Linux
Analysis Report
dlr.mips.elf
Overview
General Information
Sample name: | dlr.mips.elf |
Analysis ID: | 1612185 |
MD5: | 98a2ea74157f23c30a358269df2657a5 |
SHA1: | 0785ab9962f239550467d5a45a4a2d48aac429c1 |
SHA256: | c4fee388bd2a8f173f579984422824f47de3e11825ce65d95a9cb25dff408898 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 48 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
ELF contains segments with high entropy indicating compressed/encrypted content
HTTP GET or POST without a user agent
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1612185 |
Start date and time: | 2025-02-11 16:05:56 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | dlr.mips.elf |
Detection: | MAL |
Classification: | mal48.linELF@0/1@0/0 |
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Command: | /tmp/dlr.mips.elf |
PID: | 6248 |
Exit Code: | 5 |
Exit Code Info: | |
Killed: | False |
Standard Output: | LIZRD lzrd |
Standard Error: |
- system is lnxubuntu20
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File written: | Jump to dropped file |
Source: | Dropped file: | ||
Source: | Dropped file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Obfuscated Files or Information | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Linux.Downloader.Mirai |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | Linux.PUA.Generic | ||
14% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.93.89.101 | unknown | United Kingdom | 200861 | TS-EMEA-ASNGB | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.93.89.101 | Get hash | malicious | Unknown | Browse |
| |
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
TS-EMEA-ASNGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
Process: | /tmp/dlr.mips.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 41864 |
Entropy (8bit): | 7.936195555924508 |
Encrypted: | false |
SSDEEP: | 768:74BsHr1CyEeGEfzkynWGvmIGAiRTzl8ZDp6NKuKYcNywrVzLSNhtD1CMfJgGlzDf:0BsHr4B/sIEWsmIhqHlsDsFkxrBwht0I |
MD5: | A09CC5294FD411C6437D8C4500194386 |
SHA1: | F110BB88384F8228C388AAF2E3EE21895B9A2E34 |
SHA-256: | 21536ACB0D93A9A7BE73965B5ADF87F7D9AE36E5AD4D8D1094206B3ED6960A84 |
SHA-512: | D02EDEBF49ACAFE320FD2C56F1F11648AFA67AAB87F43E2901EE69EAEF9429E1F2921A9964DB221E94F4096083C77CC9DF5759D455462311C33AE852000A3978 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 4.647028440735336 |
TrID: |
|
File name: | dlr.mips.elf |
File size: | 1'984 bytes |
MD5: | 98a2ea74157f23c30a358269df2657a5 |
SHA1: | 0785ab9962f239550467d5a45a4a2d48aac429c1 |
SHA256: | c4fee388bd2a8f173f579984422824f47de3e11825ce65d95a9cb25dff408898 |
SHA512: | 4d01d4b034bcc2a7bb8cd16e6028394a35f8a235520f796fe165813fbfb1621bcbe8cf5b93f4950d49d114a28587d8a4fa6e8e5ccb8f4d583bef5ee0a7831a0b |
SSDEEP: | 48:eRgpEuQ2H7QWrE1zXD/9LuEpUnn2kixMM:SgpTHmNMEpgn8MM |
TLSH: | 0141ED8A1F714EF8F156D93887374B35279A924847C04249E2ACD6002FD430E8DEE7E9 |
File Content Preview: | .ELF.....................@.....4.........4. ...(.............@...@......................... .D. .D. ...T...p........dt.Q........................................0.....,...&... %0...0..... %.........D.%<...'..H...!...\..(!. ..$...<...'..,...!...\..(!. ..$.. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 1704 |
Section Header Size: | 40 |
Number of Section Headers: | 7 |
Header String Table Index: | 6 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.text | PROGBITS | 0x4000a0 | 0xa0 | 0x540 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.rodata | PROGBITS | 0x4005e0 | 0x5e0 | 0x38 | 0x1 | 0x32 | AMS | 0 | 0 | 4 |
.got | PROGBITS | 0x440620 | 0x620 | 0x54 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.bss | NOBITS | 0x440680 | 0x674 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.mdebug.abi32 | PROGBITS | 0x48 | 0x674 | 0x0 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x674 | 0x31 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x618 | 0x618 | 4.9623 | 0x5 | R E | 0x10000 | .text .rodata | |
LOAD | 0x620 | 0x440620 | 0x440620 | 0x54 | 0x70 | 2.4096 | 0x6 | RW | 0x10000 | .got .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 34
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 11, 2025 16:06:56.559978008 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 11, 2025 16:06:57.624077082 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:57.630314112 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:57.630381107 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:57.631525993 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:57.638036013 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.095765114 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 11, 2025 16:06:58.238790035 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238820076 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238832951 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238842964 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238853931 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238864899 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238876104 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238887072 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238898039 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238909960 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238926888 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238981962 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.238981962 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.244050980 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.244065046 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.244092941 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.244092941 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.244155884 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.244168043 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.244189978 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.244189978 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.326281071 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326293945 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326307058 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326328993 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.326359034 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.326416016 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326426983 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326437950 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326448917 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.326461077 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327003002 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.327199936 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327210903 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327222109 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327354908 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327366114 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.327657938 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.328141928 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328154087 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328164101 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328301907 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.328633070 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328644991 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328655958 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328665972 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328676939 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.328952074 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.329582930 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.368936062 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.368952990 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.368964911 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.368980885 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:58.369069099 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:06:58.369355917 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:59.231395960 CET | 44148 | 80 | 192.168.2.23 | 185.93.89.101 |
Feb 11, 2025 16:06:59.236248016 CET | 80 | 44148 | 185.93.89.101 | 192.168.2.23 |
Feb 11, 2025 16:07:01.935179949 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 11, 2025 16:07:17.804975986 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 11, 2025 16:07:28.043571949 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 11, 2025 16:07:28.043574095 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 11, 2025 16:07:58.759299994 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 11, 2025 16:08:19.236434937 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.23 | 44148 | 185.93.89.101 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Feb 11, 2025 16:06:57.631525993 CET | 46 | OUT | |
Feb 11, 2025 16:06:58.238790035 CET | 711 | IN | |
Feb 11, 2025 16:06:58.238820076 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.238832951 CET | 248 | IN | |
Feb 11, 2025 16:06:58.238842964 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.238853931 CET | 248 | IN | |
Feb 11, 2025 16:06:58.238864899 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.238876104 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.238887072 CET | 484 | IN | |
Feb 11, 2025 16:06:58.238898039 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.238909960 CET | 1236 | IN | |
Feb 11, 2025 16:06:58.244050980 CET | 1236 | IN |
System Behavior
Start time (UTC): | 15:06:56 |
Start date (UTC): | 11/02/2025 |
Path: | /tmp/dlr.mips.elf |
Arguments: | /tmp/dlr.mips.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |