Linux
Analysis Report
arm6.elf
Overview
General Information
Sample name: | arm6.elf |
Analysis ID: | 1635731 |
MD5: | 1dced10358af14f5103c42e78a590334 |
SHA1: | 46dbd5a25e1aa7816a77c00e468f0d439bdb11e2 |
SHA256: | bacd5592d06965a814d3ac9258ee442d2f8bd8bef545f06e0395f698dc4a22b1 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 48 |
Range: | 0 - 100 |
Signatures
Connects to many ports of the same IP (likely port scanning)
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1635731 |
Start date and time: | 2025-03-11 23:15:08 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 47s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | arm6.elf |
Detection: | MAL |
Classification: | mal48.troj.linELF@0/2@2/0 |
Command: | /tmp/arm6.elf |
PID: | 5533 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world |
Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
Networking |
---|
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | UDP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stun.l.google.com | 74.125.250.129 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
156.244.6.124 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | false | |
156.244.14.93 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true | |
74.125.250.129 | stun.l.google.com | United States | 15169 | GOOGLEUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
156.244.6.124 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
⊘No context
⊘No context
Process: | /tmp/arm6.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.521640636343319 |
Encrypted: | false |
SSDEEP: | 3:Tgj03:Tgw3 |
MD5: | 3F57B2990E079DDED19A289B2C2D9845 |
SHA1: | EC529CD92FCD1419E74F69269A1FBDFB901F3360 |
SHA-256: | 42BAD665C8A094C4820D587524D2B0F1E1AA45E1BA9BCE12E59A92CBA93B90BC |
SHA-512: | B2E54540954546CA0BDC2B73923B545659131AB088282E7070B2A7C9FBA1D1C1D58CFE4094D1DAE38D578E2B4FD7CB2E3A7D25A06EE84546207EE6A3B19553A8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /tmp/arm6.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.521640636343319 |
Encrypted: | false |
SSDEEP: | 3:Tgj03:Tgw3 |
MD5: | 3F57B2990E079DDED19A289B2C2D9845 |
SHA1: | EC529CD92FCD1419E74F69269A1FBDFB901F3360 |
SHA-256: | 42BAD665C8A094C4820D587524D2B0F1E1AA45E1BA9BCE12E59A92CBA93B90BC |
SHA-512: | B2E54540954546CA0BDC2B73923B545659131AB088282E7070B2A7C9FBA1D1C1D58CFE4094D1DAE38D578E2B4FD7CB2E3A7D25A06EE84546207EE6A3B19553A8 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.113631207191804 |
TrID: |
|
File name: | arm6.elf |
File size: | 88'312 bytes |
MD5: | 1dced10358af14f5103c42e78a590334 |
SHA1: | 46dbd5a25e1aa7816a77c00e468f0d439bdb11e2 |
SHA256: | bacd5592d06965a814d3ac9258ee442d2f8bd8bef545f06e0395f698dc4a22b1 |
SHA512: | dd6a51ce8967c04260aac6a1699a4c5e30080eedd2b5de4171db06087647cf62345908bff758e6a2e42ffe4f28b4b39f9d5d2ca538ca39f3d7803b7d7c4ba91f |
SSDEEP: | 1536:r0noz3VHZt0gR/ccXRkUYFPbD7DcFXY2Y+/hr2IrRhOi8bg2KCqtyWro:T7VHZt02kUePPEqAhr2diqtKoeo |
TLSH: | ED831846B8419B26D6D016BEFE1E428D33232FB8E3DE3202AD15AB2577DF54A0D3B451 |
File Content Preview: | .ELF..............(.....l...4....V......4. ...(........p.T...........................................U...U...............U...U...U......$G..........Q.td.............................@-..@............/..@-.,@...0....S..... 0....S.........../..0...0...@..../ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 4 |
Section Header Offset: | 87792 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80b4 | 0xb4 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80c8 | 0xc8 | 0x13fcc | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1c094 | 0x14094 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x1c0a8 | 0x140a8 | 0x1450 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ARM.exidx | ARM_EXIDX | 0x1d4f8 | 0x154f8 | 0xc8 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x255c0 | 0x155c0 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x255c4 | 0x155c4 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x255c8 | 0x155c8 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x255d0 | 0x155d0 | 0x28 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x255f8 | 0x155f8 | 0x94 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x25690 | 0x1568c | 0x4654 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.shstrtab | STRTAB | 0x0 | 0x1568c | 0x62 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x154f8 | 0x1d4f8 | 0x1d4f8 | 0xc8 | 0xc8 | 4.2911 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x155c0 | 0x155c0 | 6.1257 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.exidx | |
LOAD | 0x155c0 | 0x255c0 | 0x255c0 | 0xcc | 0x4724 | 3.4878 | 0x6 | RW | 0x8000 | .eh_frame .init_array .fini_array .got .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 27
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 11, 2025 23:16:10.972656012 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:10.977617025 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:10.977771997 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:11.645320892 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:11.645466089 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:11.770035982 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:11.770142078 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:15.621653080 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:15.626449108 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:15.794425964 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:15.794751883 CET | 43756 | 56190 | 192.168.2.14 | 156.244.14.93 |
Mar 11, 2025 23:16:15.799535036 CET | 56190 | 43756 | 156.244.14.93 | 192.168.2.14 |
Mar 11, 2025 23:16:16.796500921 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:16.801213026 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:16.801282883 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:17.860909939 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:17.860997915 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:18.201637983 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:18.201813936 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:21.588629007 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:21.593301058 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:36.591694117 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:36.596654892 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:36.596702099 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:36.601358891 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:56.603718042 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:56.608422995 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:56.608494997 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:16:56.613173008 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:59.163049936 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:16:59.163186073 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:16.621201992 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:16.625914097 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:17:16.625963926 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:16.630640984 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:17:34.734934092 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:34.739686966 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:17:34.739752054 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:34.744421959 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:17:52.526182890 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:52.531016111 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:17:52.531092882 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Mar 11, 2025 23:17:52.535804033 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:18:09.262878895 CET | 12016 | 48730 | 156.244.6.124 | 192.168.2.14 |
Mar 11, 2025 23:18:09.263026953 CET | 48730 | 12016 | 192.168.2.14 | 156.244.6.124 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 11, 2025 23:16:12.008850098 CET | 49900 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 11, 2025 23:16:12.025398016 CET | 53 | 49900 | 8.8.8.8 | 192.168.2.14 |
Mar 11, 2025 23:16:12.025878906 CET | 36914 | 19302 | 192.168.2.14 | 74.125.250.129 |
Mar 11, 2025 23:16:12.496870995 CET | 19302 | 36914 | 74.125.250.129 | 192.168.2.14 |
Mar 11, 2025 23:16:17.798469067 CET | 57220 | 53 | 192.168.2.14 | 8.8.8.8 |
Mar 11, 2025 23:16:17.807512999 CET | 53 | 57220 | 8.8.8.8 | 192.168.2.14 |
Mar 11, 2025 23:16:17.807668924 CET | 59379 | 19302 | 192.168.2.14 | 74.125.250.129 |
Mar 11, 2025 23:16:18.255758047 CET | 19302 | 59379 | 74.125.250.129 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 11, 2025 23:16:12.008850098 CET | 192.168.2.14 | 8.8.8.8 | 0xf02f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 11, 2025 23:16:17.798469067 CET | 192.168.2.14 | 8.8.8.8 | 0x861c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 11, 2025 23:16:12.025398016 CET | 8.8.8.8 | 192.168.2.14 | 0xf02f | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Mar 11, 2025 23:16:17.807512999 CET | 8.8.8.8 | 192.168.2.14 | 0x861c | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 22:16:08 |
Start date (UTC): | 11/03/2025 |
Path: | /tmp/arm6.elf |
Arguments: | /tmp/arm6.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 22:16:09 |
Start date (UTC): | 11/03/2025 |
Path: | /tmp/arm6.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |