Edit tour

Linux Analysis Report
zerarm.elf

Overview

General Information

Sample name:zerarm.elf
Analysis ID:1633217
MD5:67996e3a070f8402917aa1e91f008ee8
SHA1:3e5333d8dd828a5dbc4fd51dae4a545bc14e85ae
SHA256:d3f5617b6aab657f9bd8793811a42b887bb0cfa20d0e30ef7a121db5674e3a77
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1633217
Start date and time:2025-03-10 03:04:20 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:zerarm.elf
Detection:MAL
Classification:mal56.troj.linELF@0/0@23/0
Command:/tmp/zerarm.elf
PID:5827
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
gosh that chinese family at the other table sure ate a lot
Standard Error:
  • system is lnxubuntu20
  • zerarm.elf (PID: 5827, Parent: 5751, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/zerarm.elf
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: zerarm.elfVirustotal: Detection: 45%Perma Link

Networking

barindex
Source: global trafficTCP traffic: 45.147.251.145 ports 5034,1440,0,2,4,2840,8,911
Source: global trafficDNS traffic detected: malformed DNS query: watchmepull.dyn. [malformed]
Source: global trafficTCP traffic: 192.168.2.15:52262 -> 45.147.251.145:2840
Source: global trafficTCP traffic: 192.168.2.15:51196 -> 159.89.101.70:1990
Source: global trafficTCP traffic: 192.168.2.15:57702 -> 185.220.204.227:911
Source: /tmp/zerarm.elf (PID: 5827)Socket: 127.0.0.1:39148Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn
Source: global trafficDNS traffic detected: DNS query: ohlookthereismyboats.geek
Source: global trafficDNS traffic detected: DNS query: watchmepull.dyn. [malformed]
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal56.troj.linELF@0/0@23/0
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/110/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/231/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/111/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/112/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/233/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/113/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/114/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/235/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/115/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1333/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/116/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1695/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/117/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/118/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/119/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/911/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/5810/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/5811/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/914/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/10/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/917/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/11/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/12/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/13/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/14/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/15/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/16/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/17/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/18/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/19/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1591/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/120/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/121/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/5827/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/122/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/243/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/2/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/123/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/3/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/124/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1588/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/125/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/4/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/246/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/126/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/5/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/127/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/6/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1585/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/128/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/7/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/129/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/8/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/800/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/9/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/802/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/803/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/804/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/20/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/21/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/3407/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/22/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/23/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/24/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/25/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/26/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/27/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/28/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/29/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1484/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/490/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/250/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/130/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/251/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/131/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/132/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/133/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1479/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/378/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/258/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/259/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/931/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1595/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/812/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/933/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/30/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/3419/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/35/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/3310/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/260/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/261/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/262/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/142/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/263/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/264/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/265/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/145/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/266/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/267/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/268/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/3303/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/269/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1486/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)File opened: /proc/1806/commJump to behavior
Source: /tmp/zerarm.elf (PID: 5827)Queries kernel information via 'uname': Jump to behavior
Source: zerarm.elf, 5827.1.000055899fb6e000.000055899fcbd000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
Source: zerarm.elf, 5827.1.000055899fb6e000.000055899fcbd000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
Source: zerarm.elf, 5827.1.00007ffe3d257000.00007ffe3d278000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
Source: zerarm.elf, 5827.1.00007ffe3d257000.00007ffe3d278000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/zerarm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zerarm.elf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
OS Credential Dumping
11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633217 Sample: zerarm.elf Startdate: 10/03/2025 Architecture: LINUX Score: 56 14 watchmepull.dyn. [malformed] 2->14 16 45.147.251.145, 1440, 2840, 45052 RACKMARKTES Germany 2->16 18 3 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Connects to many ports of the same IP (likely port scanning) 2->22 8 zerarm.elf 2->8         started        signatures3 24 Sends malformed DNS queries 14->24 process4 process5 10 zerarm.elf 8->10         started        process6 12 zerarm.elf 10->12         started       
SourceDetectionScannerLabelLink
zerarm.elf45%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
watchmepull.dyn
159.89.101.70
truefalse
    high
    ohlookthereismyboats.geek
    64.227.79.152
    truefalse
      high
      watchmepull.dyn. [malformed]
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        185.220.204.227
        unknownIsrael
        41436CLOUDWEBMANAGE-EUGBfalse
        159.89.101.70
        watchmepull.dynUnited States
        14061DIGITALOCEAN-ASNUSfalse
        45.147.251.145
        unknownGermany
        197518RACKMARKTEStrue
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        185.220.204.227zermips.elfGet hashmaliciousUnknownBrowse
          zerx86.elfGet hashmaliciousUnknownBrowse
            zerppc.elfGet hashmaliciousUnknownBrowse
              zermpsl.elfGet hashmaliciousUnknownBrowse
                zerm68k.elfGet hashmaliciousUnknownBrowse
                  zersh4.elfGet hashmaliciousUnknownBrowse
                    zerarm7.elfGet hashmaliciousUnknownBrowse
                      159.89.101.70zermips.elfGet hashmaliciousUnknownBrowse
                        zerx86.elfGet hashmaliciousUnknownBrowse
                          zerspc.elfGet hashmaliciousUnknownBrowse
                            zerppc.elfGet hashmaliciousUnknownBrowse
                              zermpsl.elfGet hashmaliciousUnknownBrowse
                                zerm68k.elfGet hashmaliciousUnknownBrowse
                                  zersh4.elfGet hashmaliciousUnknownBrowse
                                    zerarm7.elfGet hashmaliciousUnknownBrowse
                                      45.147.251.145zerx86.elfGet hashmaliciousUnknownBrowse
                                        zerspc.elfGet hashmaliciousUnknownBrowse
                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                            zermpsl.elfGet hashmaliciousUnknownBrowse
                                              zerm68k.elfGet hashmaliciousUnknownBrowse
                                                zersh4.elfGet hashmaliciousUnknownBrowse
                                                  zerarm7.elfGet hashmaliciousUnknownBrowse
                                                    zerarm7.elfGet hashmaliciousUnknownBrowse
                                                      zerx86.elfGet hashmaliciousUnknownBrowse
                                                        zerarm.elfGet hashmaliciousUnknownBrowse
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          ohlookthereismyboats.geeknklspc.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zermips.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          zerx86.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          nklmpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zerspc.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zermpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          nklppc.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zerm68k.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          nklsh4.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          watchmepull.dynnklmips.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          RACKMARKTESzerarm5.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerx86.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerspc.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zermpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerm68k.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zersh4.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          zerarm7.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          i686.elfGet hashmaliciousUnknownBrowse
                                                          • 185.194.179.220
                                                          zerarm7.elfGet hashmaliciousUnknownBrowse
                                                          • 45.147.251.145
                                                          CLOUDWEBMANAGE-EUGBzermips.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zerx86.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zermpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zerm68k.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zersh4.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          zerarm7.elfGet hashmaliciousUnknownBrowse
                                                          • 185.220.204.227
                                                          https://basvur-acildenizv2denizkredi.site/Get hashmaliciousHTMLPhisherBrowse
                                                          • 5.180.183.64
                                                          https://basvur-acildenizv2denizkredi.xyz/Get hashmaliciousHTMLPhisherBrowse
                                                          • 5.180.183.64
                                                          4gMmUx86OA.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                          • 5.180.183.1
                                                          DIGITALOCEAN-ASNUSzermips.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          zerx86.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zerspc.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zermpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          zerm68k.elfGet hashmaliciousUnknownBrowse
                                                          • 64.227.79.152
                                                          zersh4.elfGet hashmaliciousUnknownBrowse
                                                          • 159.89.101.70
                                                          arm.elfGet hashmaliciousUnknownBrowse
                                                          • 162.243.214.160
                                                          nabsh4.elfGet hashmaliciousUnknownBrowse
                                                          • 188.226.156.47
                                                          splarm5.elfGet hashmaliciousUnknownBrowse
                                                          • 178.128.131.24
                                                          No context
                                                          No context
                                                          No created / dropped files found
                                                          File type:ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
                                                          Entropy (8bit):5.994586101601187
                                                          TrID:
                                                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                          File name:zerarm.elf
                                                          File size:51'744 bytes
                                                          MD5:67996e3a070f8402917aa1e91f008ee8
                                                          SHA1:3e5333d8dd828a5dbc4fd51dae4a545bc14e85ae
                                                          SHA256:d3f5617b6aab657f9bd8793811a42b887bb0cfa20d0e30ef7a121db5674e3a77
                                                          SHA512:26d264d52aca45132869b4e9429fd13b589a1d41338b93e10a1cf80683574280da8711bcf0c141ef4ebf7da1f5fb120778e1ac6c84152a4a9a7bcdce90218707
                                                          SSDEEP:768:x3wPkDLbRaeUj7HcPYBBKoQ6pYTKppoVNm8rr+/hSbbgOT1xzlNs5glh4sg:N+knbRsBKzKYupQm8v+56MOLYq
                                                          TLSH:95330895B8C29A13C5D422BBFA2E429D372523E8E1DF3207CD112F51778A82F0EA7651
                                                          File Content Preview:.ELF...a..........(.........4...h.......4. ...(.....................`...`...............d...d...d.......`...........Q.td..................................-...L."...V/..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

                                                          ELF header

                                                          Class:ELF32
                                                          Data:2's complement, little endian
                                                          Version:1 (current)
                                                          Machine:ARM
                                                          Version Number:0x1
                                                          Type:EXEC (Executable file)
                                                          OS/ABI:ARM - ABI
                                                          ABI Version:0
                                                          Entry Point Address:0x8190
                                                          Flags:0x202
                                                          ELF Header Size:52
                                                          Program Header Offset:52
                                                          Program Header Size:32
                                                          Number of Program Headers:3
                                                          Section Header Offset:51304
                                                          Section Header Size:40
                                                          Number of Section Headers:11
                                                          Header String Table Index:10
                                                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                          NULL0x00x00x00x00x0000
                                                          .initPROGBITS0x80940x940x180x00x6AX004
                                                          .textPROGBITS0x80b00xb00xbd900x00x6AX0016
                                                          .finiPROGBITS0x13e400xbe400x140x00x6AX004
                                                          .rodataPROGBITS0x13e540xbe540x80c0x00x2A004
                                                          .ctorsPROGBITS0x1c6640xc6640x80x00x3WA004
                                                          .dtorsPROGBITS0x1c66c0xc66c0x80x00x3WA004
                                                          .jcrPROGBITS0x1c6740xc6740x40x00x3WA004
                                                          .dataPROGBITS0x1c6780xc6780x1ac0x00x3WA004
                                                          .bssNOBITS0x1c8240xc8240x2a00x00x3WA004
                                                          .shstrtabSTRTAB0x00xc8240x430x00x0001
                                                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                          LOAD0x00x80000x80000xc6600xc6606.02490x5R E0x8000.init .text .fini .rodata
                                                          LOAD0xc6640x1c6640x1c6640x1c00x4602.30370x6RW 0x8000.ctors .dtors .jcr .data .bss
                                                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                          Download Network PCAP: filteredfull

                                                          • Total Packets: 81
                                                          • 5034 undefined
                                                          • 2840 undefined
                                                          • 1990 undefined
                                                          • 1945 undefined
                                                          • 1440 undefined
                                                          • 911 undefined
                                                          • 53 (DNS)
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 10, 2025 03:05:35.199590921 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:35.208129883 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:35.208205938 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:35.211513042 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:35.218509912 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:35.218569040 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:35.225498915 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:45.221539021 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:45.435611010 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:45.651556015 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:45.829842091 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:45.829982042 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:45.829998016 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:45.831182957 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:45.831545115 CET522622840192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:45.839328051 CET28405226245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:46.852564096 CET470065034192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:46.857561111 CET50344700645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:46.857659101 CET470065034192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:46.858576059 CET470065034192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:46.863622904 CET50344700645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:46.863709927 CET470065034192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:46.868745089 CET50344700645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:57.464660883 CET50344700645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:57.464951038 CET470065034192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:05:57.471630096 CET50344700645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:05:58.499299049 CET511961990192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:05:58.504354000 CET199051196159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:05:58.504427910 CET511961990192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:05:58.505685091 CET511961990192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:05:58.510701895 CET199051196159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:05:58.510799885 CET511961990192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:05:58.515835047 CET199051196159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:09.101125956 CET199051196159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:09.101625919 CET511961990192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:09.106779099 CET199051196159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:10.136395931 CET454581945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:10.141617060 CET194545458159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:10.141784906 CET454581945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:10.143203974 CET454581945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:10.148324966 CET194545458159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:10.148418903 CET454581945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:10.153505087 CET194545458159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:20.743298054 CET194545458159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:20.743736982 CET454581945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:06:20.748804092 CET194545458159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:06:21.763561964 CET45052911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:21.768588066 CET9114505245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:21.768656015 CET45052911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:21.769767046 CET45052911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:21.774808884 CET9114505245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:21.774869919 CET45052911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:21.779910088 CET9114505245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:32.424035072 CET9114505245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:32.424217939 CET45052911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:32.429583073 CET9114505245.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:33.539099932 CET45054911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:33.544235945 CET9114505445.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:33.544294119 CET45054911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:33.545478106 CET45054911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:33.551892042 CET9114505445.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:33.551949978 CET45054911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:33.557585001 CET9114505445.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:44.179162979 CET9114505445.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:44.179414034 CET45054911192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:44.184691906 CET9114505445.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:45.274183035 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:45.279438972 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:45.279512882 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:45.280807018 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:45.286012888 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:45.286077023 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:45.291168928 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:55.289539099 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:55.294646978 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:55.524327040 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:55.524665117 CET493361440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:55.529937029 CET14404933645.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:56.996309996 CET493381440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:57.001687050 CET14404933845.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:57.001770973 CET493381440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:57.003199100 CET493381440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:57.008266926 CET14404933845.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:06:57.008347034 CET493381440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:06:57.013669968 CET14404933845.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:07:07.613569021 CET14404933845.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:07:07.614099026 CET493381440192.168.2.1545.147.251.145
                                                          Mar 10, 2025 03:07:07.619134903 CET14404933845.147.251.145192.168.2.15
                                                          Mar 10, 2025 03:07:08.642024040 CET454681945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:07:08.647581100 CET194545468159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:07:08.647672892 CET454681945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:07:08.649265051 CET454681945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:07:08.654288054 CET194545468159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:07:08.654356003 CET454681945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:07:08.659332991 CET194545468159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:07:19.260792971 CET194545468159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:07:19.260946989 CET454681945192.168.2.15159.89.101.70
                                                          Mar 10, 2025 03:07:19.265935898 CET194545468159.89.101.70192.168.2.15
                                                          Mar 10, 2025 03:07:20.301778078 CET57702911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:20.306843996 CET91157702185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:20.306938887 CET57702911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:20.308429003 CET57702911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:20.313487053 CET91157702185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:20.313556910 CET57702911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:20.318659067 CET91157702185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:30.964371920 CET91157702185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:30.964735985 CET57702911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:30.969921112 CET91157702185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:32.081371069 CET57704911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:32.089605093 CET91157704185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:32.089690924 CET57704911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:32.091063976 CET57704911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:32.096388102 CET91157704185.220.204.227192.168.2.15
                                                          Mar 10, 2025 03:07:32.096458912 CET57704911192.168.2.15185.220.204.227
                                                          Mar 10, 2025 03:07:32.101538897 CET91157704185.220.204.227192.168.2.15
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Mar 10, 2025 03:05:35.166676998 CET5122753192.168.2.15202.61.197.122
                                                          Mar 10, 2025 03:05:35.186362982 CET5351227202.61.197.122192.168.2.15
                                                          Mar 10, 2025 03:05:46.834176064 CET4396553192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:05:46.851768970 CET5343965152.53.15.127192.168.2.15
                                                          Mar 10, 2025 03:05:58.468086004 CET3343353192.168.2.1581.169.136.222
                                                          Mar 10, 2025 03:05:58.498264074 CET533343381.169.136.222192.168.2.15
                                                          Mar 10, 2025 03:06:10.105412006 CET6051053192.168.2.1581.169.136.222
                                                          Mar 10, 2025 03:06:10.135452986 CET536051081.169.136.222192.168.2.15
                                                          Mar 10, 2025 03:06:21.747256994 CET4076853192.168.2.1551.158.108.203
                                                          Mar 10, 2025 03:06:21.762991905 CET534076851.158.108.203192.168.2.15
                                                          Mar 10, 2025 03:06:33.427748919 CET4477653192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:06:33.451126099 CET5344776194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:06:33.452955008 CET4849153192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:06:33.475985050 CET5348491194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:06:33.477751017 CET5260353192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:06:33.494725943 CET5352603194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:06:33.496535063 CET5787553192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:06:33.519604921 CET5357875194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:06:33.521389008 CET3882253192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:06:33.538469076 CET5338822194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:06:45.182754040 CET3288453192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:45.273313999 CET5332884168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:06:56.528654099 CET3894353192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:56.616482019 CET5338943168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:06:56.618092060 CET4603653192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:56.710233927 CET5346036168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:06:56.711930990 CET3400753192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:56.808195114 CET5334007168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:06:56.809540987 CET3619653192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:56.900237083 CET5336196168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:06:56.901521921 CET4539653192.168.2.15168.235.111.72
                                                          Mar 10, 2025 03:06:56.995507002 CET5345396168.235.111.72192.168.2.15
                                                          Mar 10, 2025 03:07:08.618211031 CET5314753192.168.2.15194.36.144.87
                                                          Mar 10, 2025 03:07:08.640966892 CET5353147194.36.144.87192.168.2.15
                                                          Mar 10, 2025 03:07:20.264841080 CET5570153192.168.2.15185.181.61.24
                                                          Mar 10, 2025 03:07:20.300879955 CET5355701185.181.61.24192.168.2.15
                                                          Mar 10, 2025 03:07:31.968317032 CET3710853192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:07:31.986044884 CET5337108152.53.15.127192.168.2.15
                                                          Mar 10, 2025 03:07:31.987813950 CET5103853192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:07:32.011317968 CET5351038152.53.15.127192.168.2.15
                                                          Mar 10, 2025 03:07:32.013183117 CET4379653192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:07:32.030721903 CET5343796152.53.15.127192.168.2.15
                                                          Mar 10, 2025 03:07:32.032233000 CET5463453192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:07:32.055769920 CET5354634152.53.15.127192.168.2.15
                                                          Mar 10, 2025 03:07:32.057307005 CET5880253192.168.2.15152.53.15.127
                                                          Mar 10, 2025 03:07:32.080554008 CET5358802152.53.15.127192.168.2.15
                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Mar 10, 2025 03:05:35.166676998 CET192.168.2.15202.61.197.1220xd95Standard query (0)watchmepull.dynA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:46.834176064 CET192.168.2.15152.53.15.1270x6d5Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:58.468086004 CET192.168.2.1581.169.136.2220xc618Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:10.105412006 CET192.168.2.1581.169.136.2220x640fStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:21.747256994 CET192.168.2.1551.158.108.2030xac0aStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:33.427748919 CET192.168.2.15194.36.144.870x56bStandard query (0)watchmepull.dyn. [malformed]256297false
                                                          Mar 10, 2025 03:06:33.452955008 CET192.168.2.15194.36.144.870x56bStandard query (0)watchmepull.dyn. [malformed]256297false
                                                          Mar 10, 2025 03:06:33.477751017 CET192.168.2.15194.36.144.870x56bStandard query (0)watchmepull.dyn. [malformed]256297false
                                                          Mar 10, 2025 03:06:33.496535063 CET192.168.2.15194.36.144.870x56bStandard query (0)watchmepull.dyn. [malformed]256297false
                                                          Mar 10, 2025 03:06:33.521389008 CET192.168.2.15194.36.144.870x56bStandard query (0)watchmepull.dyn. [malformed]256297false
                                                          Mar 10, 2025 03:06:45.182754040 CET192.168.2.15168.235.111.720x7a51Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:56.528654099 CET192.168.2.15168.235.111.720x4bdStandard query (0)watchmepull.dyn. [malformed]256320false
                                                          Mar 10, 2025 03:06:56.618092060 CET192.168.2.15168.235.111.720x4bdStandard query (0)watchmepull.dyn. [malformed]256320false
                                                          Mar 10, 2025 03:06:56.711930990 CET192.168.2.15168.235.111.720x4bdStandard query (0)watchmepull.dyn. [malformed]256320false
                                                          Mar 10, 2025 03:06:56.809540987 CET192.168.2.15168.235.111.720x4bdStandard query (0)watchmepull.dyn. [malformed]256320false
                                                          Mar 10, 2025 03:06:56.901521921 CET192.168.2.15168.235.111.720x4bdStandard query (0)watchmepull.dyn. [malformed]256320false
                                                          Mar 10, 2025 03:07:08.618211031 CET192.168.2.15194.36.144.870xab2bStandard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:20.264841080 CET192.168.2.15185.181.61.240x51d5Standard query (0)ohlookthereismyboats.geekA (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:31.968317032 CET192.168.2.15152.53.15.1270x4cb3Standard query (0)watchmepull.dyn. [malformed]256355false
                                                          Mar 10, 2025 03:07:31.987813950 CET192.168.2.15152.53.15.1270x4cb3Standard query (0)watchmepull.dyn. [malformed]256356false
                                                          Mar 10, 2025 03:07:32.013183117 CET192.168.2.15152.53.15.1270x4cb3Standard query (0)watchmepull.dyn. [malformed]256356false
                                                          Mar 10, 2025 03:07:32.032233000 CET192.168.2.15152.53.15.1270x4cb3Standard query (0)watchmepull.dyn. [malformed]256356false
                                                          Mar 10, 2025 03:07:32.057307005 CET192.168.2.15152.53.15.1270x4cb3Standard query (0)watchmepull.dyn. [malformed]256356false
                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Mar 10, 2025 03:05:35.186362982 CET202.61.197.122192.168.2.150xd95No error (0)watchmepull.dyn159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:35.186362982 CET202.61.197.122192.168.2.150xd95No error (0)watchmepull.dyn45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:35.186362982 CET202.61.197.122192.168.2.150xd95No error (0)watchmepull.dyn64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:35.186362982 CET202.61.197.122192.168.2.150xd95No error (0)watchmepull.dyn185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:46.851768970 CET152.53.15.127192.168.2.150x6d5No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:46.851768970 CET152.53.15.127192.168.2.150x6d5No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:46.851768970 CET152.53.15.127192.168.2.150x6d5No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:46.851768970 CET152.53.15.127192.168.2.150x6d5No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:58.498264074 CET81.169.136.222192.168.2.150xc618No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:58.498264074 CET81.169.136.222192.168.2.150xc618No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:58.498264074 CET81.169.136.222192.168.2.150xc618No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:05:58.498264074 CET81.169.136.222192.168.2.150xc618No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:10.135452986 CET81.169.136.222192.168.2.150x640fNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:10.135452986 CET81.169.136.222192.168.2.150x640fNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:10.135452986 CET81.169.136.222192.168.2.150x640fNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:10.135452986 CET81.169.136.222192.168.2.150x640fNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:21.762991905 CET51.158.108.203192.168.2.150xac0aNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:21.762991905 CET51.158.108.203192.168.2.150xac0aNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:21.762991905 CET51.158.108.203192.168.2.150xac0aNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:21.762991905 CET51.158.108.203192.168.2.150xac0aNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:33.451126099 CET194.36.144.87192.168.2.150x56bFormat error (1)watchmepull.dyn. [malformed]nonenone256297false
                                                          Mar 10, 2025 03:06:33.475985050 CET194.36.144.87192.168.2.150x56bFormat error (1)watchmepull.dyn. [malformed]nonenone256297false
                                                          Mar 10, 2025 03:06:33.494725943 CET194.36.144.87192.168.2.150x56bFormat error (1)watchmepull.dyn. [malformed]nonenone256297false
                                                          Mar 10, 2025 03:06:33.519604921 CET194.36.144.87192.168.2.150x56bFormat error (1)watchmepull.dyn. [malformed]nonenone256297false
                                                          Mar 10, 2025 03:06:33.538469076 CET194.36.144.87192.168.2.150x56bFormat error (1)watchmepull.dyn. [malformed]nonenone256297false
                                                          Mar 10, 2025 03:06:45.273313999 CET168.235.111.72192.168.2.150x7a51No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:45.273313999 CET168.235.111.72192.168.2.150x7a51No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:45.273313999 CET168.235.111.72192.168.2.150x7a51No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:06:45.273313999 CET168.235.111.72192.168.2.150x7a51No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:08.640966892 CET194.36.144.87192.168.2.150xab2bNo error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:08.640966892 CET194.36.144.87192.168.2.150xab2bNo error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:08.640966892 CET194.36.144.87192.168.2.150xab2bNo error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:08.640966892 CET194.36.144.87192.168.2.150xab2bNo error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:20.300879955 CET185.181.61.24192.168.2.150x51d5No error (0)ohlookthereismyboats.geek64.227.79.152A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:20.300879955 CET185.181.61.24192.168.2.150x51d5No error (0)ohlookthereismyboats.geek185.220.204.227A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:20.300879955 CET185.181.61.24192.168.2.150x51d5No error (0)ohlookthereismyboats.geek45.147.251.145A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:20.300879955 CET185.181.61.24192.168.2.150x51d5No error (0)ohlookthereismyboats.geek159.89.101.70A (IP address)IN (0x0001)false
                                                          Mar 10, 2025 03:07:31.986044884 CET152.53.15.127192.168.2.150x4cb3Format error (1)watchmepull.dyn. [malformed]nonenone256355false
                                                          Mar 10, 2025 03:07:32.011317968 CET152.53.15.127192.168.2.150x4cb3Format error (1)watchmepull.dyn. [malformed]nonenone256356false
                                                          Mar 10, 2025 03:07:32.030721903 CET152.53.15.127192.168.2.150x4cb3Format error (1)watchmepull.dyn. [malformed]nonenone256356false
                                                          Mar 10, 2025 03:07:32.055769920 CET152.53.15.127192.168.2.150x4cb3Format error (1)watchmepull.dyn. [malformed]nonenone256356false
                                                          Mar 10, 2025 03:07:32.080554008 CET152.53.15.127192.168.2.150x4cb3Format error (1)watchmepull.dyn. [malformed]nonenone256356false

                                                          System Behavior

                                                          Start time (UTC):02:05:34
                                                          Start date (UTC):10/03/2025
                                                          Path:/tmp/zerarm.elf
                                                          Arguments:-
                                                          File size:4956856 bytes
                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                          Start time (UTC):02:05:34
                                                          Start date (UTC):10/03/2025
                                                          Path:/tmp/zerarm.elf
                                                          Arguments:-
                                                          File size:4956856 bytes
                                                          MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1