Linux
Analysis Report
zerarm7.elf
Overview
General Information
Sample name: | zerarm7.elf |
Analysis ID: | 1631634 |
MD5: | eaabc7aad745c2d680ea6bfc9444abbb |
SHA1: | c1823744d9b6d8ebc3e268b769761816a3b7e707 |
SHA256: | 912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1631634 |
Start date and time: | 2025-03-07 13:07:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerarm7.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@19/0 |
Command: | /tmp/zerarm7.elf |
PID: | 6233 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zerarm7.elf New Fork (PID: 6235, Parent: 6233)
- zerarm7.elf New Fork (PID: 6237, Parent: 6235)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 64.227.79.152 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.227.79.152 | ohlookthereismyboats.geek | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
45.147.251.145 | unknown | Germany | 197518 | RACKMARKTES | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
45.147.251.145 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
RACKMARKTES | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.007254950659843 |
TrID: |
|
File name: | zerarm7.elf |
File size: | 74'460 bytes |
MD5: | eaabc7aad745c2d680ea6bfc9444abbb |
SHA1: | c1823744d9b6d8ebc3e268b769761816a3b7e707 |
SHA256: | 912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c |
SHA512: | 371cb11d0555fe0ef01e36bc6fa798cc3526a4c813a64203651d3a6aa272d2146ab2823dcbff479b5a8dc413865d586d9f3f3919ce05fe51c5cce69621f81d98 |
SSDEEP: | 1536:tdn6SsyWpUI66PvdMg3+rh5z1OZtBlDwwOLtwyGn9a9luOZciYvxLr:ZsyWUgvdMA+947BlDwwOLtwyGLu+vxn |
TLSH: | 30730649F8819F11D5E822BAFA1E018D332767A8E3EF7212DD105F1567CA92F0E77912 |
File Content Preview: | .ELF..............(.........4...4 ......4. ...(........p$...$...$...................................<...<...............<...<...<...X...t2..............@...@...@...................Q.td..................................-...L..................@-.,@...0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 5 |
Section Header Offset: | 73780 |
Section Header Size: | 40 |
Number of Section Headers: | 17 |
Header String Table Index: | 16 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80d4 | 0xd4 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80f0 | 0xf0 | 0x11278 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x19368 | 0x11368 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x19378 | 0x11378 | 0x894 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.extab | PROGBITS | 0x19c0c | 0x11c0c | 0x18 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x19c24 | 0x11c24 | 0x118 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x21d3c | 0x11d3c | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x21d40 | 0x11d40 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x21d40 | 0x11d40 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x21d44 | 0x11d44 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x21d48 | 0x11d48 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x21d4c | 0x11d4c | 0xa8 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x21df4 | 0x11df4 | 0x1a0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x21f94 | 0x11f94 | 0x301c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.ARM.attributes | ARM_ATTRIBUTES | 0x0 | 0x11f94 | 0x16 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x11faa | 0x88 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x11c24 | 0x19c24 | 0x19c24 | 0x118 | 0x118 | 4.4730 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x11d3c | 0x11d3c | 6.0267 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.extab .ARM.exidx | |
LOAD | 0x11d3c | 0x21d3c | 0x21d3c | 0x258 | 0x3274 | 3.5335 | 0x6 | RW | 0x8000 | .eh_frame .tbss .init_array .fini_array .jcr .got .data .bss | |
TLS | 0x11d40 | 0x21d40 | 0x21d40 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 61
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 13:07:59.956321001 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:07:59.961451054 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:07:59.963143110 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:07:59.978329897 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:07:59.983428955 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:07:59.983556986 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:07:59.988681078 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:02.330403090 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 7, 2025 13:08:03.098330975 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 7, 2025 13:08:09.987427950 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:09.995527983 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:17.176419020 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 7, 2025 13:08:21.326710939 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:21.327178001 CET | 54352 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:21.332472086 CET | 1440 | 54352 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:22.487209082 CET | 54354 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:22.493465900 CET | 1440 | 54354 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:22.493539095 CET | 54354 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:22.494462013 CET | 54354 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:22.499475956 CET | 1440 | 54354 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:22.499541044 CET | 54354 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:22.504545927 CET | 1440 | 54354 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:29.462693930 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 7, 2025 13:08:33.558026075 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 7, 2025 13:08:43.891380072 CET | 1440 | 54354 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:43.891834021 CET | 54354 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:43.896994114 CET | 1440 | 54354 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:44.990287066 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:44.995358944 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:44.995472908 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:44.996968985 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:45.002053976 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:45.002126932 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:08:45.007198095 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:08:58.130695105 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 7, 2025 13:09:06.395817995 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:06.396193027 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:06.401315928 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:07.416140079 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:07.421253920 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:07.421345949 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:07.422777891 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:07.427845955 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:07.427917957 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:07.432971001 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:17.427925110 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:17.433481932 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:28.812444925 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:28.812762976 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:28.817887068 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:29.977281094 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:29.982449055 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:29.982773066 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:29.984118938 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:29.989262104 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:29.989342928 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:29.994394064 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:51.344120026 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:51.344513893 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 7, 2025 13:09:51.349750042 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 7, 2025 13:09:52.369672060 CET | 56732 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:09:52.374836922 CET | 1440 | 56732 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:09:52.375066042 CET | 56732 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:09:52.376936913 CET | 56732 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:09:52.381983995 CET | 1440 | 56732 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:09:52.382098913 CET | 56732 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:09:52.387104988 CET | 1440 | 56732 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:10:03.087949038 CET | 1440 | 56732 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:10:03.088300943 CET | 56732 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:10:03.093453884 CET | 1440 | 56732 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:10:04.128865004 CET | 56734 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:10:04.134160042 CET | 1440 | 56734 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:10:04.134269953 CET | 56734 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:10:04.135534048 CET | 56734 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:10:04.140634060 CET | 1440 | 56734 | 64.227.79.152 | 192.168.2.23 |
Mar 7, 2025 13:10:04.140717030 CET | 56734 | 1440 | 192.168.2.23 | 64.227.79.152 |
Mar 7, 2025 13:10:04.145915985 CET | 1440 | 56734 | 64.227.79.152 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 7, 2025 13:07:59.929323912 CET | 34601 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 7, 2025 13:07:59.945211887 CET | 53 | 34601 | 51.158.108.203 | 192.168.2.23 |
Mar 7, 2025 13:08:22.330569029 CET | 34493 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:08:22.360377073 CET | 53 | 34493 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:08:22.361943007 CET | 50379 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:08:22.392138958 CET | 53 | 50379 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:08:22.393269062 CET | 55296 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:08:22.423715115 CET | 53 | 55296 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:08:22.425314903 CET | 47072 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:08:22.455121040 CET | 53 | 47072 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:08:22.456787109 CET | 47716 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:08:22.486430883 CET | 53 | 47716 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:08:44.894109964 CET | 60096 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 7, 2025 13:08:44.913000107 CET | 53 | 60096 | 202.61.197.122 | 192.168.2.23 |
Mar 7, 2025 13:08:44.913969040 CET | 41094 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 7, 2025 13:08:44.932293892 CET | 53 | 41094 | 202.61.197.122 | 192.168.2.23 |
Mar 7, 2025 13:08:44.933237076 CET | 52004 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 7, 2025 13:08:44.951071978 CET | 53 | 52004 | 202.61.197.122 | 192.168.2.23 |
Mar 7, 2025 13:08:44.952282906 CET | 41058 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 7, 2025 13:08:44.970242023 CET | 53 | 41058 | 202.61.197.122 | 192.168.2.23 |
Mar 7, 2025 13:08:44.971595049 CET | 50778 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 7, 2025 13:08:44.989680052 CET | 53 | 50778 | 202.61.197.122 | 192.168.2.23 |
Mar 7, 2025 13:09:07.399235010 CET | 43057 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 7, 2025 13:09:07.415231943 CET | 53 | 43057 | 51.158.108.203 | 192.168.2.23 |
Mar 7, 2025 13:09:29.815743923 CET | 34027 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:09:29.845422983 CET | 53 | 34027 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:09:29.847774029 CET | 57300 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:09:29.877464056 CET | 53 | 57300 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:09:29.879825115 CET | 40691 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:09:29.909724951 CET | 53 | 40691 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:09:29.912175894 CET | 53171 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:09:29.942189932 CET | 53 | 53171 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:09:29.945070982 CET | 42625 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 7, 2025 13:09:29.975073099 CET | 53 | 42625 | 81.169.136.222 | 192.168.2.23 |
Mar 7, 2025 13:09:52.350028992 CET | 42796 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 7, 2025 13:09:52.367364883 CET | 53 | 42796 | 194.36.144.87 | 192.168.2.23 |
Mar 7, 2025 13:10:04.091520071 CET | 57619 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 7, 2025 13:10:04.127893925 CET | 53 | 57619 | 185.181.61.24 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 7, 2025 13:07:59.929323912 CET | 192.168.2.23 | 51.158.108.203 | 0xf84f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 13:08:22.330569029 CET | 192.168.2.23 | 81.169.136.222 | 0x9bfa | Standard query (0) | 256 | 438 | false | |
Mar 7, 2025 13:08:22.361943007 CET | 192.168.2.23 | 81.169.136.222 | 0x9bfa | Standard query (0) | 256 | 438 | false | |
Mar 7, 2025 13:08:22.393269062 CET | 192.168.2.23 | 81.169.136.222 | 0x9bfa | Standard query (0) | 256 | 438 | false | |
Mar 7, 2025 13:08:22.425314903 CET | 192.168.2.23 | 81.169.136.222 | 0x9bfa | Standard query (0) | 256 | 438 | false | |
Mar 7, 2025 13:08:22.456787109 CET | 192.168.2.23 | 81.169.136.222 | 0x9bfa | Standard query (0) | 256 | 438 | false | |
Mar 7, 2025 13:08:44.894109964 CET | 192.168.2.23 | 202.61.197.122 | 0x2344 | Standard query (0) | 256 | 460 | false | |
Mar 7, 2025 13:08:44.913969040 CET | 192.168.2.23 | 202.61.197.122 | 0x2344 | Standard query (0) | 256 | 460 | false | |
Mar 7, 2025 13:08:44.933237076 CET | 192.168.2.23 | 202.61.197.122 | 0x2344 | Standard query (0) | 256 | 460 | false | |
Mar 7, 2025 13:08:44.952282906 CET | 192.168.2.23 | 202.61.197.122 | 0x2344 | Standard query (0) | 256 | 460 | false | |
Mar 7, 2025 13:08:44.971595049 CET | 192.168.2.23 | 202.61.197.122 | 0x2344 | Standard query (0) | 256 | 460 | false | |
Mar 7, 2025 13:09:07.399235010 CET | 192.168.2.23 | 51.158.108.203 | 0xad59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 13:09:29.815743923 CET | 192.168.2.23 | 81.169.136.222 | 0x6ab5 | Standard query (0) | 256 | 505 | false | |
Mar 7, 2025 13:09:29.847774029 CET | 192.168.2.23 | 81.169.136.222 | 0x6ab5 | Standard query (0) | 256 | 505 | false | |
Mar 7, 2025 13:09:29.879825115 CET | 192.168.2.23 | 81.169.136.222 | 0x6ab5 | Standard query (0) | 256 | 505 | false | |
Mar 7, 2025 13:09:29.912175894 CET | 192.168.2.23 | 81.169.136.222 | 0x6ab5 | Standard query (0) | 256 | 505 | false | |
Mar 7, 2025 13:09:29.945070982 CET | 192.168.2.23 | 81.169.136.222 | 0x6ab5 | Standard query (0) | 256 | 505 | false | |
Mar 7, 2025 13:09:52.350028992 CET | 192.168.2.23 | 194.36.144.87 | 0x23d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 7, 2025 13:10:04.091520071 CET | 192.168.2.23 | 185.181.61.24 | 0x8cfc | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 7, 2025 13:07:59.945211887 CET | 51.158.108.203 | 192.168.2.23 | 0xf84f | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:07:59.945211887 CET | 51.158.108.203 | 192.168.2.23 | 0xf84f | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:09:07.415231943 CET | 51.158.108.203 | 192.168.2.23 | 0xad59 | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:09:07.415231943 CET | 51.158.108.203 | 192.168.2.23 | 0xad59 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:09:52.367364883 CET | 194.36.144.87 | 192.168.2.23 | 0x23d | No error (0) | 193.70.94.93 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:09:52.367364883 CET | 194.36.144.87 | 192.168.2.23 | 0x23d | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:10:04.127893925 CET | 185.181.61.24 | 192.168.2.23 | 0x8cfc | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 7, 2025 13:10:04.127893925 CET | 185.181.61.24 | 192.168.2.23 | 0x8cfc | No error (0) | 193.70.94.93 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 12:07:58 |
Start date (UTC): | 07/03/2025 |
Path: | /tmp/zerarm7.elf |
Arguments: | /tmp/zerarm7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 12:07:59 |
Start date (UTC): | 07/03/2025 |
Path: | /tmp/zerarm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 12:07:59 |
Start date (UTC): | 07/03/2025 |
Path: | /tmp/zerarm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |