Linux
Analysis Report
FBI.mips.elf
Overview
General Information
Detection
Gafgyt, Mirai
Score: | 80 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654266 |
Start date and time: | 2025-04-02 08:27:15 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | FBI.mips.elf |
Detection: | MAL |
Classification: | mal80.troj.linELF@0/0@2/0 |
Command: | /tmp/FBI.mips.elf |
PID: | 5521 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | qemu: uncaught target signal 8 (Floating point exception) - core dumped qemu: uncaught target signal 8 (Floating point exception) - core dumped qemu: uncaught target signal 8 (Floating point exception) - core dumped qemu: uncaught target signal 8 (Floating point exception) - core dumped |
- system is lnxubuntu20
- FBI.mips.elf New Fork (PID: 5523, Parent: 5521)
- FBI.mips.elf New Fork (PID: 5525, Parent: 5521)
- FBI.mips.elf New Fork (PID: 5527, Parent: 5525)
- FBI.mips.elf New Fork (PID: 5529, Parent: 5527)
- FBI.mips.elf New Fork (PID: 5531, Parent: 5529)
- FBI.mips.elf New Fork (PID: 5574, Parent: 5525)
- FBI.mips.elf New Fork (PID: 5576, Parent: 5574)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
Click to see the 30 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Stderr: qemu: uncaught target signal 8 (Floating point exception) - core dumpedqemu: uncaught target signal 8 (Floating point exception) - core dumpedqemu: uncaught target signal 8 (Floating point exception) - core dumpedqemu: uncaught target signal 8 (Floating point exception) - core dumped: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | Virustotal | Browse | ||
64% | ReversingLabs | Linux.Backdoor.Gafgyt | ||
100% | Avira | EXP/ELF.Mirai.Z |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.144.18 | unknown | Germany | 12975 | PALTEL-ASPALTELAutonomousSystemPS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.144.18 | Get hash | malicious | Gafgyt, Mirai | Browse | ||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PALTEL-ASPALTELAutonomousSystemPS | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.5657792571427676 |
TrID: |
|
File name: | FBI.mips.elf |
File size: | 148'064 bytes |
MD5: | d24d393bd7562006078a32fd0cc86bb2 |
SHA1: | c6717a98cc339c03603214c667a22664af8f1c8b |
SHA256: | a210d3c4077e68bf1f8d8ecabd34098352aabc14e993cff345ef58cb473420bd |
SHA512: | 891862f89b8232b1921e5fc7afc8ccd1f0d1e389c45da8e37160d010bbebb5bc35ac8447da7bac5c39aba8f9d59f3e81895e12d6159ef7dae096d5d89266d26a |
SSDEEP: | 3072:F7iL2tEmEh02tKMMHqVtevuAawqIcq88Ek32oQKqqc5hspZC:F7iJmEh02tKMMHqVtevo+Z3Bbzq95hWC |
TLSH: | 5EE3971A7E21DF7FF559823047B38E30969836E636E18585F26CE6481E7138E241FBE4 |
File Content Preview: | .ELF.....................@.....4..?h.....4. ...(....p........@...@...........................@...@...........................E...E........vx........dt.Q.................................................F.P<...'......!'.......................<...'..`...!... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 4 |
Section Header Offset: | 147304 |
Section Header Size: | 40 |
Number of Section Headers: | 19 |
Header String Table Index: | 18 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.reginfo | MIPS_REGINFO | 0x4000b4 | 0xb4 | 0x18 | 0x18 | 0x2 | A | 0 | 0 | 4 |
.init | PROGBITS | 0x4000cc | 0xcc | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400160 | 0x160 | 0x1aa30 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x41ab90 | 0x1ab90 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x41abf0 | 0x1abf0 | 0x4c08 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.eh_frame | PROGBITS | 0x41f7f8 | 0x1f7f8 | 0x4 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x45f7fc | 0x1f7fc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x45f804 | 0x1f804 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x45f80c | 0x1f80c | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data.rel.ro | PROGBITS | 0x45f810 | 0x1f810 | 0x4f4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x45fd10 | 0x1fd10 | 0x550 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x460260 | 0x20260 | 0x5a4 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x460804 | 0x20804 | 0x24 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x460830 | 0x20804 | 0x6644 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.comment | PROGBITS | 0x0 | 0x20804 | 0xdb6 | 0x0 | 0x0 | 0 | 0 | 1 | |
.mdebug.abi32 | PROGBITS | 0xdb6 | 0x215ba | 0x0 | 0x0 | 0x0 | 0 | 0 | 1 | |
.pdr | PROGBITS | 0x0 | 0x215bc | 0x2920 | 0x0 | 0x0 | 0 | 0 | 4 | |
.shstrtab | STRTAB | 0x0 | 0x23edc | 0x8a | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
<unknown> | 0xb4 | 0x4000b4 | 0x4000b4 | 0x18 | 0x18 | 0.9834 | 0x4 | R | 0x4 | .reginfo | |
LOAD | 0x0 | 0x400000 | 0x400000 | 0x1f7fc | 0x1f7fc | 5.6779 | 0x5 | R E | 0x10000 | .reginfo .init .text .fini .rodata .eh_frame | |
LOAD | 0x1f7fc | 0x45f7fc | 0x45f7fc | 0x1008 | 0x7678 | 4.4332 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data.rel.ro .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 85
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 08:27:57.101576090 CEST | 34418 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:27:57.306934118 CEST | 1337 | 34418 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:27:59.149692059 CEST | 34420 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:27:59.355518103 CEST | 1337 | 34420 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:02.322865009 CEST | 34422 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:02.528698921 CEST | 1337 | 34422 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:04.359615088 CEST | 34424 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:04.568799973 CEST | 1337 | 34424 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:07.530503035 CEST | 34426 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:07.736375093 CEST | 1337 | 34426 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:09.571286917 CEST | 34428 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:09.775999069 CEST | 1337 | 34428 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:12.739218950 CEST | 34430 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:12.947195053 CEST | 1337 | 34430 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:14.779609919 CEST | 34432 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:14.982969999 CEST | 1337 | 34432 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:17.951219082 CEST | 34434 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:18.160398006 CEST | 1337 | 34434 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:19.987181902 CEST | 34436 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:20.188627005 CEST | 1337 | 34436 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:23.163990974 CEST | 34438 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:23.365118980 CEST | 1337 | 34438 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:25.192147017 CEST | 34440 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:25.393397093 CEST | 1337 | 34440 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:28.369034052 CEST | 34442 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:28.571856976 CEST | 1337 | 34442 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:30.396068096 CEST | 34444 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:30.602097988 CEST | 1337 | 34444 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:33.575052977 CEST | 34446 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:33.777189970 CEST | 1337 | 34446 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:35.605261087 CEST | 34448 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:35.806447029 CEST | 1337 | 34448 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:38.780333996 CEST | 34450 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:38.980920076 CEST | 1337 | 34450 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:40.810064077 CEST | 34452 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:41.011478901 CEST | 1337 | 34452 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:43.983937979 CEST | 34454 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:44.187122107 CEST | 1337 | 34454 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:46.014766932 CEST | 34456 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:46.223901987 CEST | 1337 | 34456 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:49.190371037 CEST | 34458 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:49.400111914 CEST | 1337 | 34458 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:51.226830959 CEST | 34460 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:51.428352118 CEST | 1337 | 34460 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:54.402988911 CEST | 34462 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:54.606055975 CEST | 1337 | 34462 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:56.431238890 CEST | 34464 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:56.637048960 CEST | 1337 | 34464 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:28:59.608695030 CEST | 34466 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:28:59.811471939 CEST | 1337 | 34466 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:01.639319897 CEST | 34468 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:01.844324112 CEST | 1337 | 34468 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:04.813661098 CEST | 34470 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:05.019340992 CEST | 1337 | 34470 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:06.846232891 CEST | 34472 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:07.054027081 CEST | 1337 | 34472 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:10.022224903 CEST | 34474 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:10.224309921 CEST | 1337 | 34474 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:12.055943966 CEST | 34476 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:12.260658026 CEST | 1337 | 34476 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:15.226890087 CEST | 34478 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:15.431576014 CEST | 1337 | 34478 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:17.263725042 CEST | 34480 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:17.466866016 CEST | 1337 | 34480 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:20.434875011 CEST | 34482 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:20.638323069 CEST | 1337 | 34482 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:22.470844030 CEST | 34484 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:22.674149036 CEST | 1337 | 34484 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:25.641587019 CEST | 34486 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:25.853905916 CEST | 1337 | 34486 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:27.677738905 CEST | 34488 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:27.880445004 CEST | 1337 | 34488 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:30.856910944 CEST | 34490 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:31.061826944 CEST | 1337 | 34490 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:32.883959055 CEST | 34492 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:33.087932110 CEST | 1337 | 34492 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:36.065022945 CEST | 34494 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:36.270241976 CEST | 1337 | 34494 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:38.091964960 CEST | 34496 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:38.293790102 CEST | 1337 | 34496 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:41.272967100 CEST | 34498 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:41.473608971 CEST | 1337 | 34498 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:43.296768904 CEST | 34500 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:43.499304056 CEST | 1337 | 34500 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:46.476953030 CEST | 34502 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:46.683963060 CEST | 1337 | 34502 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:48.502729893 CEST | 34504 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:48.708014965 CEST | 1337 | 34504 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:51.687012911 CEST | 34506 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:51.892365932 CEST | 1337 | 34506 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:53.711354017 CEST | 34508 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:53.916431904 CEST | 1337 | 34508 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:56.895267963 CEST | 34510 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:57.096306086 CEST | 1337 | 34510 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:29:58.919469118 CEST | 34512 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:29:59.131376982 CEST | 1337 | 34512 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:02.098592997 CEST | 34514 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:02.303040981 CEST | 1337 | 34514 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:04.134361029 CEST | 34516 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:04.334173918 CEST | 1337 | 34516 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:07.305708885 CEST | 34518 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:07.509789944 CEST | 1337 | 34518 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:09.336724997 CEST | 34520 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:09.542673111 CEST | 1337 | 34520 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:12.512898922 CEST | 34522 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:12.718076944 CEST | 1337 | 34522 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:14.545598984 CEST | 34524 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:14.747821093 CEST | 1337 | 34524 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:17.721345901 CEST | 34526 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:17.929600954 CEST | 1337 | 34526 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:19.750803947 CEST | 34528 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:19.957118034 CEST | 1337 | 34528 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:22.931623936 CEST | 34530 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:23.138899088 CEST | 1337 | 34530 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:24.959680080 CEST | 34532 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:25.163459063 CEST | 1337 | 34532 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:28.140737057 CEST | 34534 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:28.342426062 CEST | 1337 | 34534 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:30.165707111 CEST | 34536 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:30.374027967 CEST | 1337 | 34536 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:33.344852924 CEST | 34538 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:33.548132896 CEST | 1337 | 34538 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:35.377243996 CEST | 34540 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:35.585431099 CEST | 1337 | 34540 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:38.551018953 CEST | 34542 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:38.756165028 CEST | 1337 | 34542 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:40.588799000 CEST | 34544 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:40.808339119 CEST | 1337 | 34544 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:43.758997917 CEST | 34546 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:43.962385893 CEST | 1337 | 34546 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:45.811031103 CEST | 34548 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:46.015610933 CEST | 1337 | 34548 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:48.964894056 CEST | 34550 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:49.167853117 CEST | 1337 | 34550 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:51.017431974 CEST | 34552 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:51.223486900 CEST | 1337 | 34552 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:54.170248985 CEST | 34554 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:54.375963926 CEST | 1337 | 34554 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:56.226278067 CEST | 34556 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:56.429421902 CEST | 1337 | 34556 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:30:59.378376007 CEST | 34558 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:30:59.583018064 CEST | 1337 | 34558 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:01.432234049 CEST | 34560 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:01.640477896 CEST | 1337 | 34560 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:04.585660934 CEST | 34562 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:04.789858103 CEST | 1337 | 34562 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:06.642719984 CEST | 34564 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:06.848927975 CEST | 1337 | 34564 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:09.792921066 CEST | 34566 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:09.999087095 CEST | 1337 | 34566 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:11.851234913 CEST | 34568 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:12.055175066 CEST | 1337 | 34568 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:15.000633001 CEST | 34570 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:15.207992077 CEST | 1337 | 34570 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:17.056826115 CEST | 34572 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:17.259242058 CEST | 1337 | 34572 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:20.210237026 CEST | 34574 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:20.411976099 CEST | 1337 | 34574 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:22.261460066 CEST | 34576 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:22.466021061 CEST | 1337 | 34576 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:25.414464951 CEST | 34578 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:25.619304895 CEST | 1337 | 34578 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:27.468760967 CEST | 34580 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:31:27.675060034 CEST | 1337 | 34580 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:31:30.622216940 CEST | 34582 | 1337 | 192.168.2.15 | 176.65.144.18 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 08:27:57.875659943 CEST | 48208 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:27:57.875763893 CEST | 44550 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:27:57.972378969 CEST | 53 | 44550 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:27:57.973716021 CEST | 53 | 48208 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 08:27:57.875659943 CEST | 192.168.2.15 | 8.8.8.8 | 0xbeef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 08:27:57.875763893 CEST | 192.168.2.15 | 8.8.8.8 | 0x43d6 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 08:27:57.973716021 CEST | 8.8.8.8 | 192.168.2.15 | 0xbeef | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 08:27:57.973716021 CEST | 8.8.8.8 | 192.168.2.15 | 0xbeef | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | /tmp/FBI.mips.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:56 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:58 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 06:27:58 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.mips.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |