Edit tour
Linux
Analysis Report
dlr.mips.elf
Overview
General Information
| Sample name: | dlr.mips.elf |
| Analysis ID: | 1586161 |
| MD5: | ff7da44e11cd5a1ad06532ef66173ca2 |
| SHA1: | 7288dcf07f32a3c535b076f9e39dd645c1a085ec |
| SHA256: | 07c5a29efa7987474eef1ed539b016b1ea731e5f6e0caac40ef0c96094eb6219 |
| Tags: | elfuser-abuse_ch |
| Infos: |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
Signatures
Antivirus detection for dropped file
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Classification
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1586161 |
| Start date and time: | 2025-01-08 19:32:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 36s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | dlr.mips.elf |
| Detection: | MAL |
| Classification: | mal48.linELF@0/1@0/0 |
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: dlr.mips.elf
| Command: | /tmp/dlr.mips.elf |
| PID: | 6234 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | AAA BAH |
| Standard Error: |
- system is lnxubuntu20
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
| Source: | File written: | Jump to dropped file | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
Internet| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs | Linux.Downloader.Generic |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | EXP/ELF.Mirai.Hua.a | ||
| 29% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 103.136.41.100 | unknown | India | 139884 | AGPL-AS-APApeironGlobalPvtLtdIN | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 103.136.41.100 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| AGPL-AS-APApeironGlobalPvtLtdIN | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FFDroider | Browse |
| ||
| Get hash | malicious | Neshta | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ManusCrypt, Socelars | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FFDroider | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| INIT7CH | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | /tmp/dlr.mips.elf |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 102688 |
| Entropy (8bit): | 5.522398154730104 |
| Encrypted: | false |
| SSDEEP: | 1536:S2+l0txozQ6cG5xJCsGpxGJKGmzPE6i3g/K5E3k74R+rYxK5ezjIJixGdWXsbdGf:B+KxozQBdpxCK1EIzm98aW |
| MD5: | A7C54F12667170713DBBC7A47D488A7F |
| SHA1: | 61A899D36B58FA39843E90DA10CACD214A58AE50 |
| SHA-256: | 92C2CC623808C3AF0B3A42535B437572F7120D748012AA6C440799899736DB3B |
| SHA-512: | 84D0A5D7B294849E3948F2802896CF377957A67DF1F56EC5BB5D5F4BD518256ED06C150498359ECB4AC1AC2CCE985C64EE991B5FE002CB61F261A12ED5B76DEB |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 4.556432867725662 |
| TrID: |
|
| File name: | dlr.mips.elf |
| File size: | 11'676 bytes |
| MD5: | ff7da44e11cd5a1ad06532ef66173ca2 |
| SHA1: | 7288dcf07f32a3c535b076f9e39dd645c1a085ec |
| SHA256: | 07c5a29efa7987474eef1ed539b016b1ea731e5f6e0caac40ef0c96094eb6219 |
| SHA512: | 29deeb592319208f483a2d9e1b76ca5fc3094d47d71c918cae03bff0d64000b51d0002a874cac4f8d1c963acef903a6e315358babf18394bdb5f2d9d828567fb |
| SSDEEP: | 96:2NUPrA9SDROEREOExDxEXigEsEa4L9lrpynLojU5HfNuIusbrXTIU13t7DX7KgnV:LJYQDmxQ5Z9YnU5/NuIuscIr1npGD/5G |
| TLSH: | 223215492A31DBFAF55DD53447B3CA20668476B22AA0C648F15CEB4C0FB038E655E7F8 |
| File Content Preview: | .ELF.....................@.....4..*......4. ...(....p........@...@...........................@...@........................ ..D ..D ........P........dt.Q.................................................D..<...'......!'.......................<...'......!... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 4 |
| Section Header Offset: | 10916 |
| Section Header Size: | 40 |
| Number of Section Headers: | 19 |
| Header String Table Index: | 18 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .reginfo | MIPS_REGINFO | 0x4000b4 | 0xb4 | 0x18 | 0x18 | 0x2 | A | 0 | 0 | 4 |
| .init | PROGBITS | 0x4000cc | 0xcc | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .text | PROGBITS | 0x400160 | 0x160 | 0x1ba0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
| .fini | PROGBITS | 0x401d00 | 0x1d00 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x401d60 | 0x1d60 | 0x22c | 0x0 | 0x2 | A | 0 | 0 | 16 |
| .eh_frame | PROGBITS | 0x442000 | 0x2000 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .ctors | PROGBITS | 0x442004 | 0x2004 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x44200c | 0x200c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .jcr | PROGBITS | 0x442014 | 0x2014 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x442020 | 0x2020 | 0x70 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
| .got | PROGBITS | 0x442090 | 0x2090 | 0x140 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
| .sdata | PROGBITS | 0x4421d0 | 0x21d0 | 0x4 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
| .sbss | NOBITS | 0x4421d4 | 0x21d4 | 0x8 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
| .bss | NOBITS | 0x4421e0 | 0x21d4 | 0x70 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
| .comment | PROGBITS | 0x0 | 0x21d4 | 0x20a | 0x0 | 0x0 | 0 | 0 | 1 | |
| .mdebug.abi32 | PROGBITS | 0x20a | 0x23de | 0x0 | 0x0 | 0x0 | 0 | 0 | 1 | |
| .pdr | PROGBITS | 0x0 | 0x23e0 | 0x640 | 0x0 | 0x0 | 0 | 0 | 4 | |
| .shstrtab | STRTAB | 0x0 | 0x2a20 | 0x84 | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| <unknown> | 0xb4 | 0x4000b4 | 0x4000b4 | 0x18 | 0x18 | 0.9834 | 0x4 | R | 0x4 | .reginfo | |
| LOAD | 0x0 | 0x400000 | 0x400000 | 0x1f8c | 0x1f8c | 4.8950 | 0x5 | R E | 0x10000 | .reginfo .init .text .fini .rodata | |
| LOAD | 0x2000 | 0x442000 | 0x442000 | 0x1d4 | 0x250 | 3.0121 | 0x6 | RW | 0x10000 | .eh_frame .ctors .dtors .jcr .data .got .sdata .sbss .bss | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 8, 2025 19:32:51.715681076 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:51.720609903 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:51.720710993 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:51.721743107 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:51.726562977 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320096016 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320194960 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320342064 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320385933 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320404053 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320449114 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320453882 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320488930 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320513964 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320555925 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320573092 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320585966 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320621967 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320626020 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320632935 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320633888 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320657969 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.320658922 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320691109 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.320691109 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.324987888 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.325006962 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.325030088 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.325040102 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.407840967 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.407879114 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.407887936 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.407898903 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.407988071 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.407988071 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.407988071 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.407989025 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.408158064 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.408169031 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.408178091 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.408214092 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.408225060 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.408236027 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409099102 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409110069 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409120083 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409133911 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409145117 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409862041 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409872055 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409882069 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409895897 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409907103 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.409918070 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.410691977 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.450001001 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.450040102 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.450050116 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.450870991 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.495872021 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495883942 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495893955 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495912075 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495922089 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495935917 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.495939970 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.495950937 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496062994 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.496397018 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496408939 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496426105 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496437073 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496448040 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496459961 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.496471882 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497169971 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497234106 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497245073 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497266054 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497277021 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497288942 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.497302055 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498063087 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498106956 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498121977 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498135090 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498177052 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.498195887 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498207092 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498218060 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498938084 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498959064 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.498970032 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.499063015 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.499073982 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.499083996 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.499099016 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.500474930 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.500751019 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.500763893 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.500775099 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.500787020 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.502681017 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.537801027 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.537823915 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.537836075 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.537846088 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.537857056 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.537863970 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.539839983 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.585187912 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585200071 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585210085 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585220098 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585231066 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585239887 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.585242033 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585256100 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.585264921 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.586947918 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:52.587229013 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.619966984 CET | 33752 | 80 | 192.168.2.23 | 103.136.41.100 |
| Jan 8, 2025 19:32:52.624763966 CET | 80 | 33752 | 103.136.41.100 | 192.168.2.23 |
| Jan 8, 2025 19:32:54.100779057 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Jan 8, 2025 19:32:59.476001978 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Jan 8, 2025 19:33:01.011738062 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Jan 8, 2025 19:33:15.345751047 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Jan 8, 2025 19:33:25.584326982 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Jan 8, 2025 19:33:31.727739096 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Jan 8, 2025 19:33:56.300537109 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.23 | 33752 | 103.136.41.100 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Jan 8, 2025 19:32:51.721743107 CET | 92 | OUT | |
| Jan 8, 2025 19:32:52.320096016 CET | 731 | IN | |
| Jan 8, 2025 19:32:52.320342064 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320404053 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320453882 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320513964 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320573092 CET | 956 | IN | |
| Jan 8, 2025 19:32:52.320585966 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320621967 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320632935 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.320657969 CET | 1236 | IN | |
| Jan 8, 2025 19:32:52.324987888 CET | 1236 | IN |
System Behavior
| Start time (UTC): | 18:32:50 |
| Start date (UTC): | 08/01/2025 |
| Path: | /tmp/dlr.mips.elf |
| Arguments: | /tmp/dlr.mips.elf |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |