Linux
Analysis Report
FBI.arm.elf
Overview
General Information
Sample name: | FBI.arm.elf |
Analysis ID: | 1654270 |
MD5: | 38e7d01da9f3c416ef1a9ca2372bbbcc |
SHA1: | 44e39010e488f490386ebc7361b26c73e3b060fc |
SHA256: | ac2556daabcf6c82b1fd1ddb6347bce3760f42cd13bf6a1fcc44f0c1b107406b |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Gafgyt, Mirai
Score: | 80 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Gafgyt
Yara detected Mirai
Detected TCP or UDP traffic on non-standard ports
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings that are user agent strings indicative of HTTP manipulation
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654270 |
Start date and time: | 2025-04-02 08:31:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | FBI.arm.elf |
Detection: | MAL |
Classification: | mal80.troj.linELF@0/0@2/0 |
Command: | /tmp/FBI.arm.elf |
PID: | 5815 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | qemu: uncaught target signal 11 (Segmentation fault) - core dumped |
- system is lnxubuntu20
- FBI.arm.elf New Fork (PID: 5817, Parent: 5815)
- FBI.arm.elf New Fork (PID: 5818, Parent: 5815)
- FBI.arm.elf New Fork (PID: 5820, Parent: 5818)
- FBI.arm.elf New Fork (PID: 5824, Parent: 5820)
- FBI.arm.elf New Fork (PID: 5826, Parent: 5824)
- FBI.arm.elf New Fork (PID: 5856, Parent: 5818)
- FBI.arm.elf New Fork (PID: 5858, Parent: 5856)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Bashlite, Gafgyt | Bashlite is a malware family which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
JoeSecurity_Gafgyt | Yara detected Gafgyt | Joe Security | ||
Click to see the 9 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Stderr: qemu: uncaught target signal 11 (Segmentation fault) - core dumped: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: | ||
Source: | User agent string found: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
64% | ReversingLabs | Linux.Trojan.Gafgyt | ||
64% | Virustotal | Browse | ||
100% | Avira | EXP/ELF.Mirai.Z |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.144.18 | unknown | Germany | 12975 | PALTEL-ASPALTELAutonomousSystemPS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.144.18 | Get hash | malicious | Gafgyt, Mirai | Browse | ||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PALTEL-ASPALTELAutonomousSystemPS | Get hash | malicious | Gafgyt, Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.239194606531504 |
TrID: |
|
File name: | FBI.arm.elf |
File size: | 107'720 bytes |
MD5: | 38e7d01da9f3c416ef1a9ca2372bbbcc |
SHA1: | 44e39010e488f490386ebc7361b26c73e3b060fc |
SHA256: | ac2556daabcf6c82b1fd1ddb6347bce3760f42cd13bf6a1fcc44f0c1b107406b |
SHA512: | 5914d7dc906462c0aced329a2d6db7834fe2e9435a548e53c5f0195f3caa1c0fe4fbd2f33d282cef0ead26342f4c650f1371a7a3526d467e27e757625a877cc6 |
SSDEEP: | 1536:VFL4kui3i9NwZyEEW47XGF2r4aYBCmerwO0J23+ZbvRdQr19xvT5hOpMXq:VF0cS9SwTGQkameT073AXT5hOpMXq |
TLSH: | 16B33956BD018F53C2C315B3FB9F47887B2667F8D2EF3203D925AFA1278A4D60926950 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(..........................................................j..........Q.td..................................-...L."...1P..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 107200 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0x140fc | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x1c1ac | 0x141ac | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1c1c0 | 0x141c0 | 0x4cf0 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.eh_frame | PROGBITS | 0x20eb0 | 0x18eb0 | 0x4 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x29000 | 0x19000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x29008 | 0x19008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x29010 | 0x19010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x29014 | 0x19014 | 0x49c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x294b0 | 0x194b0 | 0x65f0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.comment | PROGBITS | 0x0 | 0x194b0 | 0xdba | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x1a26a | 0x56 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0x18eb4 | 0x18eb4 | 6.2455 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .eh_frame | |
LOAD | 0x19000 | 0x29000 | 0x29000 | 0x4b0 | 0x6aa0 | 3.1809 | 0x6 | RW | 0x8000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 89
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 08:32:38.852857113 CEST | 34428 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:39.064991951 CEST | 1337 | 34428 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:40.498449087 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:40.588604927 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:40.588676929 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:40.588694096 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:40.588721991 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:40.588748932 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:40.680015087 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:40.680083036 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:40.680124998 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:40.770184994 CEST | 34432 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:40.973310947 CEST | 1337 | 34432 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:42.682176113 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:42.682372093 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Apr 2, 2025 08:32:42.783582926 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Apr 2, 2025 08:32:44.068378925 CEST | 34434 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:44.275574923 CEST | 1337 | 34434 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:45.979135036 CEST | 34436 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:46.182849884 CEST | 1337 | 34436 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:49.277806997 CEST | 34438 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:49.480384111 CEST | 1337 | 34438 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:51.185210943 CEST | 34440 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:51.387818098 CEST | 1337 | 34440 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:54.482661963 CEST | 34442 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:54.687722921 CEST | 1337 | 34442 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:56.390316963 CEST | 34444 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:56.598054886 CEST | 1337 | 34444 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:32:59.689517021 CEST | 34446 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:32:59.891707897 CEST | 1337 | 34446 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:01.599888086 CEST | 34448 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:01.808832884 CEST | 1337 | 34448 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:04.893317938 CEST | 34450 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:05.093216896 CEST | 1337 | 34450 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:06.810270071 CEST | 34452 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:07.013232946 CEST | 1337 | 34452 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:10.094866037 CEST | 34454 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:10.296174049 CEST | 1337 | 34454 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:12.014997959 CEST | 34456 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:12.216377020 CEST | 1337 | 34456 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:15.298187971 CEST | 34458 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:15.503669024 CEST | 1337 | 34458 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:17.218225002 CEST | 34460 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:17.422861099 CEST | 1337 | 34460 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:20.505944014 CEST | 34462 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:20.708854914 CEST | 1337 | 34462 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:22.424356937 CEST | 34464 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:22.625196934 CEST | 1337 | 34464 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:25.710777998 CEST | 34466 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:25.912867069 CEST | 1337 | 34466 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:27.626806021 CEST | 34468 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:27.829246044 CEST | 1337 | 34468 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:30.914294004 CEST | 34470 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:31.117907047 CEST | 1337 | 34470 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:32.830396891 CEST | 34472 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:33.036128044 CEST | 1337 | 34472 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:36.119132996 CEST | 34474 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:36.324542999 CEST | 1337 | 34474 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:38.037988901 CEST | 34476 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:38.240643024 CEST | 1337 | 34476 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:41.326077938 CEST | 34478 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:41.531812906 CEST | 1337 | 34478 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:43.242438078 CEST | 34480 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:43.449418068 CEST | 1337 | 34480 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:46.535327911 CEST | 34482 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:46.737879992 CEST | 1337 | 34482 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:48.450937033 CEST | 34484 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:48.658195019 CEST | 1337 | 34484 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:51.739780903 CEST | 34486 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:51.942749023 CEST | 1337 | 34486 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:53.660532951 CEST | 34488 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:53.864398003 CEST | 1337 | 34488 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:56.944978952 CEST | 34490 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:57.149499893 CEST | 1337 | 34490 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:33:58.867010117 CEST | 34492 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:33:59.072036982 CEST | 1337 | 34492 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:02.151621103 CEST | 34494 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:02.353657961 CEST | 1337 | 34494 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:04.074065924 CEST | 34496 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:04.276453018 CEST | 1337 | 34496 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:07.355259895 CEST | 34498 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:07.556030989 CEST | 1337 | 34498 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:09.278568983 CEST | 34500 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:09.480458021 CEST | 1337 | 34500 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:12.557878971 CEST | 34502 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:12.763245106 CEST | 1337 | 34502 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:14.482073069 CEST | 34504 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:14.683975935 CEST | 1337 | 34504 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:17.764785051 CEST | 34506 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:17.967057943 CEST | 1337 | 34506 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:19.685480118 CEST | 34508 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:19.888381958 CEST | 1337 | 34508 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:22.968576908 CEST | 34510 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:23.168915987 CEST | 1337 | 34510 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:24.889942884 CEST | 34512 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:25.092093945 CEST | 1337 | 34512 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:28.170476913 CEST | 34514 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:28.372654915 CEST | 1337 | 34514 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:30.093447924 CEST | 34516 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:30.300231934 CEST | 1337 | 34516 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:33.374505043 CEST | 34518 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:33.577744961 CEST | 1337 | 34518 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:35.301878929 CEST | 34520 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:35.505168915 CEST | 1337 | 34520 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:38.579636097 CEST | 34522 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:38.780731916 CEST | 1337 | 34522 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:40.506408930 CEST | 34524 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:40.711143970 CEST | 1337 | 34524 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:43.782193899 CEST | 34526 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:43.985416889 CEST | 1337 | 34526 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:45.712471008 CEST | 34528 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:45.914906979 CEST | 1337 | 34528 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:48.986901999 CEST | 34530 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:49.196666956 CEST | 1337 | 34530 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:50.916332006 CEST | 34532 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:51.116458893 CEST | 1337 | 34532 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:54.198239088 CEST | 34534 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:54.405253887 CEST | 1337 | 34534 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:56.117769957 CEST | 34536 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:56.321820021 CEST | 1337 | 34536 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:34:59.407043934 CEST | 34538 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:34:59.608504057 CEST | 1337 | 34538 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:01.323316097 CEST | 34540 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:01.526859999 CEST | 1337 | 34540 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:04.610912085 CEST | 34542 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:04.817806005 CEST | 1337 | 34542 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:06.528702974 CEST | 34544 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:06.730906963 CEST | 1337 | 34544 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:09.819488049 CEST | 34546 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:10.020714998 CEST | 1337 | 34546 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:11.732630968 CEST | 34548 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:11.935262918 CEST | 1337 | 34548 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:15.022363901 CEST | 34550 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:15.226706982 CEST | 1337 | 34550 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:16.936945915 CEST | 34552 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:17.144037962 CEST | 1337 | 34552 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:20.228847027 CEST | 34554 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:20.432614088 CEST | 1337 | 34554 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:22.145581961 CEST | 34556 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:22.353419065 CEST | 1337 | 34556 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:25.434741974 CEST | 34558 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:25.641824961 CEST | 1337 | 34558 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:27.354935884 CEST | 34560 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:27.554989100 CEST | 1337 | 34560 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:30.643630981 CEST | 34562 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:30.844820976 CEST | 1337 | 34562 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:32.556735039 CEST | 34564 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:32.758488894 CEST | 1337 | 34564 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:35.846754074 CEST | 34566 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:36.049565077 CEST | 1337 | 34566 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:37.760155916 CEST | 34568 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:37.961766005 CEST | 1337 | 34568 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:41.051935911 CEST | 34570 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:41.253380060 CEST | 1337 | 34570 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:42.963433027 CEST | 34572 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:43.164359093 CEST | 1337 | 34572 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:46.255335093 CEST | 34574 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:46.456927061 CEST | 1337 | 34574 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:48.166023970 CEST | 34576 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:48.372236967 CEST | 1337 | 34576 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:51.458503008 CEST | 34578 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:51.661187887 CEST | 1337 | 34578 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:53.373550892 CEST | 34580 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:53.575333118 CEST | 1337 | 34580 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:56.662957907 CEST | 34582 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:56.865864038 CEST | 1337 | 34582 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:35:58.576729059 CEST | 34584 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:35:58.776779890 CEST | 1337 | 34584 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:36:01.867928028 CEST | 34586 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:36:02.069044113 CEST | 1337 | 34586 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:36:03.778181076 CEST | 34588 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:36:03.980161905 CEST | 1337 | 34588 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:36:07.071060896 CEST | 34590 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:36:07.272506952 CEST | 1337 | 34590 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:36:08.987884045 CEST | 34592 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:36:09.190005064 CEST | 1337 | 34592 | 176.65.144.18 | 192.168.2.15 |
Apr 2, 2025 08:36:12.274532080 CEST | 34594 | 1337 | 192.168.2.15 | 176.65.144.18 |
Apr 2, 2025 08:36:12.476268053 CEST | 1337 | 34594 | 176.65.144.18 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 08:32:40.498449087 CEST | 192.168.2.15 | 8.8.8.8 | 0x249 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 08:32:40.588748932 CEST | 192.168.2.15 | 8.8.8.8 | 0x7777 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 08:32:40.588676929 CEST | 8.8.8.8 | 192.168.2.15 | 0x249 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 08:32:40.588676929 CEST | 8.8.8.8 | 192.168.2.15 | 0x249 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | /tmp/FBI.arm.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:37 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:39 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 06:32:39 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/FBI.arm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |