Edit tour

Linux Analysis Report
dlr.arm7.elf

Overview

General Information

Sample name:dlr.arm7.elf
Analysis ID:1612183
MD5:11257a095dfd32f9be44a5ce493b44e9
SHA1:4f5f836f19df39f104a7c4ac93c78ad4f7c9961f
SHA256:a104d8fd980c1c3442a237356e6420cb770aaefc8f3c57bd9a1596b7b5bc9d53
Tags:elfuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
HTTP GET or POST without a user agent
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1612183
Start date and time:2025-02-11 16:02:29 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:dlr.arm7.elf
Detection:MAL
Classification:mal48.linELF@0/1@0/0
  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Command:/tmp/dlr.arm7.elf
PID:5555
Exit Code:5
Exit Code Info:
Killed:False
Standard Output:
LIZRD
lzrd
Standard Error:
  • system is lnxubuntu20
  • dlr.arm7.elf (PID: 5555, Parent: 5474, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/dlr.arm7.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: dlr.arm7.elfReversingLabs: Detection: 42%
Source: global trafficHTTP traffic detected: GET /arm7 HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: unknownTCP traffic detected without corresponding DNS query: 185.93.89.101
Source: global trafficHTTP traffic detected: GET /arm7 HTTP/1.0Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.linELF@0/1@0/0
Source: /tmp/dlr.arm7.elf (PID: 5555)File written: /tmp/lzrdJump to dropped file
Source: lzrd.12.drDropped file: segment LOAD with 7.8864 entropy (max. 8.0)
Source: lzrd.12.drDropped file: segment LOAD with 7.977 entropy (max. 8.0)
Source: /tmp/dlr.arm7.elf (PID: 5555)Queries kernel information via 'uname': Jump to behavior
Source: dlr.arm7.elf, 5555.1.000055eb2bf6d000.000055eb2c09b000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: dlr.arm7.elf, 5555.1.00007fff9d359000.00007fff9d37a000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/dlr.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/dlr.arm7.elf
Source: dlr.arm7.elf, 5555.1.000055eb2bf6d000.000055eb2c09b000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: dlr.arm7.elf, 5555.1.00007fff9d359000.00007fff9d37a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1612183 Sample: dlr.arm7.elf Startdate: 11/02/2025 Architecture: LINUX Score: 48 11 185.93.89.101, 53766, 80 TS-EMEA-ASNGB United Kingdom 2->11 13 Multi AV Scanner detection for submitted file 2->13 6 dlr.arm7.elf 2->6         started        signatures3 process4 file5 9 /tmp/lzrd, ELF 6->9 dropped

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
dlr.arm7.elf42%ReversingLabsLinux.Downloader.Mirai
SourceDetectionScannerLabelLink
/tmp/lzrd26%ReversingLabsLinux.Backdoor.Mirai
/tmp/lzrd19%VirustotalBrowse
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
185.93.89.101
unknownUnited Kingdom
200861TS-EMEA-ASNGBfalse
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
TS-EMEA-ASNGBmpsl.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
arm7.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
185.93.89.101-mips-2025-02-11T10_20_14.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
mpsl.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
arm4.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
dlr.mips.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
rep.m68k.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
dlr.arm6.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
mips.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
arm7.elfGet hashmaliciousMiraiBrowse
  • 185.93.89.106
No context
No context
Process:/tmp/dlr.arm7.elf
File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
Category:dropped
Size (bytes):66760
Entropy (8bit):7.985752647091721
Encrypted:false
SSDEEP:768:bJw3x0gp8ztSOa+65tlOxfxRPvH8+7t0fdBzlR/ElsjKUig4ef2Nq3UoewzDLQhp:bGOS06Pl20+7Ofc4KUig4ACnp
MD5:7408911CDB1A1C27F878110084A74711
SHA1:47F878BF7FE963525E0C343E7A9CDC374288C93F
SHA-256:D35ABF834E628EEA2490E95F10E824CA6204E0D0385E5A6D7482A07EAF52399A
SHA-512:AA1DC27EBD1E68155D6A51F6344533FE15CF65EB4D9A4EF9ED0E21161A2FCEBC63FA18D328E8C58DB00CAC8A2F78BE98AA9BF3C01AA511B8A686C956B5CD0818
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 26%
  • Antivirus: Virustotal, Detection: 19%, Browse
Reputation:low
Preview:.ELF..............(.....|/..4...........4. ...(.....................................................k...k...........Q.td..............................t.sfga....................m..........?.E.h;...#..$...o...!..6w..S."..~....+.9.b.....>........s...|...]...Y.\r.............M.Y...b)F,NH......K....P........m...t.O.&.e....A....G.$oP....Z..$..X..i........%.A%......B.....&...G...=......Y...R$I.;HK..(v.q...'.U"..O{2$..(,t......S.q.9.GK1...P..!..#~H..Lb..X@..Xx*pf2...i..4.|2.-P....Y.B..EJ.....X.I..z.)..E#m.].Ftb(W..l....W.x.7..`.Y..'....W.3E.d..Dd..{?..1g>.D.+......Y..B..U..d..=l....A..~=..K.."......Vq.....r.|.<Kv..k.|.......W./..5~.b*+w..>.................1..'o....*Il.sj.6.{........|.Q..5.R+k.#.....r..J7.o`......3$......<..G.KW..Ep.v$..Q.7./........`....&..)i...E.i...:....v..k1.Y.$..O-S^...y.b.z...K..K......2...|..nk......{.uDN...;C.q.p ..|....]hs\...........h.S....;q..>.l.(yV...k...1..".b#.K.$/.:#&...~.o.z./"...........Bo.2.|7[.....".....pO.G..
File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, stripped
Entropy (8bit):4.798280302132744
TrID:
  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:dlr.arm7.elf
File size:1'480 bytes
MD5:11257a095dfd32f9be44a5ce493b44e9
SHA1:4f5f836f19df39f104a7c4ac93c78ad4f7c9961f
SHA256:a104d8fd980c1c3442a237356e6420cb770aaefc8f3c57bd9a1596b7b5bc9d53
SHA512:eaaecc9c86a27a4f09693ea6bff6c4aae20fe20423dcecbb1f2b5ec3edebb7c4f2a025de529f8f81edb100ed6658070a128525eed5adca77946a54b6f467be62
SSDEEP:24:cc5KGpa7Urz/jlfkj5+XK1G9Vev3gRGD9i8/NBuLlp/v9gOuN:cc5KGpa7UrLZk59R3dNBur3hC
TLSH:5D31F1D167E04DBDC8F415BEAE6BC310B3A89F40E1CA7123930C73287D1AD789C26055
File Content Preview:.ELF..............(.........4...........4. ...(.....................X...X...............X...X...X.......................X...X...X...................Q.td.........................................8...<...4...........(.."...#...../...-.......M................

ELF header

Class:ELF32
Data:2's complement, little endian
Version:1 (current)
Machine:ARM
Version Number:0x1
Type:EXEC (Executable file)
OS/ABI:UNIX - System V
ABI Version:0
Entry Point Address:0x83a8
Flags:0x4000002
ELF Header Size:52
Program Header Offset:52
Program Header Size:32
Number of Program Headers:4
Section Header Offset:1200
Section Header Size:40
Number of Section Headers:7
Header String Table Index:6
NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
NULL0x00x00x00x00x0000
.textPROGBITS0x80c00xc00x3600x00x6AX0016
.rodataPROGBITS0x84200x4200x380x10x32AMS004
.tbssNOBITS0x104580x4580x80x00x403WAT004
.gotPROGBITS0x104580x4580x100x40x3WA004
.ARM.attributesARM_ATTRIBUTES0x00x4680x140x00x0001
.shstrtabSTRTAB0x00x47c0x340x00x0001
TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
LOAD0x00x80000x80000x4580x4585.19780x5R E0x8000.text .rodata
LOAD0x4580x104580x104580x100x100.33730x6RW 0x8000.tbss .got
TLS0x4580x104580x104580x00x80.00000x4R 0x4.tbss
GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

Download Network PCAP: filteredfull

TimestampSource PortDest PortSource IPDest IP
Feb 11, 2025 16:03:19.261372089 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.266231060 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.266335011 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.267342091 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.272120953 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.887917042 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888062954 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888194084 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888215065 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888228893 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888271093 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888271093 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888271093 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888277054 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888290882 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888305902 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888320923 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888322115 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888322115 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888334036 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888382912 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.888381958 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888382912 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888382912 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.888463020 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.898798943 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.898812056 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.898853064 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.898864985 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:19.898910999 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.898910999 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.898910999 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:19.898958921 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184484959 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184503078 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184513092 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184519053 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184526920 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184537888 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184598923 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184623003 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184623003 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184623003 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184655905 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184655905 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184655905 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184655905 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184689999 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184703112 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184715033 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184727907 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184735060 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184735060 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184741974 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184756041 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184756041 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184756041 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184773922 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184783936 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184791088 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184791088 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184825897 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184825897 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184861898 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184876919 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184890032 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184901953 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184912920 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184920073 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.184926033 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184938908 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.184951067 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.185662985 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.185796022 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.187048912 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.192780018 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192794085 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192810059 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192821026 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192831993 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192843914 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.192861080 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.193384886 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.193438053 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.193449020 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.193466902 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.193478107 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.194411039 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.194478989 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.194492102 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.194504023 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.194516897 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.194574118 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196342945 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:20.196858883 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196871996 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196883917 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196893930 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196907043 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.196933985 CET8053766185.93.89.101192.168.2.15
Feb 11, 2025 16:03:20.198081017 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:21.064723969 CET5376680192.168.2.15185.93.89.101
Feb 11, 2025 16:03:21.072449923 CET8053766185.93.89.101192.168.2.15
Session IDSource IPSource PortDestination IPDestination Port
0192.168.2.1553766185.93.89.10180
TimestampBytes transferredDirectionData
Feb 11, 2025 16:03:19.267342091 CET46OUTGET /arm7 HTTP/1.0
Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00
Data Ascii:
Feb 11, 2025 16:03:19.887917042 CET711INHTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Length: 66760
Content-Type: application/octet-stream
Last-Modified: Tue, 11 Feb 2025 05:20:24 GMT
Date: Tue, 11 Feb 2025 15:03:19 GMT
Data Raw: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 02 00 28 00 01 00 00 00 7c 2f 04 00 34 00 00 00 00 00 00 00 02 00 00 04 34 00 20 00 03 00 28 00 00 00 00 00 01 00 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 10 00 00 a8 8c 02 00 06 00 00 00 00 80 00 00 01 00 00 00 00 00 00 00 00 80 03 00 00 80 03 00 6b c1 00 00 6b c1 00 00 05 00 00 00 00 80 00 00 51 e5 74 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 00 00 00 99 09 74 bd 73 66 67 61 00 12 0d 17 00 00 00 00 b4 b8 02 00 b4 b8 02 00 d4 00 00 00 6d 00 00 00 0e 00 00 00 1a 03 00 3f 91 45 84 68 3b de de a6 0f 23 f0 d4 24 19 aa 16 6f f9 c8 c4 21 1e c8 36 77 c9 b3 90 53 03 22 d3 9b f5 7e b5 ef d9 e0 2b 00 39 ab 62 b7 a8 14 eb 12 3e 98 fe 80 fa 94 1c d2 e6 99 73 12 a7 95 7c 15 09 87 5d 8a 9b bb 59 06 5c 72 99 dc e0 de 96 11 0b f9 f3 b5 94 c0 d1 ed ff fa 4d 04 59 88 a9 04 62 29 46 2c 4e 48 b2 00 e4 c9 01 00 4b ad 00 00 0e 50 00 00 1a 03 00 06 b0 8f 6d a7 01 aa 74 15 4f e8 26 11 65 f9 d1 f7 b7 41 f5 f3 f6 85 47 9b 24 6f 50 d9 81 [TRUNCATED]
Data Ascii: ELF(|/44 (kkQtdtsfgam?Eh;#$o!6wS"~+9b>s|]Y\rMYb)F,NHKPmtO&eAG$oPZ$Xi%A%.B&G=Y.R$I;HK(vq'U"O{2$(,t.Sq9GK1P!#~HLbX@Xx*pf2i4|2-PYBEJ
Feb 11, 2025 16:03:19.888194084 CET1236INData Raw: 04 58 13 49 ff e3 7a e6 a3 29 02 c7 45 23 6d d4 5d 1b 46 74 62 28 57 a2 cb 6c 93 d5 f7 e5 57 bc 78 8b 37 92 ee 60 a6 59 b3 03 27 a8 ee 0e b9 57 a3 33 45 c6 64 b5 f9 44 64 7f e4 7b 3f 17 dd 31 67 3e ca 44 c5 2b cb 0c f7 ac c1 c5 59 08 14 42 fb f7
Data Ascii: XIz)E#m]Ftb(WlWx7`Y'W3EdDd{?1g>D+YBUd=lA~=K"Vqr|<Kvk|W/5~b*+w>1'o*Ilsj6{|Q5R+k#rJ7o`3$
Feb 11, 2025 16:03:19.888215065 CET1236INData Raw: 09 7e 4b db f7 f6 de 8d 5d d6 72 d9 5e 4b fb 74 37 ee b3 9d 37 9a 71 5c 84 3e e9 01 8a 31 17 00 08 cf f4 5b 87 27 69 35 47 5c 67 85 35 aa 91 19 a0 84 0e 8f fb f0 54 9e b3 ef e3 40 1b 6e d8 b4 94 78 0e 6a 15 d7 97 92 dd ab 9a 32 45 cf d0 d5 de 4a
Data Ascii: ~K]r^Kt77q\>1['i5G\g5T@nxj2EJhzmRZs;qHxD>9K*}&o85fI7XRmKyC6d-33XD]sbGdXKU/Urpx.Y"ceA{3}.unO3\$5
Feb 11, 2025 16:03:19.888228893 CET484INData Raw: 1e b1 f7 ca f4 33 b0 e9 41 99 f7 ac f1 88 8f 4d 23 68 c7 87 b8 d4 7a f7 95 0e 4d 45 96 9b d8 ac 7a e7 02 1b a3 d6 58 b7 30 46 7a 66 b2 65 b4 24 67 d1 e8 f5 12 75 c2 20 5c 2d 8a b6 28 47 0a 87 f9 a9 32 51 e3 7d 77 93 d8 6e e2 fa 1e 9f 1f ec 12 bd
Data Ascii: 3AM#hzMEzX0Fzfe$gu \-(G2Q}wn^S0CDd|^G9/.F&1q'`B s}T7qffxnHj2;f"Jyg9?),_%H"r^$#KZ/bWO'?qL>2p
Feb 11, 2025 16:03:19.888277054 CET1236INData Raw: 71 67 a6 d2 70 dd 01 dc e1 45 45 8c 33 b7 be 4a 2a 76 58 16 37 c8 53 29 34 f9 10 ac 1e fc 85 02 44 72 f3 9f cc 25 f2 b0 ed 89 10 7a 96 7f 79 33 bd a9 26 e3 d8 e4 5d 8c 40 9e fd f5 4d 25 45 57 b1 bc 5b ed 08 b5 b3 6b 86 50 cb 5c 65 98 e9 81 92 e2
Data Ascii: qgpEE3J*vX7S)4Dr%zy3&]@M%EW[kP\e|][W0dV~"AnKV0Z'=#$b1*LXlNTx.oMEssKFT^Nh!P>q+t>L.[Aml4,>5l
Feb 11, 2025 16:03:19.888290882 CET1236INData Raw: e5 a9 2f 83 8b 49 a4 83 b2 b0 07 64 96 f8 41 16 bb ee e0 23 f8 4f 7c d2 1a f9 e2 34 30 eb 94 73 80 b7 6d a8 55 48 e3 9e 84 15 f0 f3 68 38 28 30 1c 72 81 4e 5a 10 3f c7 db dd 65 69 d6 b5 d2 d3 ea f7 b3 73 59 c4 ab fb 57 a9 c0 01 cb b0 98 8a 7d 9f
Data Ascii: /IdA#O|40smUHh8(0rNZ?eisYW}=<OupZsTF57FCJh'I[rlM\_mN3@,y#[ck)3]t[[}sD X{+X>xOiO}YgL%=)v
Feb 11, 2025 16:03:19.888305902 CET484INData Raw: 0d 80 de 62 85 19 e2 09 3e 6b be c3 72 c5 f8 e0 7e 18 12 4b 3d 6a 55 c1 a5 df cd d1 81 f3 21 53 c4 f8 a1 d3 12 46 42 ec 91 2d 3d bf fd 4d dc 81 f9 20 56 c2 17 35 14 49 33 6f 76 df bf 06 46 b4 fb 75 2d a8 4d 8a 78 cd 22 01 f9 ba 76 a5 fd d1 2b ce
Data Ascii: b>kr~K=jU!SFB-=M V5I3ovFu-Mx"v+%SA&b&E,.t0WKC=e97p>XGAw;>6k4~e#n6Ehwk[buLNY%'ow.<D}01E0)gL-LI(
Feb 11, 2025 16:03:19.888320923 CET1236INData Raw: 3c ea 36 7c 42 33 54 12 b4 82 4a 1b af 8f cf c9 f0 6a 15 66 df e7 90 50 0e 2e 5f bd 62 13 e5 64 4a cc d9 c1 a0 f9 9b 31 07 1c 79 d4 d3 fa a2 1b 99 72 0d 10 50 38 d6 e8 88 d2 42 4f 9e 3e 85 31 19 fb f1 08 49 bb 98 99 ad e4 5c 13 c3 1d ae 75 2c e2
Data Ascii: <6|B3TJjfP._bdJ1yrP8BO>1I\u,eB6d^&Xit0Ioo&X+2BtyA*&j?='xpMeXZ}Hk;Q{>I;2>F:)x>#q:vH}SHp<pc=3&$*/H
Feb 11, 2025 16:03:19.888334036 CET248INData Raw: ad d0 2d db 51 75 0a 5f f8 4c ed b7 ec 59 28 51 ae 26 ea 93 ee 04 d6 1c 8d 52 51 6b a8 52 e3 7f 7b 94 8f 8b f5 84 d7 79 91 00 ad d3 5b 56 d6 e9 31 b8 74 13 f9 a6 12 41 6b 3e d1 f4 f4 eb f1 bc 17 17 3b b5 66 95 5c 85 f6 d6 49 a5 24 6e 89 8e e7 30
Data Ascii: -Qu_LY(Q&RQkR{y[V1tAk>;f\I$n06G}:f"RBAucSm!MouefQvYL?@K+w7}`5$)&Q%z,=S%y3LI&Ca;TE
Feb 11, 2025 16:03:19.888382912 CET1236INData Raw: c3 16 17 a3 21 c5 3e 08 5b fc 1c 70 bd 2c 6c aa 32 25 2f a2 40 80 ee e3 3e 23 a7 74 f2 0b 76 30 ad 24 18 9f d8 9c 15 7a 5f c6 13 eb 0e f8 cd 96 0c 5f 1a 6c 28 ef 40 c8 e7 b7 50 a0 fc c9 34 2d 39 7e e4 2b dd 93 d2 64 8c a7 62 6f 7b 57 cb b6 97 89
Data Ascii: !>[p,l2%/@>#tv0$z__l(@P4-9~+dbo{WVyu\o`9SCx4|mcZ^C"Vp:Gx<8mF+.?PGr<.m*5H&'fdN'2S+0Cy~dfI7SREl/n`7T
Feb 11, 2025 16:03:19.898798943 CET1236INData Raw: c7 3e 89 86 54 38 0b a0 f8 40 80 59 c1 e7 86 c6 85 59 1e c5 b6 85 e8 7e e4 af 02 26 dd b9 48 24 65 7f 8b 25 c2 dc 84 fe 60 63 45 de dd 88 fe 6f 24 2f 61 92 69 25 ce 81 b8 21 e4 df 05 76 26 52 11 cd d5 c3 38 f5 99 4c b2 ca 15 b2 50 c4 c2 ea a7 25
Data Ascii: >T8@YY~&H$e%`cEo$/ai%!v&R8LP%@b7%778UmSv5#^vTl:Fq[cE1CfY'&mL=lK9"/kSq-NJ=mKP+sQ`G%D25K0bz@XVDdTk'1


System Behavior

Start time (UTC):15:03:18
Start date (UTC):11/02/2025
Path:/tmp/dlr.arm7.elf
Arguments:/tmp/dlr.arm7.elf
File size:4956856 bytes
MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1