Linux
Analysis Report
zermips.elf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1628717 |
Start date and time: | 2025-03-04 03:57:12 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zermips.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@28/0 |
Command: | /tmp/zermips.elf |
PID: | 5436 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zermips.elf New Fork (PID: 5439, Parent: 5436)
- zermips.elf New Fork (PID: 5441, Parent: 5439)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | Virustotal | Browse | ||
29% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 46.19.143.10 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.19.143.10 | ohlookthereismyboats.geek | Switzerland | 51852 | PLI-ASCH | false | |
185.159.74.127 | unknown | Georgia | 59447 | SAYFANETTR | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
46.19.143.10 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
185.159.74.127 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PLI-ASCH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SAYFANETTR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.293526990698313 |
TrID: |
|
File name: | zermips.elf |
File size: | 68'420 bytes |
MD5: | d84eb4d133bda9dff840c3202ba5e52d |
SHA1: | 851a03e9ea302afdde49a182ecba03ca0d3daa6b |
SHA256: | 22a9d983c2eda46c0360c88eab77a9fcf2eb64d9c966e6843aa95c543ee925fa |
SHA512: | 4c390f8547963dd2a4ce5ee0ac27ff3e311e62106ef8976e4ffa23c882e05bdb3ef508517c13c0e0b1a54b601d18f38f9f28b3169417d2fe333120c8e2ec48ff |
SSDEEP: | 768:MsWD8BAejTQ279TrWJgsbleCiUNkjaXHU4//ml3A1IyTkT5TqTRT8T8TjF5tPEk6:MZ8BH79/WJg+A2085tckus1Yx1ODbJJq |
TLSH: | 4863B50D6E22CFADFBACC63547B78A219358378A36D1D185E15CEA011F7024E641FBB9 |
File Content Preview: | .ELF.....................@.`...4.........4. ...(.............@...@.....0...0.................E...E........+`........dt.Q............................<...'......!'.......................<...'..x...!... ....'9... ......................<...'..H...!........'9. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 67820 |
Section Header Size: | 40 |
Number of Section Headers: | 15 |
Header String Table Index: | 14 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0xeec0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x40efe0 | 0xefe0 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40f040 | 0xf040 | 0x8f0 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x450000 | 0x10000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x450008 | 0x10008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x450010 | 0x10010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data.rel.ro | PROGBITS | 0x450014 | 0x10014 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x450020 | 0x10020 | 0x320 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x450340 | 0x10340 | 0x540 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x450880 | 0x10880 | 0x1c | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x4508a0 | 0x10880 | 0x22c0 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.mdebug.abi32 | PROGBITS | 0xab0 | 0x10880 | 0x0 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x10880 | 0x69 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0xf930 | 0xf930 | 5.4435 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x10000 | 0x450000 | 0x450000 | 0x880 | 0x2b60 | 2.9510 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 71
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 4, 2025 03:57:54.720674038 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:57:54.726485968 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:57:54.726602077 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:57:54.740840912 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:57:54.745944977 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:57:54.746007919 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:57:54.751023054 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:04.751363039 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:04.756548882 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:04.942691088 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:04.943193913 CET | 36954 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:04.948462009 CET | 1440 | 36954 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:30.979026079 CET | 36956 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:30.984236002 CET | 1440 | 36956 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:30.984343052 CET | 36956 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:30.985416889 CET | 36956 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:30.990406990 CET | 1440 | 36956 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:30.990509033 CET | 36956 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:30.995575905 CET | 1440 | 36956 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:41.540158987 CET | 1440 | 36956 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:41.540409088 CET | 36956 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:41.545459032 CET | 1440 | 36956 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:42.642504930 CET | 36958 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:42.647582054 CET | 1440 | 36958 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:42.647650957 CET | 36958 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:42.648508072 CET | 36958 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:42.653538942 CET | 1440 | 36958 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:42.653613091 CET | 36958 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:42.658710957 CET | 1440 | 36958 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:53.202948093 CET | 1440 | 36958 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:53.203284979 CET | 36958 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:53.208389044 CET | 1440 | 36958 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:54.405777931 CET | 36960 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:54.411098957 CET | 1440 | 36960 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:54.411228895 CET | 36960 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:54.412158966 CET | 36960 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:54.417326927 CET | 1440 | 36960 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:58:54.417423964 CET | 36960 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:58:54.422555923 CET | 1440 | 36960 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:04.983357906 CET | 1440 | 36960 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:04.983813047 CET | 36960 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:04.988933086 CET | 1440 | 36960 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:06.029582024 CET | 36962 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:06.034969091 CET | 1440 | 36962 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:06.035048008 CET | 36962 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:06.036448956 CET | 36962 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:06.041450977 CET | 1440 | 36962 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:06.041549921 CET | 36962 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:06.046600103 CET | 1440 | 36962 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:16.583875895 CET | 1440 | 36962 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:16.584419966 CET | 36962 | 1440 | 192.168.2.13 | 46.19.143.10 |
Mar 4, 2025 03:59:16.589520931 CET | 1440 | 36962 | 46.19.143.10 | 192.168.2.13 |
Mar 4, 2025 03:59:17.683031082 CET | 33336 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:17.688127041 CET | 1440 | 33336 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:17.688225031 CET | 33336 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:17.689886093 CET | 33336 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:17.695005894 CET | 1440 | 33336 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:17.695081949 CET | 33336 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:17.700082064 CET | 1440 | 33336 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:28.486202002 CET | 1440 | 33336 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:28.486515999 CET | 33336 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:28.491674900 CET | 1440 | 33336 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:34.570208073 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:34.575974941 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:34.576035976 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:34.577253103 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:34.582364082 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:34.582412958 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:34.587538004 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:44.587498903 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:44.592703104 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:44.903191090 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:44.903450012 CET | 33338 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:44.908684969 CET | 1440 | 33338 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:46.016463995 CET | 33340 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:46.021622896 CET | 1440 | 33340 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:46.021724939 CET | 33340 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:46.022907019 CET | 33340 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:46.027966976 CET | 1440 | 33340 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:46.028045893 CET | 33340 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:46.033137083 CET | 1440 | 33340 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:56.835339069 CET | 1440 | 33340 | 185.159.74.127 | 192.168.2.13 |
Mar 4, 2025 03:59:56.835721016 CET | 33340 | 1440 | 192.168.2.13 | 185.159.74.127 |
Mar 4, 2025 03:59:56.840760946 CET | 1440 | 33340 | 185.159.74.127 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 4, 2025 03:57:54.696122885 CET | 49911 | 53 | 192.168.2.13 | 202.61.197.122 |
Mar 4, 2025 03:57:54.714785099 CET | 53 | 49911 | 202.61.197.122 | 192.168.2.13 |
Mar 4, 2025 03:58:05.946228981 CET | 39314 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:58:10.952528000 CET | 44992 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:58:15.959664106 CET | 42280 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:58:20.966535091 CET | 38085 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:58:25.972771883 CET | 49244 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:58:42.544111013 CET | 53073 | 53 | 192.168.2.13 | 152.53.15.127 |
Mar 4, 2025 03:58:42.561865091 CET | 53 | 53073 | 152.53.15.127 | 192.168.2.13 |
Mar 4, 2025 03:58:42.563020945 CET | 36685 | 53 | 192.168.2.13 | 152.53.15.127 |
Mar 4, 2025 03:58:42.586431026 CET | 53 | 36685 | 152.53.15.127 | 192.168.2.13 |
Mar 4, 2025 03:58:42.587573051 CET | 49371 | 53 | 192.168.2.13 | 152.53.15.127 |
Mar 4, 2025 03:58:42.604845047 CET | 53 | 49371 | 152.53.15.127 | 192.168.2.13 |
Mar 4, 2025 03:58:42.605952024 CET | 52366 | 53 | 192.168.2.13 | 152.53.15.127 |
Mar 4, 2025 03:58:42.623450041 CET | 53 | 52366 | 152.53.15.127 | 192.168.2.13 |
Mar 4, 2025 03:58:42.624377966 CET | 44074 | 53 | 192.168.2.13 | 152.53.15.127 |
Mar 4, 2025 03:58:42.642004013 CET | 53 | 44074 | 152.53.15.127 | 192.168.2.13 |
Mar 4, 2025 03:58:54.207510948 CET | 42433 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:58:54.245107889 CET | 53 | 42433 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:58:54.246745110 CET | 55863 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:58:54.287102938 CET | 53 | 55863 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:58:54.288649082 CET | 36207 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:58:54.326159954 CET | 53 | 36207 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:58:54.327681065 CET | 55734 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:58:54.365310907 CET | 53 | 55734 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:58:54.366972923 CET | 35837 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:58:54.404572964 CET | 53 | 35837 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:59:05.987407923 CET | 56167 | 53 | 192.168.2.13 | 185.181.61.24 |
Mar 4, 2025 03:59:06.025101900 CET | 53 | 56167 | 185.181.61.24 | 192.168.2.13 |
Mar 4, 2025 03:59:17.589986086 CET | 47094 | 53 | 192.168.2.13 | 168.235.111.72 |
Mar 4, 2025 03:59:17.681600094 CET | 53 | 47094 | 168.235.111.72 | 192.168.2.13 |
Mar 4, 2025 03:59:29.490737915 CET | 56426 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:59:29.510211945 CET | 53 | 56426 | 51.158.108.203 | 192.168.2.13 |
Mar 4, 2025 03:59:29.512119055 CET | 47420 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:59:34.518955946 CET | 51504 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:59:34.534980059 CET | 53 | 51504 | 51.158.108.203 | 192.168.2.13 |
Mar 4, 2025 03:59:34.536039114 CET | 55385 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:59:34.552515030 CET | 53 | 55385 | 51.158.108.203 | 192.168.2.13 |
Mar 4, 2025 03:59:34.553986073 CET | 36956 | 53 | 192.168.2.13 | 51.158.108.203 |
Mar 4, 2025 03:59:34.569626093 CET | 53 | 36956 | 51.158.108.203 | 192.168.2.13 |
Mar 4, 2025 03:59:45.906924963 CET | 46076 | 53 | 192.168.2.13 | 194.36.144.87 |
Mar 4, 2025 03:59:45.930361032 CET | 53 | 46076 | 194.36.144.87 | 192.168.2.13 |
Mar 4, 2025 03:59:45.932132006 CET | 36203 | 53 | 192.168.2.13 | 194.36.144.87 |
Mar 4, 2025 03:59:45.949115992 CET | 53 | 36203 | 194.36.144.87 | 192.168.2.13 |
Mar 4, 2025 03:59:45.950443983 CET | 35614 | 53 | 192.168.2.13 | 194.36.144.87 |
Mar 4, 2025 03:59:45.973480940 CET | 53 | 35614 | 194.36.144.87 | 192.168.2.13 |
Mar 4, 2025 03:59:45.974759102 CET | 38891 | 53 | 192.168.2.13 | 194.36.144.87 |
Mar 4, 2025 03:59:45.991817951 CET | 53 | 38891 | 194.36.144.87 | 192.168.2.13 |
Mar 4, 2025 03:59:45.993045092 CET | 34432 | 53 | 192.168.2.13 | 194.36.144.87 |
Mar 4, 2025 03:59:46.015803099 CET | 53 | 34432 | 194.36.144.87 | 192.168.2.13 |
Mar 4, 2025 03:59:57.838743925 CET | 56156 | 53 | 192.168.2.13 | 51.158.108.203 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 4, 2025 03:57:54.696122885 CET | 192.168.2.13 | 202.61.197.122 | 0x7f7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 4, 2025 03:58:05.946228981 CET | 192.168.2.13 | 51.158.108.203 | 0x1ef | Standard query (0) | 256 | 322 | false | |
Mar 4, 2025 03:58:10.952528000 CET | 192.168.2.13 | 51.158.108.203 | 0x1ef | Standard query (0) | 256 | 327 | false | |
Mar 4, 2025 03:58:15.959664106 CET | 192.168.2.13 | 51.158.108.203 | 0x1ef | Standard query (0) | 256 | 332 | false | |
Mar 4, 2025 03:58:20.966535091 CET | 192.168.2.13 | 51.158.108.203 | 0x1ef | Standard query (0) | 256 | 337 | false | |
Mar 4, 2025 03:58:25.972771883 CET | 192.168.2.13 | 51.158.108.203 | 0x1ef | Standard query (0) | 256 | 342 | false | |
Mar 4, 2025 03:58:42.544111013 CET | 192.168.2.13 | 152.53.15.127 | 0xa95b | Standard query (0) | 256 | 354 | false | |
Mar 4, 2025 03:58:42.563020945 CET | 192.168.2.13 | 152.53.15.127 | 0xa95b | Standard query (0) | 256 | 354 | false | |
Mar 4, 2025 03:58:42.587573051 CET | 192.168.2.13 | 152.53.15.127 | 0xa95b | Standard query (0) | 256 | 354 | false | |
Mar 4, 2025 03:58:42.605952024 CET | 192.168.2.13 | 152.53.15.127 | 0xa95b | Standard query (0) | 256 | 354 | false | |
Mar 4, 2025 03:58:42.624377966 CET | 192.168.2.13 | 152.53.15.127 | 0xa95b | Standard query (0) | 256 | 354 | false | |
Mar 4, 2025 03:58:54.207510948 CET | 192.168.2.13 | 185.181.61.24 | 0x63b0 | Standard query (0) | 256 | 366 | false | |
Mar 4, 2025 03:58:54.246745110 CET | 192.168.2.13 | 185.181.61.24 | 0x63b0 | Standard query (0) | 256 | 366 | false | |
Mar 4, 2025 03:58:54.288649082 CET | 192.168.2.13 | 185.181.61.24 | 0x63b0 | Standard query (0) | 256 | 366 | false | |
Mar 4, 2025 03:58:54.327681065 CET | 192.168.2.13 | 185.181.61.24 | 0x63b0 | Standard query (0) | 256 | 366 | false | |
Mar 4, 2025 03:58:54.366972923 CET | 192.168.2.13 | 185.181.61.24 | 0x63b0 | Standard query (0) | 256 | 366 | false | |
Mar 4, 2025 03:59:05.987407923 CET | 192.168.2.13 | 185.181.61.24 | 0x9c5a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 4, 2025 03:59:17.589986086 CET | 192.168.2.13 | 168.235.111.72 | 0xc48c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 4, 2025 03:59:29.490737915 CET | 192.168.2.13 | 51.158.108.203 | 0xd75f | Standard query (0) | 256 | 401 | false | |
Mar 4, 2025 03:59:29.512119055 CET | 192.168.2.13 | 51.158.108.203 | 0xd75f | Standard query (0) | 256 | 406 | false | |
Mar 4, 2025 03:59:34.518955946 CET | 192.168.2.13 | 51.158.108.203 | 0xd75f | Standard query (0) | 256 | 406 | false | |
Mar 4, 2025 03:59:34.536039114 CET | 192.168.2.13 | 51.158.108.203 | 0xd75f | Standard query (0) | 256 | 406 | false | |
Mar 4, 2025 03:59:34.553986073 CET | 192.168.2.13 | 51.158.108.203 | 0xd75f | Standard query (0) | 256 | 406 | false | |
Mar 4, 2025 03:59:45.906924963 CET | 192.168.2.13 | 194.36.144.87 | 0xa452 | Standard query (0) | 256 | 417 | false | |
Mar 4, 2025 03:59:45.932132006 CET | 192.168.2.13 | 194.36.144.87 | 0xa452 | Standard query (0) | 256 | 417 | false | |
Mar 4, 2025 03:59:45.950443983 CET | 192.168.2.13 | 194.36.144.87 | 0xa452 | Standard query (0) | 256 | 417 | false | |
Mar 4, 2025 03:59:45.974759102 CET | 192.168.2.13 | 194.36.144.87 | 0xa452 | Standard query (0) | 256 | 417 | false | |
Mar 4, 2025 03:59:45.993045092 CET | 192.168.2.13 | 194.36.144.87 | 0xa452 | Standard query (0) | 256 | 418 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 4, 2025 03:57:54.714785099 CET | 202.61.197.122 | 192.168.2.13 | 0x7f7 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:58:42.561865091 CET | 152.53.15.127 | 192.168.2.13 | 0xa95b | Format error (1) | none | none | 256 | 354 | false | |
Mar 4, 2025 03:58:42.586431026 CET | 152.53.15.127 | 192.168.2.13 | 0xa95b | Format error (1) | none | none | 256 | 354 | false | |
Mar 4, 2025 03:58:42.604845047 CET | 152.53.15.127 | 192.168.2.13 | 0xa95b | Format error (1) | none | none | 256 | 354 | false | |
Mar 4, 2025 03:58:42.623450041 CET | 152.53.15.127 | 192.168.2.13 | 0xa95b | Format error (1) | none | none | 256 | 354 | false | |
Mar 4, 2025 03:58:42.642004013 CET | 152.53.15.127 | 192.168.2.13 | 0xa95b | Format error (1) | none | none | 256 | 354 | false | |
Mar 4, 2025 03:59:06.025101900 CET | 185.181.61.24 | 192.168.2.13 | 0x9c5a | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:59:17.681600094 CET | 168.235.111.72 | 192.168.2.13 | 0xc48c | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:59:17.681600094 CET | 168.235.111.72 | 192.168.2.13 | 0xc48c | No error (0) | 185.159.74.127 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:59:17.681600094 CET | 168.235.111.72 | 192.168.2.13 | 0xc48c | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 4, 2025 03:59:29.510211945 CET | 51.158.108.203 | 192.168.2.13 | 0xd75f | Format error (1) | none | none | 256 | 401 | false | |
Mar 4, 2025 03:59:34.534980059 CET | 51.158.108.203 | 192.168.2.13 | 0xd75f | Format error (1) | none | none | 256 | 406 | false | |
Mar 4, 2025 03:59:34.552515030 CET | 51.158.108.203 | 192.168.2.13 | 0xd75f | Format error (1) | none | none | 256 | 406 | false | |
Mar 4, 2025 03:59:34.569626093 CET | 51.158.108.203 | 192.168.2.13 | 0xd75f | Format error (1) | none | none | 256 | 406 | false | |
Mar 4, 2025 03:59:45.930361032 CET | 194.36.144.87 | 192.168.2.13 | 0xa452 | Format error (1) | none | none | 256 | 417 | false | |
Mar 4, 2025 03:59:45.949115992 CET | 194.36.144.87 | 192.168.2.13 | 0xa452 | Format error (1) | none | none | 256 | 417 | false | |
Mar 4, 2025 03:59:45.973480940 CET | 194.36.144.87 | 192.168.2.13 | 0xa452 | Format error (1) | none | none | 256 | 417 | false | |
Mar 4, 2025 03:59:45.991817951 CET | 194.36.144.87 | 192.168.2.13 | 0xa452 | Format error (1) | none | none | 256 | 417 | false | |
Mar 4, 2025 03:59:46.015803099 CET | 194.36.144.87 | 192.168.2.13 | 0xa452 | Format error (1) | none | none | 256 | 418 | false |
System Behavior
Start time (UTC): | 02:57:53 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zermips.elf |
Arguments: | /tmp/zermips.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 02:57:54 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zermips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 02:57:54 |
Start date (UTC): | 04/03/2025 |
Path: | /tmp/zermips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |