xbf5c6.33860x5R E0x1000.init .text .fini .rodata
                                                                  LOAD0xc0000x80540000x80540000x2e00x28003.94810x6RW 0x1000.ctors .dtors .data .bss
                                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 29, 2024 02:57:54.988851070 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:55.089659929 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 29, 2024 02:57:55.108531952 CET3396640836193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:55.108591080 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:55.108608961 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:55.228076935 CET3396640836193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:55.228137970 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:55.347686052 CET3396640836193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:56.444045067 CET3396640836193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:56.444205046 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:56.444205046 CET4083633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:57.674477100 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:57.794014931 CET3396640838193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:57.794189930 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:57.794189930 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:57.913779020 CET3396640838193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:57.913995028 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:58.033570051 CET3396640838193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:59.037472010 CET3396640838193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:57:59.037708998 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:57:59.037708998 CET4083833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:00.261076927 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:00.380609035 CET3396640840193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:00.380789042 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:00.380829096 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:00.464907885 CET42836443192.168.2.2391.189.91.43
                                                                  Dec 29, 2024 02:58:00.500260115 CET3396640840193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:00.500427961 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:00.619894028 CET3396640840193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:01.709032059 CET3396640840193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:01.709374905 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:01.709374905 CET4084033966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:02.000857115 CET4251680192.168.2.23109.202.202.202
                                                                  Dec 29, 2024 02:58:02.936068058 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:03.055670977 CET3396640842193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:03.056010962 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:03.056073904 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:03.175518990 CET3396640842193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:03.175734043 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:03.295248985 CET3396640842193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:04.391900063 CET3396640842193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:04.392167091 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:04.392168045 CET4084233966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:05.620140076 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:05.739665031 CET3396640844193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:05.739996910 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:05.740837097 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:05.860251904 CET3396640844193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:05.860646009 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:05.980089903 CET3396640844193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:07.043420076 CET3396640844193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:07.043606997 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:07.043606997 CET4084433966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:08.268016100 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:08.387670040 CET3396640846193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:08.387849092 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:08.387849092 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:08.507579088 CET3396640846193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:08.507853031 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:08.627355099 CET3396640846193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:09.716531038 CET3396640846193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:09.716727018 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:09.716727018 CET4084633966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:10.943166018 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:11.062701941 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:11.062946081 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:11.063081026 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:11.182624102 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:11.182779074 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:58:11.302347898 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:58:16.078845024 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 29, 2024 02:58:26.317382097 CET42836443192.168.2.2391.189.91.43
                                                                  Dec 29, 2024 02:58:32.460591078 CET4251680192.168.2.23109.202.202.202
                                                                  Dec 29, 2024 02:58:57.033247948 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 29, 2024 02:59:17.510376930 CET42836443192.168.2.2391.189.91.43
                                                                  Dec 29, 2024 02:59:21.113862991 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:59:21.265503883 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:59:21.539585114 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:59:21.539655924 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:59:31.538837910 CET4084833966192.168.2.23193.200.78.37
                                                                  Dec 29, 2024 02:59:31.658411980 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:59:31.931781054 CET3396640848193.200.78.37192.168.2.23
                                                                  Dec 29, 2024 02:59:31.931953907 CET4084833966192.168.2.23193.200.78.37

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 29, 2024 02:57:54.243110895 CET4864953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.376955986 CET53486498.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:54.377044916 CET5499753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.499362946 CET53549978.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:54.499453068 CET4406953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.621676922 CET53440698.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:54.621731997 CET4542153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.744172096 CET53454218.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:54.744259119 CET5048053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.866473913 CET53504808.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:54.866543055 CET4778753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:54.988761902 CET53477878.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:56.444215059 CET4248753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:56.567673922 CET53424878.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:56.567816019 CET5968653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:56.690118074 CET53596868.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:56.690196991 CET3325053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:56.813422918 CET53332508.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:56.813575983 CET3832153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:56.935794115 CET53383218.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:56.935870886 CET3371853192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.059281111 CET53337188.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:57.059375048 CET5808453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.181688070 CET53580848.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:57.181754112 CET5744453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.306365013 CET53574448.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:57.306446075 CET5451453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.428694010 CET53545148.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:57.428843975 CET4649553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.551002026 CET53464958.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:57.551191092 CET4423253192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:57.674215078 CET53442328.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.037704945 CET3874753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.160034895 CET53387478.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.160243988 CET3644353192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.282385111 CET53364438.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.282627106 CET5856853192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.404769897 CET53585688.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.404984951 CET3936053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.527097940 CET53393608.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.527297974 CET4206953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.649416924 CET53420698.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.649538040 CET4515753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.771632910 CET53451578.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.771727085 CET4720353192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:57:59.893805981 CET53472038.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:57:59.893985987 CET3795053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:00.016043901 CET53379508.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:00.016246080 CET5781153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:00.138546944 CET53578118.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:00.138720989 CET5763753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:00.260831118 CET53576378.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:01.709369898 CET5906853192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:01.831785917 CET53590688.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:01.832146883 CET5277553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:01.954322100 CET53527758.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:01.954616070 CET3969853192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.076865911 CET53396988.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.077044010 CET5427553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.199218988 CET53542758.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.199434996 CET4660953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.322398901 CET53466098.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.322647095 CET3739553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.445604086 CET53373958.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.446043015 CET3778253192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.568165064 CET53377828.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.568576097 CET3584953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.690826893 CET53358498.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.691184998 CET6052553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.813374043 CET53605258.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:02.813472986 CET3621353192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:02.935753107 CET53362138.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:04.392162085 CET4385053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:04.514461040 CET53438508.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:04.514942884 CET5333753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:04.638290882 CET53533378.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:04.638645887 CET3287353192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:04.760837078 CET53328738.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:04.761140108 CET3303753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:04.884921074 CET53330378.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:04.885116100 CET4956653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.007308960 CET53495668.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:05.007499933 CET6064653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.129618883 CET53606468.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:05.129983902 CET5581453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.252113104 CET53558148.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:05.252552986 CET3373553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.374691010 CET53337358.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:05.375042915 CET3951553192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.497198105 CET53395158.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:05.497688055 CET4891953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:05.619808912 CET53489198.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.043637991 CET5004953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.165777922 CET53500498.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.166085005 CET5273753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.288206100 CET53527378.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.288479090 CET4213653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.410660028 CET53421368.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.410883904 CET3368753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.533037901 CET53336878.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.533242941 CET4962653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.655397892 CET53496268.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.655628920 CET4706253192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.777801037 CET53470628.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.778007030 CET5178153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:07.900152922 CET53517818.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:07.900366068 CET3593153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:08.022610903 CET53359318.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:08.022938967 CET3395153192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:08.145082951 CET53339518.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:08.145306110 CET4020653192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:08.267679930 CET53402068.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:09.716732025 CET3513953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:09.839042902 CET53351398.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:09.839454889 CET5589053192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:09.961790085 CET53558908.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:09.962274075 CET5569453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.084487915 CET53556948.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.084904909 CET4494253192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.207171917 CET53449428.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.207564116 CET5401753192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.329855919 CET53540178.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.330240011 CET5953953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.452363014 CET53595398.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.452739000 CET4042253192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.575021029 CET53404228.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.575404882 CET5304353192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.697707891 CET53530438.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.698106050 CET5917453192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.820333004 CET53591748.8.8.8192.168.2.23
                                                                  Dec 29, 2024 02:58:10.820633888 CET5094953192.168.2.238.8.8.8
                                                                  Dec 29, 2024 02:58:10.942765951 CET53509498.8.8.8192.168.2.23

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Dec 29, 2024 02:57:54.243110895 CET192.168.2.238.8.8.80x4094Standard query (0)raw.intenseapi.comA (IP address)IN (0x0001)false
                                                                  Dec 29, 2024 02:57:54.377044916 CET192.168.2.238.8.8.80x63beStandard query (0)raw.intenseapi.com. [malformed]256418false
                                                                  Dec 29, 2024 02:57:54.499453068 CET192.168.2.238.8.8.80x63beStandard query (0)raw.intenseapi.com. [malformed]256418false
                                                                  Dec 29, 2024 02:57:54.621731997 CET192.168.2.238.8.8.80x63beStandard query (0)raw.intenseapi.com. [malformed]256418false
                                                                  Dec 29, 2024 02:57:54.744259119 CET192.168.2.238.8.8.80x63beStandard query (0)raw.intenseapi.com. [malformed]256418false
                                                                  Dec 29, 2024 02:57:54.866543055 CET192.168.2.238.8.8.80x63beStandard query (0)raw.intenseapi.com. [malformed]256418false
                                                                  Dec 29, 2024 02:57:57.059375048 CET192.168.2.238.8.8.80xc6fbStandard query (0)raw.intenseapi.com. [malformed]256421false
                                                                  Dec 29, 2024 02:57:57.181754112 CET192.168.2.238.8.8.80xc6fbStandard query (0)raw.intenseapi.com. [malformed]256421false
                                                                  Dec 29, 2024 02:57:57.306446075 CET192.168.2.238.8.8.80xc6fbStandard query (0)raw.intenseapi.com. [malformed]256421false
                                                                  Dec 29, 2024 02:57:57.428843975 CET192.168.2.238.8.8.80xc6fbStandard query (0)raw.intenseapi.com. [malformed]256421false
                                                                  Dec 29, 2024 02:57:57.551191092 CET192.168.2.238.8.8.80xc6fbStandard query (0)raw.intenseapi.com. [malformed]256421false
                                                                  Dec 29, 2024 02:57:59.649538040 CET192.168.2.238.8.8.80xaf8Standard query (0)raw.intenseapi.com. [malformed]256423false
                                                                  Dec 29, 2024 02:57:59.771727085 CET192.168.2.238.8.8.80xaf8Standard query (0)raw.intenseapi.com. [malformed]256423false
                                                                  Dec 29, 2024 02:57:59.893985987 CET192.168.2.238.8.8.80xaf8Standard query (0)raw.intenseapi.com. [malformed]256424false
                                                                  Dec 29, 2024 02:58:00.016246080 CET192.168.2.238.8.8.80xaf8Standard query (0)raw.intenseapi.com. [malformed]256424false
                                                                  Dec 29, 2024 02:58:00.138720989 CET192.168.2.238.8.8.80xaf8Standard query (0)raw.intenseapi.com. [malformed]256424false
                                                                  Dec 29, 2024 02:58:02.322647095 CET192.168.2.238.8.8.80x3e33Standard query (0)raw.intenseapi.com. [malformed]256426false
                                                                  Dec 29, 2024 02:58:02.446043015 CET192.168.2.238.8.8.80x3e33Standard query (0)raw.intenseapi.com. [malformed]256426false
                                                                  Dec 29, 2024 02:58:02.568576097 CET192.168.2.238.8.8.80x3e33Standard query (0)raw.intenseapi.com. [malformed]256426false
                                                                  Dec 29, 2024 02:58:02.691184998 CET192.168.2.238.8.8.80x3e33Standard query (0)raw.intenseapi.com. [malformed]256426false
                                                                  Dec 29, 2024 02:58:02.813472986 CET192.168.2.238.8.8.80x3e33Standard query (0)raw.intenseapi.com. [malformed]256426false
                                                                  Dec 29, 2024 02:58:05.007499933 CET192.168.2.238.8.8.80x2818Standard query (0)raw.intenseapi.com. [malformed]256429false
                                                                  Dec 29, 2024 02:58:05.129983902 CET192.168.2.238.8.8.80x2818Standard query (0)raw.intenseapi.com. [malformed]256429false
                                                                  Dec 29, 2024 02:58:05.252552986 CET192.168.2.238.8.8.80x2818Standard query (0)raw.intenseapi.com. [malformed]256429false
                                                                  Dec 29, 2024 02:58:05.375042915 CET192.168.2.238.8.8.80x2818Standard query (0)raw.intenseapi.com. [malformed]256429false
                                                                  Dec 29, 2024 02:58:05.497688055 CET192.168.2.238.8.8.80x2818Standard query (0)raw.intenseapi.com. [malformed]256429false
                                                                  Dec 29, 2024 02:58:07.655628920 CET192.168.2.238.8.8.80xb365Standard query (0)raw.intenseapi.com. [malformed]256431false
                                                                  Dec 29, 2024 02:58:07.778007030 CET192.168.2.238.8.8.80xb365Standard query (0)raw.intenseapi.com. [malformed]256431false
                                                                  Dec 29, 2024 02:58:07.900366068 CET192.168.2.238.8.8.80xb365Standard query (0)raw.intenseapi.com. [malformed]256432false
                                                                  Dec 29, 2024 02:58:08.022938967 CET192.168.2.238.8.8.80xb365Standard query (0)raw.intenseapi.com. [malformed]256432false
                                                                  Dec 29, 2024 02:58:08.145306110 CET192.168.2.238.8.8.80xb365Standard query (0)raw.intenseapi.com. [malformed]256432false
                                                                  Dec 29, 2024 02:58:10.330240011 CET192.168.2.238.8.8.80x5ce9Standard query (0)raw.intenseapi.com. [malformed]256434false
                                                                  Dec 29, 2024 02:58:10.452739000 CET192.168.2.238.8.8.80x5ce9Standard query (0)raw.intenseapi.com. [malformed]256434false
                                                                  Dec 29, 2024 02:58:10.575404882 CET192.168.2.238.8.8.80x5ce9Standard query (0)raw.intenseapi.com. [malformed]256434false
                                                                  Dec 29, 2024 02:58:10.698106050 CET192.168.2.238.8.8.80x5ce9Standard query (0)raw.intenseapi.com. [malformed]256434false
                                                                  Dec 29, 2024 02:58:10.820633888 CET192.168.2.238.8.8.80x5ce9Standard query (0)raw.intenseapi.com. [malformed]256434false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Dec 29, 2024 02:57:54.376955986 CET8.8.8.8192.168.2.230x4094No error (0)raw.intenseapi.com193.200.78.37A (IP address)IN (0x0001)false

                                                                  System Behavior

                                                                  General

                                                                  Start time (UTC):01:57:53
                                                                  Start date (UTC):29/12/2024
                                                                  Path:/tmp/Aqua.i686.elf
                                                                  Arguments:/tmp/Aqua.i686.elf
                                                                  File size:50352 bytes
                                                                  MD5 hash:e9eccfb9834ec789ab345b0e6e62e16a

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):01:57:53
                                                                  Start date (UTC):29/12/2024
                                                                  Path:/tmp/Aqua.i686.elf
                                                                  Arguments:-
                                                                  File size:50352 bytes
                                                                  MD5 hash:e9eccfb9834ec789ab345b0e6e62e16a

                                                                  Chronological Activities