Linux
Analysis Report
bot.x86_64.elf
Overview
General Information
Detection
Mirai, Gafgyt, Okiru
Score: | 100 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Detected Mirai
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Gafgyt
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647206 |
Start date and time: | 2025-03-24 16:18:57 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | bot.x86_64.elf |
Detection: | MAL |
Classification: | mal100.troj.linELF@0/0@21/0 |
Command: | /tmp/bot.x86_64.elf |
PID: | 5514 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | done. |
Standard Error: |
- system is lnxubuntu20
- bot.x86_64.elf New Fork (PID: 5515, Parent: 5514)
- bot.x86_64.elf New Fork (PID: 5516, Parent: 5515)
- dash New Fork (PID: 5517, Parent: 3673)
- dash New Fork (PID: 5518, Parent: 3673)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 15 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Okiru | Yara detected Okiru | Joe Security | ||
JoeSecurity_Mirai_3 | Yara detected Mirai | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 20 entries |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-24T16:19:39.977108+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40056 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:43.545963+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40058 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:51.054102+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40060 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:54.572071+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40062 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:56.132917+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40064 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:02.653081+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40066 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:08.178681+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40068 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:14.679213+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40070 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:25.182902+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40072 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:34.749144+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40074 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:37.280772+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40076 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:38.765578+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40078 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:49.229818+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40080 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:53.674774+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40082 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:55.139347+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40084 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:04.600294+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40086 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:12.068027+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40088 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:15.524668+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40090 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:23.977412+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40092 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:31.437355+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40094 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:37.899924+0100 | 2030490 | 1 | Malware Command and Control Activity Detected | 192.168.2.15 | 40096 | 103.135.45.110 | 47925 | TCP |
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | String: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 File Deletion | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | Virustotal | Browse | ||
58% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Avira | EXP/ELF.Mirai.Z.A |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bot.dstats.org | 103.135.45.110 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.135.45.110 | bot.dstats.org | Pakistan | 138640 | IISPL-AS-APIJInternetServicesPVTLimitedPK | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
103.135.45.110 | Get hash | malicious | Mirai, Okiru | Browse | ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bot.dstats.org | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
IISPL-AS-APIJInternetServicesPVTLimitedPK | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.284769577721924 |
TrID: |
|
File name: | bot.x86_64.elf |
File size: | 143'832 bytes |
MD5: | d8980db0043c7d1c698af29a9c999695 |
SHA1: | 1cb54a3e70e1c9fd5863799e750927a4323891f0 |
SHA256: | 556cf3c44cf8e435b8f718795f7064779d7a8cdec4d916fdd6021dde343388f5 |
SHA512: | 5df18b3585bbdbab152f2d08027d6fbf1c1fa62e85b2ba04fe4b43462a33ff87e2ae289c4617c87b966ada20baefa50268e8a09401d7b84582ef8635920ed555 |
SSDEEP: | 3072:mTUTfCdO6FFto6868wKhc/t/ekNaogMewcgsK027u8Ol/:mTUTfCdO6FFto6zwwQdJ/ |
TLSH: | 79E34A07B4C184FDC4DAC1B44B9FF53AED32B0AD1238B16B27D4AA222E59E215F1DA54 |
File Content Preview: | .ELF..............>.......@.....@.......X/..........@.8...@.......................@.......@...............................................Q.......Q.....p.......................Q.td....................................................H...._....zk..H........ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 143192 |
Section Header Size: | 64 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x4000e8 | 0xe8 | 0x13 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x400100 | 0x100 | 0x16ba6 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x416ca6 | 0x16ca6 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x416cc0 | 0x16cc0 | 0x33e0 | 0x0 | 0x2 | A | 0 | 0 | 32 |
.ctors | PROGBITS | 0x51a0a8 | 0x1a0a8 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.dtors | PROGBITS | 0x51a0c0 | 0x1a0c0 | 0x10 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.data | PROGBITS | 0x51a0e0 | 0x1a0e0 | 0x8e38 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.bss | NOBITS | 0x522f20 | 0x22f18 | 0x72a0 | 0x0 | 0x3 | WA | 0 | 0 | 32 |
.shstrtab | STRTAB | 0x0 | 0x22f18 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x1a0a0 | 0x1a0a0 | 6.4193 | 0x5 | R E | 0x100000 | .init .text .fini .rodata | |
LOAD | 0x1a0a8 | 0x51a0a8 | 0x51a0a8 | 0x8e70 | 0x10118 | 0.2280 | 0x6 | RW | 0x100000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-24T16:19:39.977108+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40056 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:43.545963+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40058 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:51.054102+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40060 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:54.572071+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40062 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:19:56.132917+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40064 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:02.653081+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40066 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:08.178681+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40068 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:14.679213+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40070 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:25.182902+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40072 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:34.749144+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40074 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:37.280772+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40076 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:38.765578+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40078 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:49.229818+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40080 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:53.674774+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40082 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:20:55.139347+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40084 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:04.600294+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40086 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:12.068027+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40088 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:15.524668+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40090 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:23.977412+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40092 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:31.437355+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40094 | 103.135.45.110 | 47925 | TCP |
2025-03-24T16:21:37.899924+0100 | 2030490 | ET MALWARE ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) | 1 | 192.168.2.15 | 40096 | 103.135.45.110 | 47925 | TCP |
- Total Packets: 103
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 24, 2025 16:19:39.781559944 CET | 40056 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:39.975167990 CET | 47925 | 40056 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:39.975241899 CET | 40056 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:39.977108002 CET | 40056 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:40.169327974 CET | 47925 | 40056 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:40.169454098 CET | 40056 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:40.170923948 CET | 47925 | 40056 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:40.361514091 CET | 47925 | 40056 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:43.321968079 CET | 40058 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:43.535196066 CET | 47925 | 40058 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:43.535279036 CET | 40058 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:43.545963049 CET | 40058 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:43.742649078 CET | 47925 | 40058 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:43.742741108 CET | 40058 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:43.756266117 CET | 47925 | 40058 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:43.952344894 CET | 47925 | 40058 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:50.862322092 CET | 40060 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:51.053271055 CET | 47925 | 40060 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:51.053402901 CET | 40060 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:51.054101944 CET | 40060 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:51.233633041 CET | 47925 | 40060 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:51.233649969 CET | 47925 | 40060 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:51.233767986 CET | 40060 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:51.413912058 CET | 47925 | 40060 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:54.361557961 CET | 40062 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:54.571208954 CET | 47925 | 40062 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:54.571330070 CET | 40062 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:54.572071075 CET | 40062 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:54.786315918 CET | 47925 | 40062 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:54.786412954 CET | 47925 | 40062 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:54.786433935 CET | 40062 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:54.990317106 CET | 47925 | 40062 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:55.927580118 CET | 40064 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:56.131936073 CET | 47925 | 40064 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:56.132054090 CET | 40064 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:56.132916927 CET | 40064 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:56.342969894 CET | 47925 | 40064 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:19:56.343122959 CET | 40064 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:19:56.557787895 CET | 47925 | 40064 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:02.455066919 CET | 40066 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:02.652129889 CET | 47925 | 40066 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:02.652265072 CET | 40066 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:02.653080940 CET | 40066 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:02.849935055 CET | 47925 | 40066 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:02.849968910 CET | 47925 | 40066 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:07.987565041 CET | 40068 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:08.177886963 CET | 47925 | 40068 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:08.178008080 CET | 40068 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:08.178680897 CET | 40068 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:08.359747887 CET | 47925 | 40068 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:08.359826088 CET | 40068 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:08.360357046 CET | 47925 | 40068 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:08.541862011 CET | 47925 | 40068 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:14.493021965 CET | 40070 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:14.678148031 CET | 47925 | 40070 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:14.678277016 CET | 40070 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:14.679213047 CET | 40070 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:14.865509033 CET | 47925 | 40070 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:14.865643024 CET | 40070 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:14.865952015 CET | 47925 | 40070 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:15.041120052 CET | 47925 | 40070 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:24.981913090 CET | 40072 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:25.181473017 CET | 47925 | 40072 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:25.181583881 CET | 40072 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:25.182902098 CET | 40072 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:25.374789000 CET | 47925 | 40072 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:25.375005960 CET | 40072 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:25.375519991 CET | 47925 | 40072 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:25.574997902 CET | 47925 | 40072 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:34.535446882 CET | 40074 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:34.747749090 CET | 47925 | 40074 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:34.747888088 CET | 40074 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:34.749144077 CET | 40074 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:34.958668947 CET | 47925 | 40074 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:34.958803892 CET | 40074 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:34.959929943 CET | 47925 | 40074 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:37.102256060 CET | 40076 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:37.279915094 CET | 47925 | 40076 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:37.280030012 CET | 40076 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:37.280771971 CET | 40076 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:37.461369038 CET | 47925 | 40076 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:37.461477041 CET | 40076 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:37.463181973 CET | 47925 | 40076 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:37.634896040 CET | 47925 | 40076 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:38.588922024 CET | 40078 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:38.764759064 CET | 47925 | 40078 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:38.764909029 CET | 40078 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:38.765578032 CET | 40078 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:38.937980890 CET | 47925 | 40078 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:38.938040018 CET | 47925 | 40078 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:38.938111067 CET | 40078 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:39.114411116 CET | 47925 | 40078 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:49.055640936 CET | 40080 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:49.228847980 CET | 47925 | 40080 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:49.229022026 CET | 40080 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:49.229818106 CET | 40080 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:49.400834084 CET | 47925 | 40080 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:49.400959969 CET | 40080 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:49.401602030 CET | 47925 | 40080 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:49.574332952 CET | 47925 | 40080 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:53.506170988 CET | 40082 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:53.673863888 CET | 47925 | 40082 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:53.674012899 CET | 40082 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:53.674773932 CET | 40082 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:53.847533941 CET | 47925 | 40082 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:53.847702026 CET | 40082 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:53.847989082 CET | 47925 | 40082 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:54.024941921 CET | 47925 | 40082 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:54.960855961 CET | 40084 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:55.138386011 CET | 47925 | 40084 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:55.138534069 CET | 40084 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:55.139347076 CET | 40084 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:20:55.315782070 CET | 47925 | 40084 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:20:55.315814018 CET | 47925 | 40084 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:04.426357031 CET | 40086 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:04.599340916 CET | 47925 | 40086 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:04.599473000 CET | 40086 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:04.600294113 CET | 40086 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:04.775460958 CET | 47925 | 40086 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:04.775578976 CET | 40086 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:04.775985956 CET | 47925 | 40086 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:04.949594021 CET | 47925 | 40086 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:11.892496109 CET | 40088 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:12.067071915 CET | 47925 | 40088 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:12.067250013 CET | 40088 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:12.068027020 CET | 40088 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:12.241312027 CET | 47925 | 40088 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:12.241441011 CET | 40088 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:12.241599083 CET | 47925 | 40088 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:12.413139105 CET | 47925 | 40088 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:15.350755930 CET | 40090 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:15.523798943 CET | 47925 | 40090 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:15.523983955 CET | 40090 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:15.524667978 CET | 40090 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:15.692354918 CET | 47925 | 40090 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:15.692471981 CET | 40090 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:15.692890882 CET | 47925 | 40090 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:15.859899998 CET | 47925 | 40090 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:23.802906036 CET | 40092 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:23.976494074 CET | 47925 | 40092 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:23.976620913 CET | 40092 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:23.977411985 CET | 40092 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:24.150206089 CET | 47925 | 40092 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:24.150343895 CET | 40092 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:24.150420904 CET | 47925 | 40092 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:24.324454069 CET | 47925 | 40092 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:31.261240005 CET | 40094 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:31.436482906 CET | 47925 | 40094 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:31.436613083 CET | 40094 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:31.437355042 CET | 40094 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:31.610486031 CET | 47925 | 40094 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:31.610626936 CET | 40094 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:31.611574888 CET | 47925 | 40094 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:31.789699078 CET | 47925 | 40094 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:37.724154949 CET | 40096 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:37.899143934 CET | 47925 | 40096 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:37.899271011 CET | 40096 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:37.899924040 CET | 40096 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:38.078207016 CET | 47925 | 40096 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:38.078340054 CET | 40096 | 47925 | 192.168.2.15 | 103.135.45.110 |
Mar 24, 2025 16:21:38.078876019 CET | 47925 | 40096 | 103.135.45.110 | 192.168.2.15 |
Mar 24, 2025 16:21:38.258680105 CET | 47925 | 40096 | 103.135.45.110 | 192.168.2.15 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 24, 2025 16:19:39.669708967 CET | 34085 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:19:39.780534029 CET | 53 | 34085 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:19:43.176593065 CET | 46021 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:19:43.320805073 CET | 53 | 46021 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:19:50.749495983 CET | 50381 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:19:50.861747026 CET | 53 | 50381 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:19:54.236905098 CET | 56466 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:19:54.361022949 CET | 53 | 56466 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:19:55.788511038 CET | 37317 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:19:55.927081108 CET | 53 | 37317 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:02.347789049 CET | 37319 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:02.454437971 CET | 53 | 37319 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:07.854805946 CET | 60539 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:07.987075090 CET | 53 | 60539 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:14.364865065 CET | 53854 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:14.492445946 CET | 53 | 53854 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:24.872587919 CET | 48554 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:24.981167078 CET | 53 | 48554 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:34.381973982 CET | 58831 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:34.534601927 CET | 53 | 58831 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:36.961824894 CET | 49676 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:37.101742029 CET | 53 | 49676 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:38.463602066 CET | 44036 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:38.588407040 CET | 53 | 44036 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:48.944772005 CET | 57947 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:49.055104971 CET | 53 | 57947 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:53.404654980 CET | 45218 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:53.505426884 CET | 53 | 45218 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:20:54.850656986 CET | 42109 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:20:54.960227013 CET | 53 | 42109 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:04.322208881 CET | 44577 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:04.425736904 CET | 53 | 44577 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:11.780859947 CET | 39442 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:11.891819000 CET | 53 | 39442 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:15.244710922 CET | 49670 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:15.350158930 CET | 53 | 49670 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:23.698285103 CET | 39262 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:23.802323103 CET | 53 | 39262 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:31.155848026 CET | 47278 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:31.260615110 CET | 53 | 47278 | 8.8.8.8 | 192.168.2.15 |
Mar 24, 2025 16:21:37.615185976 CET | 39725 | 53 | 192.168.2.15 | 8.8.8.8 |
Mar 24, 2025 16:21:37.723642111 CET | 53 | 39725 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 24, 2025 16:19:39.669708967 CET | 192.168.2.15 | 8.8.8.8 | 0x3e93 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:19:43.176593065 CET | 192.168.2.15 | 8.8.8.8 | 0xac97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:19:50.749495983 CET | 192.168.2.15 | 8.8.8.8 | 0x7ee2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:19:54.236905098 CET | 192.168.2.15 | 8.8.8.8 | 0x29d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:19:55.788511038 CET | 192.168.2.15 | 8.8.8.8 | 0xc0df | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:02.347789049 CET | 192.168.2.15 | 8.8.8.8 | 0xd7e0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:07.854805946 CET | 192.168.2.15 | 8.8.8.8 | 0xad16 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:14.364865065 CET | 192.168.2.15 | 8.8.8.8 | 0xcafc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:24.872587919 CET | 192.168.2.15 | 8.8.8.8 | 0xbe92 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:34.381973982 CET | 192.168.2.15 | 8.8.8.8 | 0x4f46 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:36.961824894 CET | 192.168.2.15 | 8.8.8.8 | 0xa63e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:38.463602066 CET | 192.168.2.15 | 8.8.8.8 | 0xbfd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:48.944772005 CET | 192.168.2.15 | 8.8.8.8 | 0x609a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:53.404654980 CET | 192.168.2.15 | 8.8.8.8 | 0xc2ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:20:54.850656986 CET | 192.168.2.15 | 8.8.8.8 | 0xab3c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:04.322208881 CET | 192.168.2.15 | 8.8.8.8 | 0x26f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:11.780859947 CET | 192.168.2.15 | 8.8.8.8 | 0x40c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:15.244710922 CET | 192.168.2.15 | 8.8.8.8 | 0xbd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:23.698285103 CET | 192.168.2.15 | 8.8.8.8 | 0xd6e2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:31.155848026 CET | 192.168.2.15 | 8.8.8.8 | 0xddc0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 24, 2025 16:21:37.615185976 CET | 192.168.2.15 | 8.8.8.8 | 0x76bf | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 24, 2025 16:19:39.780534029 CET | 8.8.8.8 | 192.168.2.15 | 0x3e93 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:19:43.320805073 CET | 8.8.8.8 | 192.168.2.15 | 0xac97 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:19:50.861747026 CET | 8.8.8.8 | 192.168.2.15 | 0x7ee2 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:19:54.361022949 CET | 8.8.8.8 | 192.168.2.15 | 0x29d4 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:19:55.927081108 CET | 8.8.8.8 | 192.168.2.15 | 0xc0df | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:02.454437971 CET | 8.8.8.8 | 192.168.2.15 | 0xd7e0 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:07.987075090 CET | 8.8.8.8 | 192.168.2.15 | 0xad16 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:14.492445946 CET | 8.8.8.8 | 192.168.2.15 | 0xcafc | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:24.981167078 CET | 8.8.8.8 | 192.168.2.15 | 0xbe92 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:34.534601927 CET | 8.8.8.8 | 192.168.2.15 | 0x4f46 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:37.101742029 CET | 8.8.8.8 | 192.168.2.15 | 0xa63e | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:38.588407040 CET | 8.8.8.8 | 192.168.2.15 | 0xbfd0 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:49.055104971 CET | 8.8.8.8 | 192.168.2.15 | 0x609a | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:53.505426884 CET | 8.8.8.8 | 192.168.2.15 | 0xc2ec | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:20:54.960227013 CET | 8.8.8.8 | 192.168.2.15 | 0xab3c | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:04.425736904 CET | 8.8.8.8 | 192.168.2.15 | 0x26f2 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:11.891819000 CET | 8.8.8.8 | 192.168.2.15 | 0x40c1 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:15.350158930 CET | 8.8.8.8 | 192.168.2.15 | 0xbd0 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:23.802323103 CET | 8.8.8.8 | 192.168.2.15 | 0xd6e2 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:31.260615110 CET | 8.8.8.8 | 192.168.2.15 | 0xddc0 | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false | ||
Mar 24, 2025 16:21:37.723642111 CET | 8.8.8.8 | 192.168.2.15 | 0x76bf | No error (0) | 103.135.45.110 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 15:19:39 |
Start date (UTC): | 24/03/2025 |
Path: | /tmp/bot.x86_64.elf |
Arguments: | /tmp/bot.x86_64.elf |
File size: | 143832 bytes |
MD5 hash: | d8980db0043c7d1c698af29a9c999695 |
Start time (UTC): | 15:19:39 |
Start date (UTC): | 24/03/2025 |
Path: | /tmp/bot.x86_64.elf |
Arguments: | - |
File size: | 143832 bytes |
MD5 hash: | d8980db0043c7d1c698af29a9c999695 |
Start time (UTC): | 15:19:39 |
Start date (UTC): | 24/03/2025 |
Path: | /tmp/bot.x86_64.elf |
Arguments: | - |
File size: | 143832 bytes |
MD5 hash: | d8980db0043c7d1c698af29a9c999695 |
Start time (UTC): | 15:19:39 |
Start date (UTC): | 24/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 15:19:39 |
Start date (UTC): | 24/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.SsxKKzZGv8 /tmp/tmp.r5rynL22i1 /tmp/tmp.ABcUrusLk3 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 15:19:40 |
Start date (UTC): | 24/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 15:19:40 |
Start date (UTC): | 24/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.SsxKKzZGv8 /tmp/tmp.r5rynL22i1 /tmp/tmp.ABcUrusLk3 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |