Linux
Analysis Report
zerppc.elf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1628711 |
Start date and time: | 2025-03-04 03:49:01 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerppc.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@23/0 |
Command: | /tmp/zerppc.elf |
PID: | 5508 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zerppc.elf New Fork (PID: 5510, Parent: 5508)
- zerppc.elf New Fork (PID: 5512, Parent: 5510)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
29% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 1.2.3.4 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.19.143.10 | unknown | Switzerland | 51852 | PLI-ASCH | false | |
1.2.3.4 | ohlookthereismyboats.geek | Australia | 13335 | CLOUDFLARENETUS | false | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
46.19.143.10 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
1.2.3.4 | Get hash | malicious | Okiru | Browse | ||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Okiru | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | AveMaria, UACMe | Browse | |||
Get hash | malicious | Metasploit | Browse | |||
Get hash | malicious | AveMaria, PrivateLoader, UACMe | Browse | |||
Get hash | malicious | AveMaria, UACMe | Browse | |||
Get hash | malicious | AveMaria, DBatLoader, UACMe | Browse | |||
Get hash | malicious | AveMaria, DBatLoader, UACMe | Browse | |||
185.125.190.26 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
PLI-ASCH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Amadey, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.149410784927182 |
TrID: |
|
File name: | zerppc.elf |
File size: | 50'524 bytes |
MD5: | 2a095201caa05215ccd347543fa492e0 |
SHA1: | 365d60045524f624baace635f81e9a879d551323 |
SHA256: | 64cea7624d737987bcf62053e679abc932e8c3cfce249dcda38d72a6a64e380e |
SHA512: | e0023051f135f3a0c0bdbd01aba674021f6228a24be8ec6c302009c5ad5d907b8c967500fc666434ea791cc64c46d35830cf7380168b3060c8e68aeadba89d9b |
SSDEEP: | 768:LwzEhpJvxRGtaXqSEYdisivo/JngRb+mpvuSeFzXDiN9cM6:cAhvZ4SEYdisiogFfuSe1T |
TLSH: | F733390272180A47D5665EB0393F1BE093BFFE9025E4B6C9794FCA468672E370486F9D |
File Content Preview: | .ELF...........................4...T.....4. ...(..........................................................%.........dt.Q.............................!..|......$H...H......$8!. |...N.. .!..|.......?..........h..../...@..\?........+../...A..$8...})......N.. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 50004 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10000094 | 0x94 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100000b8 | 0xb8 | 0xb46c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1000b524 | 0xb524 | 0x20 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1000b544 | 0xb544 | 0x8b0 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1001c000 | 0xc000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1001c008 | 0xc008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1001c010 | 0xc010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1001c018 | 0xc018 | 0x2b8 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.sdata | PROGBITS | 0x1001c2d0 | 0xc2d0 | 0x34 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.sbss | NOBITS | 0x1001c304 | 0xc304 | 0x64 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1001c368 | 0xc304 | 0x221c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xc304 | 0x50 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000000 | 0x10000000 | 0xbdf4 | 0xbdf4 | 6.2532 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xc000 | 0x1001c000 | 0x1001c000 | 0x304 | 0x2584 | 2.3121 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data .sdata .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 61
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 4, 2025 03:49:56.158237934 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:49:56.163285971 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:49:56.163376093 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:49:56.174557924 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:49:56.179584980 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:49:56.179632902 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:49:56.184673071 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:05.953599930 CET | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Mar 4, 2025 03:50:06.177675962 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:06.182841063 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:17.547493935 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:17.547923088 CET | 37160 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:17.552985907 CET | 1440 | 37160 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:19.008995056 CET | 37162 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:19.015024900 CET | 1440 | 37162 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:19.015125036 CET | 37162 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:19.016225100 CET | 37162 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:19.022998095 CET | 1440 | 37162 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:19.023075104 CET | 37162 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:19.030940056 CET | 1440 | 37162 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:37.184370041 CET | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Mar 4, 2025 03:50:40.391706944 CET | 1440 | 37162 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:40.391896009 CET | 37162 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:40.396959066 CET | 1440 | 37162 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:41.490571022 CET | 37164 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:41.495675087 CET | 1440 | 37164 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:41.495806932 CET | 37164 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:41.497006893 CET | 37164 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:41.502120972 CET | 1440 | 37164 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:50:41.502186060 CET | 37164 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:50:41.507263899 CET | 1440 | 37164 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:02.913717985 CET | 1440 | 37164 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:02.914211988 CET | 37164 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:02.919308901 CET | 1440 | 37164 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:04.018076897 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:04.023045063 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:04.023154974 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:04.024339914 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:04.029331923 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:04.029422045 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:04.034470081 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:14.034195900 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:14.039277077 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:25.392690897 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:25.393034935 CET | 37166 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:25.397965908 CET | 1440 | 37166 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:26.849574089 CET | 37168 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:26.854590893 CET | 1440 | 37168 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:26.854660034 CET | 37168 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:26.855823040 CET | 37168 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:26.860842943 CET | 1440 | 37168 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:26.860894918 CET | 37168 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:26.865914106 CET | 1440 | 37168 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:48.238245010 CET | 1440 | 37168 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:48.238486052 CET | 37168 | 1440 | 192.168.2.14 | 1.2.3.4 |
Mar 4, 2025 03:51:48.243578911 CET | 1440 | 37168 | 1.2.3.4 | 192.168.2.14 |
Mar 4, 2025 03:51:49.260075092 CET | 47108 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:51:49.265108109 CET | 1440 | 47108 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:51:49.265185118 CET | 47108 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:51:49.266582012 CET | 47108 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:51:49.271646976 CET | 1440 | 47108 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:51:49.271711111 CET | 47108 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:51:49.276738882 CET | 1440 | 47108 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:51:59.829557896 CET | 1440 | 47108 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:51:59.829716921 CET | 47108 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:51:59.834737062 CET | 1440 | 47108 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:52:00.871721983 CET | 47110 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:52:00.876714945 CET | 1440 | 47110 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:52:00.876785040 CET | 47110 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:52:00.877974987 CET | 47110 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:52:00.883013010 CET | 1440 | 47110 | 46.19.143.10 | 192.168.2.14 |
Mar 4, 2025 03:52:00.883055925 CET | 47110 | 1440 | 192.168.2.14 | 46.19.143.10 |
Mar 4, 2025 03:52:00.888042927 CET | 1440 | 47110 | 46.19.143.10 | 192.168.2.14 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 4, 2025 03:49:56.137732983 CET | 36347 | 53 | 192.168.2.14 | 51.158.108.203 |
Mar 4, 2025 03:49:56.153845072 CET | 53 | 36347 | 51.158.108.203 | 192.168.2.14 |
Mar 4, 2025 03:50:18.552638054 CET | 56829 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:50:18.640464067 CET | 53 | 56829 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:50:18.642621040 CET | 32828 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:50:18.731833935 CET | 53 | 32828 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:50:18.734164953 CET | 43722 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:50:18.823256016 CET | 53 | 43722 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:50:18.825778008 CET | 45985 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:50:18.915410042 CET | 53 | 45985 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:50:18.917722940 CET | 44835 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:50:19.007631063 CET | 53 | 44835 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:50:41.395248890 CET | 45822 | 53 | 192.168.2.14 | 202.61.197.122 |
Mar 4, 2025 03:50:41.412998915 CET | 53 | 45822 | 202.61.197.122 | 192.168.2.14 |
Mar 4, 2025 03:50:41.414518118 CET | 53802 | 53 | 192.168.2.14 | 202.61.197.122 |
Mar 4, 2025 03:50:41.433144093 CET | 53 | 53802 | 202.61.197.122 | 192.168.2.14 |
Mar 4, 2025 03:50:41.434334040 CET | 41123 | 53 | 192.168.2.14 | 202.61.197.122 |
Mar 4, 2025 03:50:41.452203035 CET | 53 | 41123 | 202.61.197.122 | 192.168.2.14 |
Mar 4, 2025 03:50:41.453078985 CET | 57019 | 53 | 192.168.2.14 | 202.61.197.122 |
Mar 4, 2025 03:50:41.470885038 CET | 53 | 57019 | 202.61.197.122 | 192.168.2.14 |
Mar 4, 2025 03:50:41.472100973 CET | 43488 | 53 | 192.168.2.14 | 202.61.197.122 |
Mar 4, 2025 03:50:41.489968061 CET | 53 | 43488 | 202.61.197.122 | 192.168.2.14 |
Mar 4, 2025 03:51:03.918741941 CET | 36200 | 53 | 192.168.2.14 | 152.53.15.127 |
Mar 4, 2025 03:51:03.942274094 CET | 53 | 36200 | 152.53.15.127 | 192.168.2.14 |
Mar 4, 2025 03:51:03.943924904 CET | 48037 | 53 | 192.168.2.14 | 152.53.15.127 |
Mar 4, 2025 03:51:03.961278915 CET | 53 | 48037 | 152.53.15.127 | 192.168.2.14 |
Mar 4, 2025 03:51:03.962516069 CET | 33953 | 53 | 192.168.2.14 | 152.53.15.127 |
Mar 4, 2025 03:51:03.979909897 CET | 53 | 33953 | 152.53.15.127 | 192.168.2.14 |
Mar 4, 2025 03:51:03.981084108 CET | 37956 | 53 | 192.168.2.14 | 152.53.15.127 |
Mar 4, 2025 03:51:03.998465061 CET | 53 | 37956 | 152.53.15.127 | 192.168.2.14 |
Mar 4, 2025 03:51:03.999903917 CET | 57654 | 53 | 192.168.2.14 | 152.53.15.127 |
Mar 4, 2025 03:51:04.017465115 CET | 53 | 57654 | 152.53.15.127 | 192.168.2.14 |
Mar 4, 2025 03:51:26.396570921 CET | 51342 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:51:26.485341072 CET | 53 | 51342 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:51:26.487096071 CET | 34155 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:51:26.574949026 CET | 53 | 34155 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:51:26.576780081 CET | 41871 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:51:26.664207935 CET | 53 | 41871 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:51:26.665575027 CET | 54505 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:51:26.758564949 CET | 53 | 54505 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:51:26.759918928 CET | 45722 | 53 | 192.168.2.14 | 168.235.111.72 |
Mar 4, 2025 03:51:26.848625898 CET | 53 | 45722 | 168.235.111.72 | 192.168.2.14 |
Mar 4, 2025 03:51:49.242033958 CET | 45901 | 53 | 192.168.2.14 | 194.36.144.87 |
Mar 4, 2025 03:51:49.259319067 CET | 53 | 45901 | 194.36.144.87 | 192.168.2.14 |
Mar 4, 2025 03:52:00.833379984 CET | 50126 | 53 | 192.168.2.14 | 185.181.61.24 |
Mar 4, 2025 03:52:00.870851994 CET | 53 | 50126 | 185.181.61.24 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 4, 2025 03:49:56.137732983 CET | 192.168.2.14 | 51.158.108.203 | 0xdc7e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 4, 2025 03:50:18.552638054 CET | 192.168.2.14 | 168.235.111.72 | 0x17af | Standard query (0) | 256 | 362 | false | |
Mar 4, 2025 03:50:18.642621040 CET | 192.168.2.14 | 168.235.111.72 | 0x17af | Standard query (0) | 256 | 362 | false | |
Mar 4, 2025 03:50:18.734164953 CET | 192.168.2.14 | 168.235.111.72 | 0x17af | Standard query (0) | 256 | 362 | false | |
Mar 4, 2025 03:50:18.825778008 CET | 192.168.2.14 | 168.235.111.72 | 0x17af | Standard query (0) | 256 | 362 | false | |
Mar 4, 2025 03:50:18.917722940 CET | 192.168.2.14 | 168.235.111.72 | 0x17af | Standard query (0) | 256 | 363 | false | |
Mar 4, 2025 03:50:41.395248890 CET | 192.168.2.14 | 202.61.197.122 | 0xa7f | Standard query (0) | 256 | 385 | false | |
Mar 4, 2025 03:50:41.414518118 CET | 192.168.2.14 | 202.61.197.122 | 0xa7f | Standard query (0) | 256 | 385 | false | |
Mar 4, 2025 03:50:41.434334040 CET | 192.168.2.14 | 202.61.197.122 | 0xa7f | Standard query (0) | 256 | 385 | false | |
Mar 4, 2025 03:50:41.453078985 CET | 192.168.2.14 | 202.61.197.122 | 0xa7f | Standard query (0) | 256 | 385 | false | |
Mar 4, 2025 03:50:41.472100973 CET | 192.168.2.14 | 202.61.197.122 | 0xa7f | Standard query (0) | 256 | 385 | false | |
Mar 4, 2025 03:51:03.918741941 CET | 192.168.2.14 | 152.53.15.127 | 0x9cc9 | Standard query (0) | 256 | 407 | false | |
Mar 4, 2025 03:51:03.943924904 CET | 192.168.2.14 | 152.53.15.127 | 0x9cc9 | Standard query (0) | 256 | 407 | false | |
Mar 4, 2025 03:51:03.962516069 CET | 192.168.2.14 | 152.53.15.127 | 0x9cc9 | Standard query (0) | 256 | 407 | false | |
Mar 4, 2025 03:51:03.981084108 CET | 192.168.2.14 | 152.53.15.127 | 0x9cc9 | Standard query (0) | 256 | 407 | false | |
Mar 4, 2025 03:51:03.999903917 CET | 192.168.2.14 | 152.53.15.127 | 0x9cc9 | Standard query (0) | 256 | 408 | false | |
Mar 4, 2025 03:51:26.396570921 CET | 192.168.2.14 | 168.235.111.72 | 0x3b54 | Standard query (0) | 256 | 430 | false | |
Mar 4, 2025 03:51:26.487096071 CET | 192.168.2.14 | 168.235.111.72 | 0x3b54 | Standard query (0) | 256 | 430 | false | |
Mar 4, 2025 03:51:26.576780081 CET | 192.168.2.14 | 168.235.111.72 | 0x3b54 | Standard query (0) | 256 | 430 | false | |
Mar 4, 2025 03:51:26.665575027 CET | 192.168.2.14 | 168.235.111.72 | 0x3b54 | Standard query (0) | 256 | 430 | false | |
Mar 4, 2025 03:51:26.759918928 CET | 192.168.2.14 | 168.235.111.72 | 0x3b54 | Standard query (0) | 256 | 430 | false | |
Mar 4, 2025 03:51:49.242033958 CET | 192.168.2.14 | 194.36.144.87 | 0x4c50 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 4, 2025 03:52:00.833379984 CET | 192.168.2.14 | 185.181.61.24 | 0x6c55 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 4, 2025 03:49:56.153845072 CET | 51.158.108.203 | 192.168.2.14 | 0xdc7e | No error (0) | 1.2.3.4 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:51:03.942274094 CET | 152.53.15.127 | 192.168.2.14 | 0x9cc9 | Format error (1) | none | none | 256 | 407 | false | |
Mar 4, 2025 03:51:03.961278915 CET | 152.53.15.127 | 192.168.2.14 | 0x9cc9 | Format error (1) | none | none | 256 | 407 | false | |
Mar 4, 2025 03:51:03.979909897 CET | 152.53.15.127 | 192.168.2.14 | 0x9cc9 | Format error (1) | none | none | 256 | 407 | false | |
Mar 4, 2025 03:51:03.998465061 CET | 152.53.15.127 | 192.168.2.14 | 0x9cc9 | Format error (1) | none | none | 256 | 407 | false | |
Mar 4, 2025 03:51:04.017465115 CET | 152.53.15.127 | 192.168.2.14 | 0x9cc9 | Format error (1) | none | none | 256 | 408 | false | |
Mar 4, 2025 03:51:49.259319067 CET | 194.36.144.87 | 192.168.2.14 | 0x4c50 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:52:00.870851994 CET | 185.181.61.24 | 192.168.2.14 | 0x6c55 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 02:49:55 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | /tmp/zerppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 02:49:55 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 02:49:55 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |