Linux
Analysis Report
mips.elf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1646498 |
Start date and time: | 2025-03-24 04:22:55 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | mips.elf |
Detection: | MAL |
Classification: | mal60.troj.linELF@0/2@0/0 |
- No or unstable Internet during analysis
- Excluded IPs from analysis (whitelisted): 8.8.8.8
Command: | /tmp/mips.elf |
PID: | 5430 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world |
Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
17% | Virustotal | Browse | ||
14% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Agent.J.8 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.146.26.30 | unknown | Reserved | 11915 | US-TELEPACIFICUS | false | |
156.244.45.113 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true | |
104.245.241.64 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true | |
154.205.155.243 | unknown | Seychelles | 26484 | IKGUL-26484US | true | |
216.73.156.19 | unknown | United States | 7029 | WINDSTREAMUS | true | |
104.245.241.61 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true | |
154.205.155.97 | unknown | Seychelles | 26484 | IKGUL-26484US | true | |
156.244.44.239 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
216.146.26.30 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
156.244.45.113 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
104.245.241.64 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
154.205.155.243 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
154.205.155.97 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
156.244.44.239 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
IKGUL-26484US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
US-TELEPACIFICUS | Get hash | malicious | Okiru | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASN-QUADRANET-GLOBALUS | Get hash | malicious | Xmrig | Browse |
| |
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Sliver | Browse |
| ||
Get hash | malicious | Sliver | Browse |
| ||
Get hash | malicious | Sliver | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DarkCloud | Browse |
|
⊘No context
⊘No context
Process: | /tmp/mips.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.378783493486176 |
Encrypted: | false |
SSDEEP: | 3:TgaLGn:TgAG |
MD5: | 640E98E7A87EC50F267F24DBC141D4DD |
SHA1: | BC19B1CF25759386125D933665A8B429D9AE7E26 |
SHA-256: | 6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D |
SHA-512: | 3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /tmp/mips.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.378783493486176 |
Encrypted: | false |
SSDEEP: | 3:TgaLGn:TgAG |
MD5: | 640E98E7A87EC50F267F24DBC141D4DD |
SHA1: | BC19B1CF25759386125D933665A8B429D9AE7E26 |
SHA-256: | 6976993806B7CE05EA0AAA6BC975462833B19CF0D6DD4C9480F26FBAF66AF31D |
SHA-512: | 3887FBDFA33FF58EF35DDD9B1A2C9BDD611208904D8D371B2AFFE6E97F4C2EDA7A5BAA9786BDD3857AB6B31FE933CBE7290E7D9223671670A9BC739D457D4BA9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 5.505186359460307 |
TrID: |
|
File name: | mips.elf |
File size: | 89'244 bytes |
MD5: | db8a488460b48e9712b0b6ef7d1184a4 |
SHA1: | f40c756e11050be2c587de9824417efb591ba4bf |
SHA256: | 18ac42553a13aa34671816e9370a5bb1459e75e3308392c64e824f02b1ddbe26 |
SHA512: | 12b9009a43e76df965c265f17bb61ce29b5767fe2ac09790dd255bed97634cb76e1b0a167f0ea73b313fe81caf2e478f0ce701c86b4e67780758f951c4b4874a |
SSDEEP: | 1536:KBplXgKwbsqcaXhkooxA0a1qmlt0lUOH44/0SnB446CdbxDbw8mugCz65eXsdndi:KBplXgKwbsqcGk3xSlt0lUOH44/0SnBJ |
TLSH: | 1E93E95F2E31CFADF26DC33447B74A31A7A923C622E1C685D26CD5141F6024EA45FBA8 |
File Content Preview: | .ELF.....................@.`...4..Z......4. ...(.............@...@....M...M...............P..EP..EP....p..lT........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'..h...!........'94 |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 88764 |
Section Header Size: | 40 |
Number of Section Headers: | 12 |
Header String Table Index: | 11 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0x13350 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x413470 | 0x13470 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x4134d0 | 0x134d0 | 0x1900 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x455000 | 0x15000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x455008 | 0x15008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x455020 | 0x15020 | 0x440 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x455460 | 0x15460 | 0x610 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x455a70 | 0x15a70 | 0x1c | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x455a90 | 0x15a70 | 0x61c4 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.shstrtab | STRTAB | 0x0 | 0x15a70 | 0x49 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x14dd0 | 0x14dd0 | 5.5656 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x15000 | 0x455000 | 0x455000 | 0xa70 | 0x6c54 | 3.6017 | 0x6 | RW | 0x10000 | .ctors .dtors .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 78
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 24, 2025 04:23:44.550277948 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:44.951992989 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:44.952658892 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:45.354876041 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:45.354999065 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:45.756406069 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:45.756617069 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:51.964555979 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:52.313848972 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:52.314043045 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:52.368539095 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:52.368582010 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:52.368963003 CET | 40240 | 5102 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:23:52.770849943 CET | 5102 | 40240 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:23:53.371823072 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:23:53.536536932 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:23:53.536849976 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:23:53.701268911 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:23:53.701623917 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:23:53.867716074 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:23:53.867928028 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:00.546442986 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:00.714056015 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:00.714116096 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:00.714440107 CET | 43142 | 5102 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:00.879193068 CET | 5102 | 43142 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:01.718055964 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:02.211061001 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:02.211213112 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:02.704123020 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:02.704289913 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:03.196872950 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:03.197026968 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:09.221524954 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:09.714719057 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:09.714786053 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:09.715142965 CET | 34952 | 46164 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:10.208070040 CET | 46164 | 34952 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:10.718672991 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:10.884238005 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:10.884424925 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:11.050476074 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:11.050745964 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:11.215634108 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:11.215951920 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:17.893557072 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:18.058689117 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:18.058758974 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:18.059159040 CET | 37150 | 5102 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:18.224055052 CET | 5102 | 37150 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:19.063642979 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:19.465698957 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:19.465972900 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:19.867928982 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:19.868351936 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:20.272986889 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:20.273375988 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:26.476098061 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:26.879216909 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:26.879555941 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:26.879791021 CET | 58124 | 26141 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:27.281512976 CET | 26141 | 58124 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:27.883632898 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:28.277717113 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:28.278146982 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:28.670284986 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:28.670639038 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:29.065435886 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:29.065639973 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:35.288624048 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:35.680908918 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:35.680974960 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:35.681417942 CET | 50214 | 35086 | 192.168.2.13 | 104.245.241.61 |
Mar 24, 2025 04:24:36.073899031 CET | 35086 | 50214 | 104.245.241.61 | 192.168.2.13 |
Mar 24, 2025 04:24:36.685106039 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:37.168448925 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:37.168731928 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:37.653639078 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:37.654118061 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:38.138060093 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:38.138292074 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:44.178755045 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:44.663328886 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:44.663393974 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:44.663671017 CET | 47278 | 40237 | 192.168.2.13 | 216.146.26.30 |
Mar 24, 2025 04:24:45.147192955 CET | 40237 | 47278 | 216.146.26.30 | 192.168.2.13 |
Mar 24, 2025 04:24:45.666487932 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:45.832392931 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:45.832550049 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:45.998506069 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:45.998642921 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:46.163136959 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:46.163297892 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:52.841536045 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:53.006958008 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:53.007021904 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:53.007189989 CET | 50372 | 12016 | 192.168.2.13 | 156.244.45.113 |
Mar 24, 2025 04:24:53.172342062 CET | 12016 | 50372 | 156.244.45.113 | 192.168.2.13 |
Mar 24, 2025 04:24:54.010601997 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:54.176362991 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:54.176851034 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:54.342818975 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:54.343141079 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:24:54.507838964 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:24:54.508217096 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:25:01.186692953 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:25:01.353893042 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:25:01.353979111 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:25:01.354455948 CET | 35970 | 56190 | 192.168.2.13 | 154.205.155.243 |
Mar 24, 2025 04:25:01.521377087 CET | 56190 | 35970 | 154.205.155.243 | 192.168.2.13 |
Mar 24, 2025 04:25:02.358355999 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:02.516076088 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:02.516452074 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:02.676270008 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:02.676794052 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:02.834171057 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:02.834408998 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:09.527815104 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:09.684634924 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:09.684698105 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:09.684896946 CET | 36802 | 41763 | 192.168.2.13 | 216.73.156.19 |
Mar 24, 2025 04:25:09.842235088 CET | 41763 | 36802 | 216.73.156.19 | 192.168.2.13 |
Mar 24, 2025 04:25:10.691046953 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:10.856879950 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:10.857198954 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:11.022217035 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:11.022391081 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:11.186949968 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:11.187305927 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:17.869060993 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:18.033896923 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:18.033946037 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:18.034600973 CET | 52568 | 40237 | 192.168.2.13 | 154.205.155.97 |
Mar 24, 2025 04:25:18.200530052 CET | 40237 | 52568 | 154.205.155.97 | 192.168.2.13 |
Mar 24, 2025 04:25:19.041368008 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:19.209032059 CET | 40237 | 51480 | 156.244.44.239 | 192.168.2.13 |
Mar 24, 2025 04:25:19.209579945 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:19.376008987 CET | 40237 | 51480 | 156.244.44.239 | 192.168.2.13 |
Mar 24, 2025 04:25:19.376364946 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:19.541059017 CET | 40237 | 51480 | 156.244.44.239 | 192.168.2.13 |
Mar 24, 2025 04:25:19.541352987 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:20.204715014 CET | 40237 | 51480 | 156.244.44.239 | 192.168.2.13 |
Mar 24, 2025 04:25:20.205024004 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:26.220957041 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:26.386244059 CET | 40237 | 51480 | 156.244.44.239 | 192.168.2.13 |
Mar 24, 2025 04:25:26.386804104 CET | 51480 | 40237 | 192.168.2.13 | 156.244.44.239 |
Mar 24, 2025 04:25:41.237452984 CET | 41200 | 64839 | 192.168.2.13 | 104.245.241.64 |
Mar 24, 2025 04:25:41.665030003 CET | 64839 | 41200 | 104.245.241.64 | 192.168.2.13 |
Mar 24, 2025 04:25:41.665196896 CET | 41200 | 64839 | 192.168.2.13 | 104.245.241.64 |
Mar 24, 2025 04:25:42.063967943 CET | 64839 | 41200 | 104.245.241.64 | 192.168.2.13 |
Mar 24, 2025 04:25:42.064093113 CET | 41200 | 64839 | 192.168.2.13 | 104.245.241.64 |
Mar 24, 2025 04:25:42.474323988 CET | 64839 | 41200 | 104.245.241.64 | 192.168.2.13 |
Mar 24, 2025 04:25:42.474530935 CET | 41200 | 64839 | 192.168.2.13 | 104.245.241.64 |
System Behavior
Start time (UTC): | 03:23:41 |
Start date (UTC): | 24/03/2025 |
Path: | /tmp/mips.elf |
Arguments: | /tmp/mips.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 03:23:43 |
Start date (UTC): | 24/03/2025 |
Path: | /tmp/mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |