Linux
Analysis Report
i686.elf
Overview
General Information
Detection
Mirai
Score: | 76 |
Range: | 0 - 100 |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Performs DNS TXT record lookups
Sample reads /proc/mounts (often used for finding a writable filesystem)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1623228 |
Start date and time: | 2025-02-25 02:52:20 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | i686.elf |
Detection: | MAL |
Classification: | mal76.troj.evad.linELF@0/0@4/0 |
Command: | /tmp/i686.elf |
PID: | 5489 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life |
Standard Error: |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_807911a2 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d4227dbf | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d996d335 | unknown | unknown |
| |
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_9e9530a7 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_807911a2 | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d4227dbf | unknown | unknown |
| |
Linux_Trojan_Gafgyt_d996d335 | unknown | unknown |
| |
Click to see the 11 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • HIPS / PFW / Operating System Protection Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | UDP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Persistence and Installation Behavior |
---|
Source: | File: | Jump to behavior | ||
Source: | File: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
29% | ReversingLabs | Linux.Backdoor.Gafgyt |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false | high | |
stun.l.google.com | 74.125.250.129 | true | false | high | |
lib.libre | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.182.33.45 | unknown | Canada | 577 | BACOMCA | false | |
136.228.15.199 | unknown | United States | 36351 | SOFTLAYERUS | false | |
191.53.238.183 | unknown | Brazil | 28202 | RedeBrasileiradeComunicacaoLtdaBR | false | |
3.169.64.103 | unknown | United States | 16509 | AMAZON-02US | false | |
74.125.250.129 | stun.l.google.com | United States | 15169 | GOOGLEUS | false | |
141.10.252.172 | unknown | Germany | 553 | BELWUEBelWue-KoordinationEU | false | |
154.205.155.219 | unknown | Seychelles | 26484 | IKGUL-26484US | false |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-02US | Get hash | malicious | Phisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
BACOMCA | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
RedeBrasileiradeComunicacaoLtdaBR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SOFTLAYERUS | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.116103794367015 |
TrID: |
|
File name: | i686.elf |
File size: | 87'904 bytes |
MD5: | 3061ee47035f45105daea30774fc8e83 |
SHA1: | ff53726727e12f1918456e24bb4c80735fc043fd |
SHA256: | 3be727f3450c70c22b0da77830d82a1fd08c8cf88b887c707b6f318031284a4e |
SHA512: | 78f4de7c304715fcc4ba46b0e8314c60d1426887cbd0ca43f36b7b49ace8c48d2161adf4d66441f3671d7ba60c242037c785140859927f77d9f26345bc2c71fe |
SSDEEP: | 1536:uXzAZioFYmfwJX+TupQyiha2dyxPFQyBami1t7nVwCX+h0Z0t1:KcFFYmoJX+TRyiJdmWyB01t7nVf+ho0T |
TLSH: | 5E834A03B5C088FDC499D6348B6FA536D973F06E2235B16B27D0BF226E5EE101F6A119 |
File Content Preview: | .ELF..............>.......@.....@........D..........@.8...@.......................@.......@.....P?......P?......................X?......X?Q.....X?Q.....H.......0p..............Q.td....................................................H...._........H........ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 83168 |
Section Header Size: | 64 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x4000e8 | 0xe8 | 0x13 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x400100 | 0x100 | 0x10e36 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x410f36 | 0x10f36 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x410f60 | 0x10f60 | 0x2ff0 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x513f58 | 0x13f58 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.dtors | PROGBITS | 0x513f68 | 0x13f68 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.data | PROGBITS | 0x513f80 | 0x13f80 | 0x520 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x5144a0 | 0x144a0 | 0x6ae8 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x144a0 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x13f50 | 0x13f50 | 6.3743 | 0x5 | R E | 0x100000 | .init .text .fini .rodata | |
LOAD | 0x13f58 | 0x513f58 | 0x513f58 | 0x548 | 0x7030 | 2.3741 | 0x6 | RW | 0x100000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Download Network PCAP: filtered – full
- Total Packets: 61
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 02:53:04.707253933 CET | 51714 | 23 | 192.168.2.14 | 136.228.15.199 |
Feb 25, 2025 02:53:04.713705063 CET | 23 | 51714 | 136.228.15.199 | 192.168.2.14 |
Feb 25, 2025 02:53:04.714277029 CET | 51714 | 23 | 192.168.2.14 | 136.228.15.199 |
Feb 25, 2025 02:53:04.731642008 CET | 60538 | 23 | 192.168.2.14 | 142.182.33.45 |
Feb 25, 2025 02:53:04.734626055 CET | 51298 | 23 | 192.168.2.14 | 141.10.252.172 |
Feb 25, 2025 02:53:04.738105059 CET | 23 | 60538 | 142.182.33.45 | 192.168.2.14 |
Feb 25, 2025 02:53:04.738181114 CET | 60538 | 23 | 192.168.2.14 | 142.182.33.45 |
Feb 25, 2025 02:53:04.739078999 CET | 32880 | 23 | 192.168.2.14 | 3.169.64.103 |
Feb 25, 2025 02:53:04.741070032 CET | 23 | 51298 | 141.10.252.172 | 192.168.2.14 |
Feb 25, 2025 02:53:04.741117954 CET | 51298 | 23 | 192.168.2.14 | 141.10.252.172 |
Feb 25, 2025 02:53:04.745552063 CET | 23 | 32880 | 3.169.64.103 | 192.168.2.14 |
Feb 25, 2025 02:53:04.745606899 CET | 32880 | 23 | 192.168.2.14 | 3.169.64.103 |
Feb 25, 2025 02:53:04.750258923 CET | 35950 | 23 | 192.168.2.14 | 191.53.238.183 |
Feb 25, 2025 02:53:04.756726027 CET | 23 | 35950 | 191.53.238.183 | 192.168.2.14 |
Feb 25, 2025 02:53:04.756839991 CET | 35950 | 23 | 192.168.2.14 | 191.53.238.183 |
Feb 25, 2025 02:53:04.787899017 CET | 35950 | 23 | 192.168.2.14 | 191.53.238.183 |
Feb 25, 2025 02:53:04.787908077 CET | 32880 | 23 | 192.168.2.14 | 3.169.64.103 |
Feb 25, 2025 02:53:04.787911892 CET | 51298 | 23 | 192.168.2.14 | 141.10.252.172 |
Feb 25, 2025 02:53:04.787926912 CET | 60538 | 23 | 192.168.2.14 | 142.182.33.45 |
Feb 25, 2025 02:53:04.787950039 CET | 51714 | 23 | 192.168.2.14 | 136.228.15.199 |
Feb 25, 2025 02:53:04.794168949 CET | 23 | 35950 | 191.53.238.183 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794202089 CET | 23 | 51714 | 136.228.15.199 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794231892 CET | 23 | 60538 | 142.182.33.45 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794234037 CET | 35950 | 23 | 192.168.2.14 | 191.53.238.183 |
Feb 25, 2025 02:53:04.794260979 CET | 23 | 51298 | 141.10.252.172 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794303894 CET | 23 | 32880 | 3.169.64.103 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794356108 CET | 23 | 32880 | 3.169.64.103 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794384956 CET | 23 | 51298 | 141.10.252.172 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794414043 CET | 23 | 60538 | 142.182.33.45 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794441938 CET | 23 | 51714 | 136.228.15.199 | 192.168.2.14 |
Feb 25, 2025 02:53:04.794447899 CET | 51298 | 23 | 192.168.2.14 | 141.10.252.172 |
Feb 25, 2025 02:53:04.794467926 CET | 60538 | 23 | 192.168.2.14 | 142.182.33.45 |
Feb 25, 2025 02:53:04.794485092 CET | 32880 | 23 | 192.168.2.14 | 3.169.64.103 |
Feb 25, 2025 02:53:04.796233892 CET | 51714 | 23 | 192.168.2.14 | 136.228.15.199 |
Feb 25, 2025 02:53:04.844635963 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:04.851016998 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:04.851073980 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:05.509418011 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:05.509589911 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:05.602169037 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:05.602293968 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:10.393179893 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:10.398521900 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:20.402750969 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:20.407977104 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:20.408055067 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:20.413072109 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:34.601835012 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:34.606952906 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:34.607004881 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:34.612452030 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:49.609195948 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:49.614451885 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:49.614525080 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:53:49.619677067 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:50.904762030 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:53:50.904825926 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:04.160581112 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:04.165843010 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:04.165908098 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:04.170975924 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:17.498886108 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:17.551927090 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:17.552040100 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:17.557136059 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:32.507412910 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:32.512671947 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:32.512753010 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:32.517889023 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:44.805844069 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:44.812163115 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:44.812237978 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:44.818326950 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:58.962349892 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:58.967843056 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:54:58.967916965 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:54:58.973165989 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:01.011576891 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:01.011672020 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:13.973763943 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:13.979022026 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:13.979099035 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:13.984214067 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:27.941164017 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:27.946435928 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:27.946511030 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:27.951598883 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:42.448544025 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:42.453960896 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:42.454049110 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:42.459358931 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:56.516041040 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:56.521317005 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:55:56.521384954 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:55:56.527472019 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:11.159359932 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:56:11.165988922 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:11.166064978 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:56:11.172483921 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:26.168615103 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:56:26.173824072 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:26.173911095 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Feb 25, 2025 02:56:26.179013968 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:30.343086004 CET | 8080 | 52696 | 154.205.155.219 | 192.168.2.14 |
Feb 25, 2025 02:56:30.343144894 CET | 52696 | 8080 | 192.168.2.14 | 154.205.155.219 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 02:53:04.750370979 CET | 33614 | 53 | 192.168.2.14 | 162.243.19.47 |
Feb 25, 2025 02:53:04.844141006 CET | 53 | 33614 | 162.243.19.47 | 192.168.2.14 |
Feb 25, 2025 02:53:05.846426010 CET | 45041 | 53 | 192.168.2.14 | 8.8.8.8 |
Feb 25, 2025 02:53:05.855745077 CET | 53 | 45041 | 8.8.8.8 | 192.168.2.14 |
Feb 25, 2025 02:53:05.855829000 CET | 47585 | 19302 | 192.168.2.14 | 74.125.250.129 |
Feb 25, 2025 02:53:06.335038900 CET | 19302 | 47585 | 74.125.250.129 | 192.168.2.14 |
Feb 25, 2025 02:55:48.767369032 CET | 57056 | 53 | 192.168.2.14 | 8.8.8.8 |
Feb 25, 2025 02:55:48.767469883 CET | 51665 | 53 | 192.168.2.14 | 8.8.8.8 |
Feb 25, 2025 02:55:48.774602890 CET | 53 | 51665 | 8.8.8.8 | 192.168.2.14 |
Feb 25, 2025 02:55:48.774646997 CET | 53 | 57056 | 8.8.8.8 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 25, 2025 02:53:04.750370979 CET | 192.168.2.14 | 162.243.19.47 | 0x880b | Standard query (0) | 16 | IN (0x0001) | false | |
Feb 25, 2025 02:53:05.846426010 CET | 192.168.2.14 | 8.8.8.8 | 0x82d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 02:55:48.767369032 CET | 192.168.2.14 | 8.8.8.8 | 0x1d9f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 02:55:48.767469883 CET | 192.168.2.14 | 8.8.8.8 | 0x36f5 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 25, 2025 02:53:04.844141006 CET | 162.243.19.47 | 192.168.2.14 | 0x880b | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Feb 25, 2025 02:53:05.855745077 CET | 8.8.8.8 | 192.168.2.14 | 0x82d | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 02:55:48.774646997 CET | 8.8.8.8 | 192.168.2.14 | 0x1d9f | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 02:55:48.774646997 CET | 8.8.8.8 | 192.168.2.14 | 0x1d9f | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 01:53:03 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | /tmp/i686.elf |
File size: | 87904 bytes |
MD5 hash: | 3061ee47035f45105daea30774fc8e83 |
Start time (UTC): | 01:53:03 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 87904 bytes |
MD5 hash: | 3061ee47035f45105daea30774fc8e83 |
Start time (UTC): | 01:53:03 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 87904 bytes |
MD5 hash: | 3061ee47035f45105daea30774fc8e83 |
Start time (UTC): | 01:53:03 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 87904 bytes |
MD5 hash: | 3061ee47035f45105daea30774fc8e83 |
Start time (UTC): | 01:53:03 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/i686.elf |
Arguments: | - |
File size: | 87904 bytes |
MD5 hash: | 3061ee47035f45105daea30774fc8e83 |