Edit tour

Linux Analysis Report
zermips.elf

Overview

General Information

Sample name:zermips.elf
Analysis ID:1623338
MD5:f034753a8e28e602c6d6abdd7cbf9d5a
SHA1:022c9a7da63426d3dfd256f6622a6cf6d4f7a324
SHA256:956083f9fb19568b62f7fd06b2a7a117e244609039c9fcc16a95140292705703
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1623338
Start date and time:2025-02-25 07:20:19 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zermips.elf
Detection:MAL
Classification:mal52.troj.linELF@0/0@27/0
Command:/tmp/zermips.elf
PID:5529
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zermips.elf (PID: 5529, Parent: 5447, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/zermips.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zermips.elfVirustotal: Detection: 25%Perma Link
Source: zermips.elfReversingLabs: Detection: 34%

Networking

barindex
Source: global trafficDNS traffic detected: malformed DNS query: serisbot.geek. [malformed]
Source: global trafficTCP traffic: 192.168.2.15:57830 -> 209.97.177.154:1440
Source: global trafficTCP traffic: 192.168.2.15:37388 -> 64.225.80.213:1440
Source: global trafficTCP traffic: 192.168.2.15:45542 -> 157.245.23.184:1440
Source: /tmp/zermips.elf (PID: 5529)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: global trafficDNS traffic detected: DNS query: serisontop.dyn
Source: global trafficDNS traffic detected: DNS query: serisbot.geek. [malformed]
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal52.troj.linELF@0/0@27/0
Source: /tmp/zermips.elf (PID: 5529)Queries kernel information via 'uname': Jump to behavior
Source: zermips.elf, 5529.1.00007ffc8de39000.00007ffc8de5a000.rw-.sdmpBinary or memory string: }Hx86_64/usr/bin/qemu-mips/tmp/zermips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zermips.elf
Source: zermips.elf, 5529.1.00005569b3eb7000.00005569b3f3e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mips
Source: zermips.elf, 5529.1.00005569b3eb7000.00005569b3f3e000.rw-.sdmpBinary or memory string: iU!/etc/qemu-binfmt/mips
Source: zermips.elf, 5529.1.00007ffc8de39000.00007ffc8de5a000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mips
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1623338 Sample: zermips.elf Startdate: 25/02/2025 Architecture: LINUX Score: 52 14 serisbot.geek. [malformed] 2->14 16 157.245.23.184, 1440, 45542 DIGITALOCEAN-ASNUS United States 2->16 18 2 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 8 zermips.elf 2->8         started        signatures3 22 Sends malformed DNS queries 14->22 process4 process5 10 zermips.elf 8->10         started        process6 12 zermips.elf 10->12         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
zermips.elf26%VirustotalBrowse
zermips.elf34%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
serisontop.dyn
209.97.177.154
truefalse
    high
    serisbot.geek. [malformed]
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      209.97.177.154
      serisontop.dynUnited States
      14061DIGITALOCEAN-ASNUSfalse
      64.225.80.213
      unknownUnited States
      14061DIGITALOCEAN-ASNUSfalse
      157.245.23.184
      unknownUnited States
      14061DIGITALOCEAN-ASNUSfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      209.97.177.154zerspc.elfGet hashmaliciousUnknownBrowse
        zersh4.elfGet hashmaliciousUnknownBrowse
          64.225.80.213zerspc.elfGet hashmaliciousUnknownBrowse
            zersh4.elfGet hashmaliciousUnknownBrowse
              157.245.23.184zerspc.elfGet hashmaliciousUnknownBrowse
                zersh4.elfGet hashmaliciousUnknownBrowse
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  serisontop.dynnklmips.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  nklm68k.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  nabx86.elfGet hashmaliciousUnknownBrowse
                  • 209.97.177.154
                  arm.elfGet hashmaliciousUnknownBrowse
                  • 209.97.177.154
                  splppc.elfGet hashmaliciousUnknownBrowse
                  • 64.225.80.213
                  nklarm7.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  nabmpsl.elfGet hashmaliciousUnknownBrowse
                  • 64.225.80.213
                  zerspc.elfGet hashmaliciousUnknownBrowse
                  • 64.225.80.213
                  splsh4.elfGet hashmaliciousUnknownBrowse
                  • 64.225.80.213
                  splarm7.elfGet hashmaliciousUnknownBrowse
                  • 209.97.177.154
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://brightenbooks.com.hk/trigger.php?r_link=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 142.93.33.81
                  zersh4.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://www.easytravel.com.tw/GOMEasytravel.aspx?GO=https://kwm.nexomusic.pe/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://www.01caijing.com/weapons/visit.htm?go=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  Setup (1).exeGet hashmaliciousUnknownBrowse
                  • 161.35.127.181
                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                  • 157.245.170.51
                  https://semi-zcmp.maillist-manage.com/click/113bc2fac6fdfbf8d/113bc2fac6fdfb926Get hashmaliciousPayPal PhisherBrowse
                  • 178.62.11.52
                  DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://brightenbooks.com.hk/trigger.php?r_link=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 142.93.33.81
                  zersh4.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://www.easytravel.com.tw/GOMEasytravel.aspx?GO=https://kwm.nexomusic.pe/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://www.01caijing.com/weapons/visit.htm?go=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  Setup (1).exeGet hashmaliciousUnknownBrowse
                  • 161.35.127.181
                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                  • 157.245.170.51
                  https://semi-zcmp.maillist-manage.com/click/113bc2fac6fdfbf8d/113bc2fac6fdfb926Get hashmaliciousPayPal PhisherBrowse
                  • 178.62.11.52
                  DIGITALOCEAN-ASNUSzerspc.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://brightenbooks.com.hk/trigger.php?r_link=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 142.93.33.81
                  zersh4.elfGet hashmaliciousUnknownBrowse
                  • 157.245.23.184
                  https://www.easytravel.com.tw/GOMEasytravel.aspx?GO=https://kwm.nexomusic.pe/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://www.01caijing.com/weapons/visit.htm?go=https://auth.khs.co.com/kQR5EF2ST6CD1OP4mQR5CD1CD1MN3QR5YZ9OP4kwmOP4cWX8mGet hashmaliciousHTMLPhisherBrowse
                  • 138.197.133.161
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  https://upwork.confirmation-payment.com/51713588Get hashmaliciousUnknownBrowse
                  • 104.131.67.145
                  Setup (1).exeGet hashmaliciousUnknownBrowse
                  • 161.35.127.181
                  x86.elfGet hashmaliciousMirai, MoobotBrowse
                  • 157.245.170.51
                  https://semi-zcmp.maillist-manage.com/click/113bc2fac6fdfbf8d/113bc2fac6fdfb926Get hashmaliciousPayPal PhisherBrowse
                  • 178.62.11.52
                  No context
                  No context
                  No created / dropped files found
                  File type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                  Entropy (8bit):5.424298816526931
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:zermips.elf
                  File size:64'360 bytes
                  MD5:f034753a8e28e602c6d6abdd7cbf9d5a
                  SHA1:022c9a7da63426d3dfd256f6622a6cf6d4f7a324
                  SHA256:956083f9fb19568b62f7fd06b2a7a117e244609039c9fcc16a95140292705703
                  SHA512:1ce1108a2120f99f3c3c03f5eea27591ea96ea6746f4bf1ea91c33ebefbd28473e404eb22f173f2b9f20d1eaafb3cc7d91a6ac92f15d760c556ac623ac074411
                  SSDEEP:768:xOEcK9vS/EEHDw2FzEXqfL8annRQ9EOH2T8yF8lCNtNCNONBNYNHNBz8Cb9Pwhxs:1cpjDwozEs8rZ8Cb9PwhxBsoIh
                  TLSH:8F53D71E2E219FACFBAC823547F78F31965833D536E1C245E15CE9011EB024E646FBA9
                  File Content Preview:.ELF.....................@.`...4.........4. ...(.............@...@...........................D...D.........T........dt.Q............................<...'.tL...!'.......................<...'.t(...!... ....'9... ......................<...'.s....!........'9.

                  ELF header

                  Class:ELF32
                  Data:2's complement, big endian
                  Version:1 (current)
                  Machine:MIPS R3000
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x400260
                  Flags:0x1007
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:3
                  Section Header Offset:63760
                  Section Header Size:40
                  Number of Section Headers:15
                  Header String Table Index:14
                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x4000940x940x8c0x00x6AX004
                  .textPROGBITS0x4001200x1200xe9400x00x6AX0016
                  .finiPROGBITS0x40ea600xea600x5c0x00x6AX004
                  .rodataPROGBITS0x40eac00xeac00x8400x00x2A0016
                  .ctorsPROGBITS0x44f3040xf3040x80x00x3WA004
                  .dtorsPROGBITS0x44f30c0xf30c0x80x00x3WA004
                  .jcrPROGBITS0x44f3140xf3140x40x00x3WA004
                  .data.rel.roPROGBITS0x44f3180xf3180x80x00x3WA004
                  .dataPROGBITS0x44f3200xf3200x1d00x00x3WA0016
                  .gotPROGBITS0x44f4f00xf4f00x3b40x40x10000003WAp0016
                  .sbssNOBITS0x44f8a40xf8a40x1c0x00x10000003WAp004
                  .bssNOBITS0x44f8c00xf8a40x2980x00x3WA0016
                  .mdebug.abi32PROGBITS0x71a0xf8a40x00x00x0001
                  .shstrtabSTRTAB0x00xf8a40x690x00x0001
                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x4000000x4000000xf3000xf3005.45350x5R E0x10000.init .text .fini .rodata
                  LOAD0xf3040x44f3040x44f3040x5a00x8543.60520x6RW 0x10000.ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss
                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                  Download Network PCAP: filteredfull

                  • Total Packets: 83
                  • 1440 undefined
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 25, 2025 07:21:05.641881943 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:05.648087025 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:05.648214102 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:05.660065889 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:05.665237904 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:05.665332079 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:05.670458078 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:15.670243025 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:15.675374985 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:15.896416903 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:15.897094965 CET578301440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:15.902163029 CET144057830209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:17.088059902 CET578321440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:17.093194008 CET144057832209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:17.093274117 CET578321440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:17.094598055 CET578321440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:17.099576950 CET144057832209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:17.099813938 CET578321440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:17.104871035 CET144057832209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:27.756686926 CET144057832209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:27.757401943 CET578321440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:21:27.762546062 CET144057832209.97.177.154192.168.2.15
                  Feb 25, 2025 07:21:28.789216995 CET373881440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:28.794437885 CET14403738864.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:28.794548988 CET373881440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:28.797691107 CET373881440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:28.802731037 CET14403738864.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:28.802835941 CET373881440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:28.807955027 CET14403738864.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:39.429354906 CET14403738864.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:39.429755926 CET373881440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:39.434799910 CET14403738864.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:40.454376936 CET455421440192.168.2.15157.245.23.184
                  Feb 25, 2025 07:21:40.459541082 CET144045542157.245.23.184192.168.2.15
                  Feb 25, 2025 07:21:40.459625006 CET455421440192.168.2.15157.245.23.184
                  Feb 25, 2025 07:21:40.460798979 CET455421440192.168.2.15157.245.23.184
                  Feb 25, 2025 07:21:40.466420889 CET144045542157.245.23.184192.168.2.15
                  Feb 25, 2025 07:21:40.466483116 CET455421440192.168.2.15157.245.23.184
                  Feb 25, 2025 07:21:40.472841978 CET144045542157.245.23.184192.168.2.15
                  Feb 25, 2025 07:21:51.099512100 CET144045542157.245.23.184192.168.2.15
                  Feb 25, 2025 07:21:51.099948883 CET455421440192.168.2.15157.245.23.184
                  Feb 25, 2025 07:21:51.105015039 CET144045542157.245.23.184192.168.2.15
                  Feb 25, 2025 07:21:52.137263060 CET373921440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:52.142793894 CET14403739264.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:52.142874956 CET373921440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:52.144438028 CET373921440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:52.149892092 CET14403739264.225.80.213192.168.2.15
                  Feb 25, 2025 07:21:52.150002956 CET373921440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:21:52.154983044 CET14403739264.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:02.845293999 CET14403739264.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:02.845829964 CET373921440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:02.850912094 CET14403739264.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:04.304980040 CET373941440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:04.310026884 CET14403739464.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:04.310101032 CET373941440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:04.310833931 CET373941440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:04.315869093 CET14403739464.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:04.315922022 CET373941440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:04.321682930 CET14403739464.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:14.958391905 CET14403739464.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:14.958525896 CET373941440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:14.963620901 CET14403739464.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:16.113586903 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:16.118840933 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:16.118911982 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:16.120147943 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:16.126415968 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:16.126497030 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:16.131553888 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:26.127321005 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:26.132426977 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:26.374825954 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:26.375116110 CET373961440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:26.380542040 CET14403739664.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:27.400544882 CET578441440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:27.405606985 CET144057844209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:27.405689001 CET578441440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:27.406647921 CET578441440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:27.411659956 CET144057844209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:27.411757946 CET578441440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:27.416778088 CET144057844209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:38.082784891 CET144057844209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:38.083117008 CET578441440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:38.088305950 CET144057844209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:39.177150011 CET374001440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:39.182291985 CET14403740064.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:39.182432890 CET374001440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:39.184005976 CET374001440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:39.189073086 CET14403740064.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:39.189205885 CET374001440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:39.194302082 CET14403740064.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:49.837565899 CET14403740064.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:49.837733030 CET374001440192.168.2.1564.225.80.213
                  Feb 25, 2025 07:22:49.842763901 CET14403740064.225.80.213192.168.2.15
                  Feb 25, 2025 07:22:50.861551046 CET578481440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:50.866673946 CET144057848209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:50.866746902 CET578481440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:50.867993116 CET578481440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:50.873039007 CET144057848209.97.177.154192.168.2.15
                  Feb 25, 2025 07:22:50.873095036 CET578481440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:22:50.878156900 CET144057848209.97.177.154192.168.2.15
                  Feb 25, 2025 07:23:01.512387037 CET144057848209.97.177.154192.168.2.15
                  Feb 25, 2025 07:23:01.512685061 CET578481440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:23:01.517818928 CET144057848209.97.177.154192.168.2.15
                  Feb 25, 2025 07:23:02.641144991 CET578501440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:23:02.646193027 CET144057850209.97.177.154192.168.2.15
                  Feb 25, 2025 07:23:02.646259069 CET578501440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:23:02.647485018 CET578501440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:23:02.652518034 CET144057850209.97.177.154192.168.2.15
                  Feb 25, 2025 07:23:02.652575970 CET578501440192.168.2.15209.97.177.154
                  Feb 25, 2025 07:23:02.657598019 CET144057850209.97.177.154192.168.2.15
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 25, 2025 07:21:05.600480080 CET5241853192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:05.640430927 CET5352418185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:16.901107073 CET5418953192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:16.934432983 CET5354189185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:16.936429977 CET5063253192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:16.972316980 CET5350632185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:16.973802090 CET5972253192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:17.009946108 CET5359722185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:17.011420012 CET4360853192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:17.049999952 CET5343608185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:17.051038027 CET4365553192.168.2.15185.181.61.24
                  Feb 25, 2025 07:21:17.087054014 CET5343655185.181.61.24192.168.2.15
                  Feb 25, 2025 07:21:28.761229038 CET4959353192.168.2.1551.158.108.203
                  Feb 25, 2025 07:21:28.787847996 CET534959351.158.108.203192.168.2.15
                  Feb 25, 2025 07:21:40.432944059 CET5316953192.168.2.15194.36.144.87
                  Feb 25, 2025 07:21:40.453265905 CET5353169194.36.144.87192.168.2.15
                  Feb 25, 2025 07:21:52.103147984 CET5437653192.168.2.1581.169.136.222
                  Feb 25, 2025 07:21:52.135736942 CET535437681.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:03.849798918 CET4893253192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:03.939979076 CET5348932168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:03.941735983 CET3683853192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:04.032016993 CET5336838168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:04.034233093 CET4842853192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:04.123343945 CET5348428168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:04.125576019 CET3844753192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:04.215138912 CET5338447168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:04.216743946 CET5411853192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:04.304333925 CET5354118168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:15.961605072 CET5515653192.168.2.1581.169.136.222
                  Feb 25, 2025 07:22:15.988830090 CET535515681.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:15.990386963 CET4263253192.168.2.1581.169.136.222
                  Feb 25, 2025 07:22:16.020219088 CET534263281.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:16.021720886 CET3958153192.168.2.1581.169.136.222
                  Feb 25, 2025 07:22:16.049920082 CET533958181.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:16.051331997 CET4222353192.168.2.1581.169.136.222
                  Feb 25, 2025 07:22:16.081115007 CET534222381.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:16.082659960 CET5256353192.168.2.1581.169.136.222
                  Feb 25, 2025 07:22:16.112560987 CET535256381.169.136.222192.168.2.15
                  Feb 25, 2025 07:22:27.378240108 CET4771553192.168.2.1551.158.108.203
                  Feb 25, 2025 07:22:27.399502993 CET534771551.158.108.203192.168.2.15
                  Feb 25, 2025 07:22:39.086695910 CET4449053192.168.2.15168.235.111.72
                  Feb 25, 2025 07:22:39.175905943 CET5344490168.235.111.72192.168.2.15
                  Feb 25, 2025 07:22:50.841284990 CET5098953192.168.2.15194.36.144.87
                  Feb 25, 2025 07:22:50.860717058 CET5350989194.36.144.87192.168.2.15
                  Feb 25, 2025 07:23:02.516176939 CET5983653192.168.2.15194.36.144.87
                  Feb 25, 2025 07:23:02.541384935 CET5359836194.36.144.87192.168.2.15
                  Feb 25, 2025 07:23:02.543289900 CET4242853192.168.2.15194.36.144.87
                  Feb 25, 2025 07:23:02.562195063 CET5342428194.36.144.87192.168.2.15
                  Feb 25, 2025 07:23:02.564244986 CET3937453192.168.2.15194.36.144.87
                  Feb 25, 2025 07:23:02.590120077 CET5339374194.36.144.87192.168.2.15
                  Feb 25, 2025 07:23:02.592035055 CET5536753192.168.2.15194.36.144.87
                  Feb 25, 2025 07:23:02.617976904 CET5355367194.36.144.87192.168.2.15
                  Feb 25, 2025 07:23:02.620130062 CET3286153192.168.2.15194.36.144.87
                  Feb 25, 2025 07:23:02.640048981 CET5332861194.36.144.87192.168.2.15
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 25, 2025 07:21:05.600480080 CET192.168.2.15185.181.61.240x8c24Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:16.901107073 CET192.168.2.15185.181.61.240x524dStandard query (0)serisbot.geek. [malformed]256348false
                  Feb 25, 2025 07:21:16.936429977 CET192.168.2.15185.181.61.240x524dStandard query (0)serisbot.geek. [malformed]256348false
                  Feb 25, 2025 07:21:16.973802090 CET192.168.2.15185.181.61.240x524dStandard query (0)serisbot.geek. [malformed]256349false
                  Feb 25, 2025 07:21:17.011420012 CET192.168.2.15185.181.61.240x524dStandard query (0)serisbot.geek. [malformed]256349false
                  Feb 25, 2025 07:21:17.051038027 CET192.168.2.15185.181.61.240x524dStandard query (0)serisbot.geek. [malformed]256349false
                  Feb 25, 2025 07:21:28.761229038 CET192.168.2.1551.158.108.2030x410bStandard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:40.432944059 CET192.168.2.15194.36.144.870xeb09Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:52.103147984 CET192.168.2.1581.169.136.2220x8c66Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:03.849798918 CET192.168.2.15168.235.111.720xe1a2Standard query (0)serisbot.geek. [malformed]256395false
                  Feb 25, 2025 07:22:03.941735983 CET192.168.2.15168.235.111.720xe1a2Standard query (0)serisbot.geek. [malformed]256396false
                  Feb 25, 2025 07:22:04.034233093 CET192.168.2.15168.235.111.720xe1a2Standard query (0)serisbot.geek. [malformed]256396false
                  Feb 25, 2025 07:22:04.125576019 CET192.168.2.15168.235.111.720xe1a2Standard query (0)serisbot.geek. [malformed]256396false
                  Feb 25, 2025 07:22:04.216743946 CET192.168.2.15168.235.111.720xe1a2Standard query (0)serisbot.geek. [malformed]256396false
                  Feb 25, 2025 07:22:15.961605072 CET192.168.2.1581.169.136.2220xb6b9Standard query (0)serisbot.geek. [malformed]256407false
                  Feb 25, 2025 07:22:15.990386963 CET192.168.2.1581.169.136.2220xb6b9Standard query (0)serisbot.geek. [malformed]256408false
                  Feb 25, 2025 07:22:16.021720886 CET192.168.2.1581.169.136.2220xb6b9Standard query (0)serisbot.geek. [malformed]256408false
                  Feb 25, 2025 07:22:16.051331997 CET192.168.2.1581.169.136.2220xb6b9Standard query (0)serisbot.geek. [malformed]256408false
                  Feb 25, 2025 07:22:16.082659960 CET192.168.2.1581.169.136.2220xb6b9Standard query (0)serisbot.geek. [malformed]256408false
                  Feb 25, 2025 07:22:27.378240108 CET192.168.2.1551.158.108.2030xdc68Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:39.086695910 CET192.168.2.15168.235.111.720x6b64Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:50.841284990 CET192.168.2.15194.36.144.870xe317Standard query (0)serisontop.dynA (IP address)IN (0x0001)false
                  Feb 25, 2025 07:23:02.516176939 CET192.168.2.15194.36.144.870xb363Standard query (0)serisbot.geek. [malformed]256454false
                  Feb 25, 2025 07:23:02.543289900 CET192.168.2.15194.36.144.870xb363Standard query (0)serisbot.geek. [malformed]256454false
                  Feb 25, 2025 07:23:02.564244986 CET192.168.2.15194.36.144.870xb363Standard query (0)serisbot.geek. [malformed]256454false
                  Feb 25, 2025 07:23:02.592035055 CET192.168.2.15194.36.144.870xb363Standard query (0)serisbot.geek. [malformed]256454false
                  Feb 25, 2025 07:23:02.620130062 CET192.168.2.15194.36.144.870xb363Standard query (0)serisbot.geek. [malformed]256454false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 25, 2025 07:21:05.640430927 CET185.181.61.24192.168.2.150x8c24No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:05.640430927 CET185.181.61.24192.168.2.150x8c24No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:05.640430927 CET185.181.61.24192.168.2.150x8c24No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:28.787847996 CET51.158.108.203192.168.2.150x410bNo error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:28.787847996 CET51.158.108.203192.168.2.150x410bNo error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:28.787847996 CET51.158.108.203192.168.2.150x410bNo error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:40.453265905 CET194.36.144.87192.168.2.150xeb09No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:40.453265905 CET194.36.144.87192.168.2.150xeb09No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:40.453265905 CET194.36.144.87192.168.2.150xeb09No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:52.135736942 CET81.169.136.222192.168.2.150x8c66No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:52.135736942 CET81.169.136.222192.168.2.150x8c66No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:21:52.135736942 CET81.169.136.222192.168.2.150x8c66No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:27.399502993 CET51.158.108.203192.168.2.150xdc68No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:27.399502993 CET51.158.108.203192.168.2.150xdc68No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:27.399502993 CET51.158.108.203192.168.2.150xdc68No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:39.175905943 CET168.235.111.72192.168.2.150x6b64No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:39.175905943 CET168.235.111.72192.168.2.150x6b64No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:39.175905943 CET168.235.111.72192.168.2.150x6b64No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:50.860717058 CET194.36.144.87192.168.2.150xe317No error (0)serisontop.dyn209.97.177.154A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:50.860717058 CET194.36.144.87192.168.2.150xe317No error (0)serisontop.dyn157.245.23.184A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:22:50.860717058 CET194.36.144.87192.168.2.150xe317No error (0)serisontop.dyn64.225.80.213A (IP address)IN (0x0001)false
                  Feb 25, 2025 07:23:02.541384935 CET194.36.144.87192.168.2.150xb363Format error (1)serisbot.geek. [malformed]nonenone256454false
                  Feb 25, 2025 07:23:02.562195063 CET194.36.144.87192.168.2.150xb363Format error (1)serisbot.geek. [malformed]nonenone256454false
                  Feb 25, 2025 07:23:02.590120077 CET194.36.144.87192.168.2.150xb363Format error (1)serisbot.geek. [malformed]nonenone256454false
                  Feb 25, 2025 07:23:02.617976904 CET194.36.144.87192.168.2.150xb363Format error (1)serisbot.geek. [malformed]nonenone256454false
                  Feb 25, 2025 07:23:02.640048981 CET194.36.144.87192.168.2.150xb363Format error (1)serisbot.geek. [malformed]nonenone256454false

                  System Behavior

                  Start time (UTC):06:21:04
                  Start date (UTC):25/02/2025
                  Path:/tmp/zermips.elf
                  Arguments:/tmp/zermips.elf
                  File size:5777432 bytes
                  MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                  Start time (UTC):06:21:04
                  Start date (UTC):25/02/2025
                  Path:/tmp/zermips.elf
                  Arguments:-
                  File size:5777432 bytes
                  MD5 hash:0083f1f0e77be34ad27f849842bbb00c

                  Start time (UTC):06:21:04
                  Start date (UTC):25/02/2025
                  Path:/tmp/zermips.elf
                  Arguments:-
                  File size:5777432 bytes
                  MD5 hash:0083f1f0e77be34ad27f849842bbb00c