Linux
Analysis Report
arm7.elf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Performs DNS TXT record lookups
Uses STUN server to do NAT traversial
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654180 |
Start date and time: | 2025-04-02 03:04:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | arm7.elf |
Detection: | MAL |
Classification: | mal60.troj.evad.linELF@0/2@4/0 |
- VT rate limit hit for: kamru.ru
Command: | /tmp/arm7.elf |
PID: | 5438 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | For God so loved the world |
Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | UDP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
16% | Virustotal | Browse | ||
17% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stun.l.google.com | 74.125.250.129 | true | false | high | |
kamru.ru | unknown | unknown | true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.73.156.19 | unknown | United States | 7029 | WINDSTREAMUS | true | |
74.125.250.129 | stun.l.google.com | United States | 15169 | GOOGLEUS | false | |
156.244.44.239 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
216.73.156.19 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
156.244.44.239 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WINDSTREAMUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Wannacry | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
POWERLINE-AS-APPOWERLINEDATACENTERHK | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | GhostRat, Mimikatz | Browse |
| ||
Get hash | malicious | GhostRat, Mimikatz | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
Process: | /tmp/arm7.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.521640636343319 |
Encrypted: | false |
SSDEEP: | 3:TgiLG:TgiC |
MD5: | 451AC90F7FA61D0393D6A5A02158D369 |
SHA1: | 5A7D458802462B80F94A9CDA24E2C877437A8E34 |
SHA-256: | E2D543300D643CEF7698E750F74E8499993E346EF765FA2061EB5DFAF8D77E48 |
SHA-512: | EF1D000F5B8BB5AFD4F6CB347FBE0FA0E97608B8C3839B6B44CB9828E5522396B334AE37148FCD2064A423B3DDD0C8874EF7019023A84B36E3893E50353F06FE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /tmp/arm7.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.521640636343319 |
Encrypted: | false |
SSDEEP: | 3:TgiLG:TgiC |
MD5: | 451AC90F7FA61D0393D6A5A02158D369 |
SHA1: | 5A7D458802462B80F94A9CDA24E2C877437A8E34 |
SHA-256: | E2D543300D643CEF7698E750F74E8499993E346EF765FA2061EB5DFAF8D77E48 |
SHA-512: | EF1D000F5B8BB5AFD4F6CB347FBE0FA0E97608B8C3839B6B44CB9828E5522396B334AE37148FCD2064A423B3DDD0C8874EF7019023A84B36E3893E50353F06FE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.100455376952038 |
TrID: |
|
File name: | arm7.elf |
File size: | 89'608 bytes |
MD5: | 4eb5ed90780e474d34edd0933644c52c |
SHA1: | c025eab3e481b50fb5064b6196aa03a7e3117bfb |
SHA256: | 44ff52b0edd0d1cf3dbba6c6b0ea298c39673b7011726452a70698fd07866568 |
SHA512: | 1d4757dfa478bca2ccc3d28930f2b16752c77b0d4337a67ffe663c871da2e72736b2760b4c35399e977fffc126801dc5550f1c1a6244147c7a3f84b79c7c25dd |
SSDEEP: | 1536:pUnExipTRI1v8ODFtGlE6nKROZTYgJhrxWLa59IzMgq5hgTCluAiyYA60CdY7ea:F81R8v8ODFt8EcgE3Jh1WLa59IzMgFsP |
TLSH: | 6993175AFC819B05D5D521BAFE4E128A33532BACE3EE7212DD245B2037CA55B0F7B412 |
File Content Preview: | .ELF..............(.........4....[......4. ...(........p.V...........................................X...X...............X...X...X..4....r...............X...X...X..................Q.td..................................-...L..................@-.,@...0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 5 |
Section Header Offset: | 89008 |
Section Header Size: | 40 |
Number of Section Headers: | 15 |
Header String Table Index: | 14 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80d4 | 0xd4 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80f0 | 0xf0 | 0x13e68 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x1bf58 | 0x13f58 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1bf68 | 0x13f68 | 0x1770 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ARM.extab | PROGBITS | 0x1d6d8 | 0x156d8 | 0x18 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x1d6f0 | 0x156f0 | 0x118 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x25808 | 0x15808 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x2580c | 0x1580c | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x2580c | 0x1580c | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x25810 | 0x15810 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x25818 | 0x15818 | 0xa8 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x258c0 | 0x158c0 | 0x27c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x25b3c | 0x15b3c | 0x6f60 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x15b3c | 0x73 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x156f0 | 0x1d6f0 | 0x1d6f0 | 0x118 | 0x118 | 4.5110 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x15808 | 0x15808 | 6.1166 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.extab .ARM.exidx | |
LOAD | 0x15808 | 0x25808 | 0x25808 | 0x334 | 0x7294 | 4.1418 | 0x6 | RW | 0x8000 | .eh_frame .tbss .init_array .fini_array .got .data .bss | |
TLS | 0x1580c | 0x2580c | 0x2580c | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 32
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 03:05:12.206931114 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:12.363228083 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:12.363600016 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:12.516664982 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:12.523269892 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:12.676834106 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:12.677114964 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:13.565812111 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:13.722811937 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:13.722829103 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:13.723136902 CEST | 55588 | 35086 | 192.168.2.13 | 156.244.44.239 |
Apr 2, 2025 03:05:13.876734972 CEST | 35086 | 55588 | 156.244.44.239 | 192.168.2.13 |
Apr 2, 2025 03:05:14.828768969 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:15.840277910 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:16.008517027 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:16.008688927 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:16.174611092 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:16.174782991 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:16.342856884 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:16.342998981 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:17.205039024 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:17.367621899 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:32.220407963 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:32.379204035 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:32.379343987 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:32.550674915 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:51.427150011 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:51.586251974 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:05:51.586360931 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:05:51.755883932 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:11.252685070 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:11.440187931 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:11.440318108 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:11.638590097 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:13.126564980 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:13.126821041 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:28.749001980 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:28.917959929 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:28.918513060 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:29.081168890 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:46.907016039 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:47.070259094 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:06:47.070683002 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:47.456362963 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:06:47.621423960 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:07:06.093450069 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:07:06.264451027 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Apr 2, 2025 03:07:06.264803886 CEST | 57852 | 50182 | 192.168.2.13 | 216.73.156.19 |
Apr 2, 2025 03:07:06.436669111 CEST | 50182 | 57852 | 216.73.156.19 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 03:05:12.030899048 CEST | 48882 | 53 | 192.168.2.13 | 208.67.222.222 |
Apr 2, 2025 03:05:12.202532053 CEST | 53 | 48882 | 208.67.222.222 | 192.168.2.13 |
Apr 2, 2025 03:05:13.369925022 CEST | 48527 | 53 | 192.168.2.13 | 208.67.220.220 |
Apr 2, 2025 03:05:13.467473984 CEST | 53 | 48527 | 208.67.220.220 | 192.168.2.13 |
Apr 2, 2025 03:05:13.468138933 CEST | 47687 | 19302 | 192.168.2.13 | 74.125.250.129 |
Apr 2, 2025 03:05:13.564311981 CEST | 19302 | 47687 | 74.125.250.129 | 192.168.2.13 |
Apr 2, 2025 03:05:14.725244999 CEST | 48672 | 53 | 192.168.2.13 | 8.8.4.4 |
Apr 2, 2025 03:05:14.827729940 CEST | 53 | 48672 | 8.8.4.4 | 192.168.2.13 |
Apr 2, 2025 03:05:17.011034012 CEST | 53614 | 53 | 192.168.2.13 | 8.8.8.8 |
Apr 2, 2025 03:05:17.109021902 CEST | 53 | 53614 | 8.8.8.8 | 192.168.2.13 |
Apr 2, 2025 03:05:17.109316111 CEST | 33846 | 19302 | 192.168.2.13 | 74.125.250.129 |
Apr 2, 2025 03:05:17.204652071 CEST | 19302 | 33846 | 74.125.250.129 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 03:05:12.030899048 CEST | 192.168.2.13 | 208.67.222.222 | 0x75c | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:13.369925022 CEST | 192.168.2.13 | 208.67.220.220 | 0xef8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 03:05:14.725244999 CEST | 192.168.2.13 | 8.8.4.4 | 0x2200 | Standard query (0) | 16 | IN (0x0001) | false | |
Apr 2, 2025 03:05:17.011034012 CEST | 192.168.2.13 | 8.8.8.8 | 0xa26d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 03:05:12.202532053 CEST | 208.67.222.222 | 192.168.2.13 | 0x75c | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:13.467473984 CEST | 208.67.220.220 | 192.168.2.13 | 0xef8 | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 03:05:14.827729940 CEST | 8.8.4.4 | 192.168.2.13 | 0x2200 | No error (0) | TXT (Text strings) | IN (0x0001) | false | |||
Apr 2, 2025 03:05:17.109021902 CEST | 8.8.8.8 | 192.168.2.13 | 0xa26d | No error (0) | 74.125.250.129 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 01:05:09 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/arm7.elf |
Arguments: | /tmp/arm7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 01:05:11 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |