Linux
Analysis Report
kmips.elf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647996 |
Start date and time: | 2025-03-25 13:28:44 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | kmips.elf |
Detection: | MAL |
Classification: | mal60.troj.linELF@0/2@0/0 |
- No or unstable Internet during analysis
- Excluded IPs from analysis (whitelisted): 8.8.8.8
Command: | /tmp/kmips.elf |
PID: | 5562 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world |
Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Agent.J.8 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.146.26.30 | unknown | Reserved | 11915 | US-TELEPACIFICUS | true | |
156.244.45.113 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true | |
216.73.156.19 | unknown | United States | 7029 | WINDSTREAMUS | true | |
156.244.14.93 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | false | |
104.245.241.61 | unknown | United States | 8100 | ASN-QUADRANET-GLOBALUS | true | |
154.205.155.97 | unknown | Seychelles | 26484 | IKGUL-26484US | true | |
156.244.44.239 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
216.146.26.30 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
156.244.45.113 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
216.73.156.19 | Get hash | malicious | Unknown | Browse | ||
156.244.14.93 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.245.241.61 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
154.205.155.97 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
156.244.44.239 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
WINDSTREAMUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
US-TELEPACIFICUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Okiru | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
Process: | /tmp/kmips.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 15 |
Entropy (8bit): | 3.5068905956085192 |
Encrypted: | false |
SSDEEP: | 3:TgnPCn:TgPC |
MD5: | 6FB1605EBC2A92CEDFE73B9B290AFE9C |
SHA1: | BFD35FBD4EA921668F0FEA9EF6FF3DD7C022C42D |
SHA-256: | DBF56F8F11BC960F054D68E3ACD7DF83A76BA74A6A30FE8EAAB453DC72D63809 |
SHA-512: | 33A5778A558988E98FC92703D836D1BE02B8BBBACCD25E4E6F2451561BC1A6380EBCF63551B5EE7D2E336D81D16541A5EE874C57059E9BC679E946C8F1407E5F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /tmp/kmips.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 15 |
Entropy (8bit): | 3.5068905956085192 |
Encrypted: | false |
SSDEEP: | 3:TgnPCn:TgPC |
MD5: | 6FB1605EBC2A92CEDFE73B9B290AFE9C |
SHA1: | BFD35FBD4EA921668F0FEA9EF6FF3DD7C022C42D |
SHA-256: | DBF56F8F11BC960F054D68E3ACD7DF83A76BA74A6A30FE8EAAB453DC72D63809 |
SHA-512: | 33A5778A558988E98FC92703D836D1BE02B8BBBACCD25E4E6F2451561BC1A6380EBCF63551B5EE7D2E336D81D16541A5EE874C57059E9BC679E946C8F1407E5F |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.506623369613711 |
TrID: |
|
File name: | kmips.elf |
File size: | 89'244 bytes |
MD5: | e0ee1e0bf964ac7510a3344879e14f63 |
SHA1: | 658551a36a21c375e77f907152ca2d26fe17ae86 |
SHA256: | 16e2a3121bebded41767de961a17d4833bd70f5e31ca7e3cb1f92cb9ce40477a |
SHA512: | dd21d2e988542c24beab9ea9976b8b0ab49260957607f6452a24b20bf7bffb4512b4c07009fcad9b63043b13329e41adf06a9ced47d9fc28a666d60ab3f196d5 |
SSDEEP: | 1536:CSpVLUdBwb8qcaSKY8vhQ0K1XCfdbVkD3oICUJCxIbKytQa177XhDwSsPZ8C/y6g:CSpVLUdBwb8qcAYMhJfdbVkD3oICUJCi |
TLSH: | C393D94F2E35CFADF26DC33447B74A31A7A923C622E1C685D26CD1151F6024EA45FBA8 |
File Content Preview: | .ELF.....................@.`...4..Z......4. ...(.............@...@....N ..N ..............P..EP..EP....p..lT........dt.Q............................<...'......!'.......................<...'......!... ....'9... ......................<...'..h...!........'94 |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 88764 |
Section Header Size: | 40 |
Number of Section Headers: | 12 |
Header String Table Index: | 11 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0x133a0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x4134c0 | 0x134c0 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x413520 | 0x13520 | 0x1900 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x455000 | 0x15000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x455008 | 0x15008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x455020 | 0x15020 | 0x440 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x455460 | 0x15460 | 0x610 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x455a70 | 0x15a70 | 0x1c | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x455a90 | 0x15a70 | 0x61c4 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.shstrtab | STRTAB | 0x0 | 0x15a70 | 0x49 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x14e20 | 0x14e20 | 5.5645 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x15000 | 0x455000 | 0x455000 | 0xa70 | 0x6c54 | 3.6048 | 0x6 | RW | 0x10000 | .ctors .dtors .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 83
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 25, 2025 13:29:46.844547987 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:47.003969908 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:47.004039049 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:47.160908937 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:47.160995960 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:47.317661047 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:47.317859888 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:54.016697884 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:54.180527925 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:54.181097031 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:54.183283091 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:54.183340073 CET | 35994 | 50464 | 192.168.2.14 | 156.244.44.239 |
Mar 25, 2025 13:29:54.337487936 CET | 50464 | 35994 | 156.244.44.239 | 192.168.2.14 |
Mar 25, 2025 13:29:55.182876110 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:29:55.344408035 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:29:55.344789028 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:29:55.505234957 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:29:55.505381107 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:29:55.664376974 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:29:55.664480925 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:30:02.352634907 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:30:02.511259079 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:30:02.511286020 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:30:02.511466980 CET | 46850 | 52962 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:30:02.670414925 CET | 52962 | 46850 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:30:03.513744116 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:03.670211077 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:03.670541048 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:03.826860905 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:03.827069998 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:03.986196041 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:03.986485004 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:10.677314043 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:10.832622051 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:10.832644939 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:10.832818031 CET | 50852 | 45229 | 192.168.2.14 | 156.244.14.93 |
Mar 25, 2025 13:30:10.988051891 CET | 45229 | 50852 | 156.244.14.93 | 192.168.2.14 |
Mar 25, 2025 13:30:11.836193085 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:12.333035946 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:12.333142042 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:12.828381062 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:12.828475952 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:13.324837923 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:13.324963093 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:19.341007948 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:19.838654041 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:19.838712931 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:19.838898897 CET | 48142 | 47563 | 192.168.2.14 | 216.146.26.30 |
Mar 25, 2025 13:30:20.335700035 CET | 47563 | 48142 | 216.146.26.30 | 192.168.2.14 |
Mar 25, 2025 13:30:20.841777086 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:21.000432014 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:21.000662088 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:21.163260937 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:21.163511038 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:21.324502945 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:21.324765921 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:28.009025097 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:28.168040037 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:28.168086052 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:28.168302059 CET | 43058 | 45229 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:28.325037956 CET | 45229 | 43058 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:29.170443058 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:29.327714920 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:29.327864885 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:29.486331940 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:29.486475945 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:29.643809080 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:29.643968105 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:36.334784985 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:36.490688086 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:36.490750074 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:36.490852118 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:36.984251022 CET | 39270 | 44859 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:30:37.143106937 CET | 44859 | 39270 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:30:37.494067907 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:37.892537117 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:37.892888069 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:38.290021896 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:38.290344000 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:38.689172983 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:38.689498901 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:44.900450945 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:45.325298071 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:45.325330973 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:45.325522900 CET | 38282 | 40217 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:45.728895903 CET | 40217 | 38282 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:46.327260971 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:46.729414940 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:46.729561090 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:47.137428999 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:47.137641907 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:47.535381079 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:47.536278009 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:53.736737967 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:54.775644064 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:55.992289066 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:58.423377991 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:58.821639061 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:58.821669102 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:58.822035074 CET | 35464 | 40237 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:30:59.221270084 CET | 40237 | 35464 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:30:59.824505091 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:30:59.980393887 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:30:59.980621099 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:00.136583090 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:00.136743069 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:00.291878939 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:00.292354107 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:06.989685059 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:07.199640036 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:07.199671984 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:07.200047970 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:07.703053951 CET | 49236 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:07.883933067 CET | 50749 | 49236 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:08.202327967 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:08.358733892 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:08.358900070 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:08.516326904 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:08.516521931 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:08.672934055 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:08.673105001 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:15.367538929 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:15.523921967 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:15.523951054 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:15.524139881 CET | 55892 | 29486 | 192.168.2.14 | 154.205.155.97 |
Mar 25, 2025 13:31:15.681482077 CET | 29486 | 55892 | 154.205.155.97 | 192.168.2.14 |
Mar 25, 2025 13:31:16.526462078 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:16.926640034 CET | 29486 | 43976 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:31:16.926848888 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:17.328069925 CET | 29486 | 43976 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:31:17.328280926 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:17.728961945 CET | 29486 | 43976 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:31:17.729178905 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:23.443677902 CET | 29486 | 43976 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:31:23.443797112 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:23.934956074 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:24.344326973 CET | 29486 | 43976 | 104.245.241.61 | 192.168.2.14 |
Mar 25, 2025 13:31:24.344436884 CET | 43976 | 29486 | 192.168.2.14 | 104.245.241.61 |
Mar 25, 2025 13:31:38.950761080 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:39.106345892 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:39.106667995 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:39.263746977 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:39.263906002 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:39.420466900 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:39.420762062 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:46.111885071 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:46.271254063 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:46.271281958 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:46.271467924 CET | 49242 | 50749 | 192.168.2.14 | 156.244.45.113 |
Mar 25, 2025 13:31:46.428200960 CET | 50749 | 49242 | 156.244.45.113 | 192.168.2.14 |
Mar 25, 2025 13:31:47.273885965 CET | 55860 | 45229 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:31:47.448424101 CET | 45229 | 55860 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:31:47.448846102 CET | 55860 | 45229 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:31:47.611140966 CET | 45229 | 55860 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:31:47.611562014 CET | 55860 | 45229 | 192.168.2.14 | 216.73.156.19 |
Mar 25, 2025 13:31:47.782105923 CET | 45229 | 55860 | 216.73.156.19 | 192.168.2.14 |
Mar 25, 2025 13:31:47.782263041 CET | 55860 | 45229 | 192.168.2.14 | 216.73.156.19 |
System Behavior
Start time (UTC): | 12:29:43 |
Start date (UTC): | 25/03/2025 |
Path: | /tmp/kmips.elf |
Arguments: | /tmp/kmips.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 12:29:45 |
Start date (UTC): | 25/03/2025 |
Path: | /tmp/kmips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |