Edit tour
Linux
Analysis Report
botnt.arm5.elf
Overview
General Information
Sample name: | botnt.arm5.elf |
Analysis ID: | 1502201 |
MD5: | d7daf7738a75e997ebb9c2aca4a4bdfe |
SHA1: | 1d84958698faa73834f3d83c287b312097c0cffc |
SHA256: | 5c3cee247a19e0eca63e825fa03d77e8c7b326a1f112e037dd893c640cb637a6 |
Tags: | botntelf |
Infos: |
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502201 |
Start date and time: | 2024-08-31 14:48:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | botnt.arm5.elf |
Detection: | MAL |
Classification: | mal48.linELF@0/0@1/0 |
Command: | /tmp/botnt.arm5.elf |
PID: | 5590 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | Segmentation fault |
- system is lnxubuntu20
- botnt.arm5.elf New Fork (PID: 5592, Parent: 5590)
- botnt.arm5.elf New Fork (PID: 5661, Parent: 5592)
- botnt.arm5.elf New Fork (PID: 5663, Parent: 5661)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Stderr: Segmentation fault: |
Source: | Sleeps longer then 60s: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
k.parasjha.one | 92.223.30.118 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
0.159.99.4 | unknown | unknown | unknown | unknown | false | |
23.225.63.251 | unknown | United States | 40065 | CNSERVERSUS | false | |
172.247.148.76 | unknown | United States | 40065 | CNSERVERSUS | false | |
92.38.135.247 | unknown | Austria | 199524 | GCOREAT | false | |
154.214.7.220 | unknown | Seychelles | 40065 | CNSERVERSUS | false | |
154.214.7.222 | unknown | Seychelles | 40065 | CNSERVERSUS | false | |
23.224.130.196 | unknown | United States | 40065 | CNSERVERSUS | false |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CNSERVERSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
GCOREAT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CNSERVERSUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DBatLoader, FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.006253804597994 |
TrID: |
|
File name: | botnt.arm5.elf |
File size: | 83'004 bytes |
MD5: | d7daf7738a75e997ebb9c2aca4a4bdfe |
SHA1: | 1d84958698faa73834f3d83c287b312097c0cffc |
SHA256: | 5c3cee247a19e0eca63e825fa03d77e8c7b326a1f112e037dd893c640cb637a6 |
SHA512: | 9100bc27e582d15235f7df64fc04e3f95799a84e8d93148ba971cc943afa800a77b079cc1f0c3a969f914eb430fbae80aeffd92fb1f9cc5ca421af5323ec2042 |
SSDEEP: | 1536:AGnPXt+ErYvxviM5LJZ8VpSYtO84/hD+yYYTiW2kknWOCeZCYI/9PKdNr:pYMYpbv6pSiO8+hiW2zfJChUdR |
TLSH: | BE833B8ABC509B16D4D016BEFE1E518E33131BB4E2EB3206DD19AF2577CA91B0E3B541 |
File Content Preview: | .ELF..............(.....l...4....B......4. ...(........p.2..........................................d3..d3...............@...@...@..................Q.td.............................@-..@............/..@-.,@...0....S..... 0....S.........../..0...0...@..../ |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 4 |
Section Header Offset: | 82444 |
Section Header Size: | 40 |
Number of Section Headers: | 14 |
Header String Table Index: | 13 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80b4 | 0xb4 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.text | PROGBITS | 0x80c8 | 0xc8 | 0x122a4 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1a36c | 0x1236c | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 1 |
.rodata | PROGBITS | 0x1a380 | 0x12380 | 0xf1c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x1b29c | 0x1329c | 0xc8 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x24000 | 0x14000 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x24004 | 0x14004 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x24008 | 0x14008 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x24010 | 0x14010 | 0x28 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x24038 | 0x14038 | 0x14c | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.bss | NOBITS | 0x24188 | 0x14184 | 0xb6c | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.ARM.attributes | ARM_ATTRIBUTES | 0x0 | 0x14184 | 0x14 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x14198 | 0x72 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x1329c | 0x1b29c | 0x1b29c | 0xc8 | 0xc8 | 4.3191 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x13364 | 0x13364 | 6.1626 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.exidx | |
LOAD | 0x14000 | 0x24000 | 0x24000 | 0x184 | 0xcf4 | 2.7962 | 0x6 | RW | 0x8000 | .eh_frame .init_array .fini_array .got .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 14:49:12.507735014 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:12.512582064 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:12.512648106 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:12.512801886 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:12.517515898 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:13.840750933 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:13.840908051 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:13.841305971 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:13.846076012 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:14.418333054 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:14.418437004 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:14.418612957 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:14.423929930 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:14.996136904 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:14.996352911 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:14.996871948 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:15.001611948 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:15.001669884 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:15.006622076 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:16.999155998 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:17.005338907 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:17.577625036 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:17.618822098 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:29.590357065 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:29.595246077 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:30.167707920 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:30.167850018 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:42.186463118 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:42.397989988 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:42.519968033 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:42.519983053 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:43.092447996 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:43.092595100 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:55.104690075 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:49:55.109649897 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:55.683325052 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:49:55.683487892 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:07.695588112 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:07.700579882 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:08.274420977 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:08.274535894 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:20.285005093 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:20.289911985 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:20.865541935 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:20.865839005 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:32.878619909 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:32.883586884 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:33.463725090 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:33.463903904 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:45.476310968 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:45.481324911 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:46.053920984 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:46.054219961 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:58.066165924 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:50:58.071791887 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:58.644098997 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:50:58.644206047 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:51:03.081348896 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:51:03.081507921 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:51:03.092386961 CEST | 40628 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:03.291383982 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:51:03.291536093 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:51:04.115600109 CEST | 40628 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:06.131515980 CEST | 40628 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:10.355395079 CEST | 40628 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:11.091909885 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:51:11.125816107 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:51:11.127157927 CEST | 40630 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:11.165483952 CEST | 80 | 40630 | 23.224.130.196 | 192.168.2.15 |
Aug 31, 2024 14:51:11.165560961 CEST | 40630 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:11.167509079 CEST | 34058 | 80 | 192.168.2.15 | 23.225.63.251 |
Aug 31, 2024 14:51:11.704579115 CEST | 4444 | 43766 | 92.38.135.247 | 192.168.2.15 |
Aug 31, 2024 14:51:11.704778910 CEST | 43766 | 4444 | 192.168.2.15 | 92.38.135.247 |
Aug 31, 2024 14:51:12.179323912 CEST | 34058 | 80 | 192.168.2.15 | 23.225.63.251 |
Aug 31, 2024 14:51:12.183376074 CEST | 80 | 40630 | 23.224.130.196 | 192.168.2.15 |
Aug 31, 2024 14:51:12.183500051 CEST | 40630 | 80 | 192.168.2.15 | 23.224.130.196 |
Aug 31, 2024 14:51:12.211873055 CEST | 80 | 34058 | 23.225.63.251 | 192.168.2.15 |
Aug 31, 2024 14:51:12.211986065 CEST | 34058 | 80 | 192.168.2.15 | 23.225.63.251 |
Aug 31, 2024 14:51:12.212790012 CEST | 51116 | 80 | 192.168.2.15 | 154.214.7.222 |
Aug 31, 2024 14:51:12.246536016 CEST | 80 | 51116 | 154.214.7.222 | 192.168.2.15 |
Aug 31, 2024 14:51:12.246761084 CEST | 51116 | 80 | 192.168.2.15 | 154.214.7.222 |
Aug 31, 2024 14:51:12.247759104 CEST | 49590 | 80 | 192.168.2.15 | 0.159.99.4 |
Aug 31, 2024 14:51:13.267266035 CEST | 49590 | 80 | 192.168.2.15 | 0.159.99.4 |
Aug 31, 2024 14:51:15.283205032 CEST | 49590 | 80 | 192.168.2.15 | 0.159.99.4 |
Aug 31, 2024 14:51:15.325649023 CEST | 80 | 49590 | 0.159.99.4 | 192.168.2.15 |
Aug 31, 2024 14:51:15.325743914 CEST | 49590 | 80 | 192.168.2.15 | 0.159.99.4 |
Aug 31, 2024 14:51:15.326378107 CEST | 38680 | 80 | 192.168.2.15 | 154.214.7.220 |
Aug 31, 2024 14:51:16.339303017 CEST | 38680 | 80 | 192.168.2.15 | 154.214.7.220 |
Aug 31, 2024 14:51:16.347371101 CEST | 80 | 49590 | 0.159.99.4 | 192.168.2.15 |
Aug 31, 2024 14:51:16.347464085 CEST | 49590 | 80 | 192.168.2.15 | 0.159.99.4 |
Aug 31, 2024 14:51:16.374924898 CEST | 80 | 38680 | 154.214.7.220 | 192.168.2.15 |
Aug 31, 2024 14:51:16.375114918 CEST | 38680 | 80 | 192.168.2.15 | 154.214.7.220 |
Aug 31, 2024 14:51:16.375601053 CEST | 41294 | 80 | 192.168.2.15 | 172.247.148.76 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 31, 2024 14:49:12.473686934 CEST | 60377 | 53 | 192.168.2.15 | 8.8.8.8 |
Aug 31, 2024 14:49:12.493129015 CEST | 53 | 60377 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Aug 31, 2024 14:49:12.473686934 CEST | 192.168.2.15 | 8.8.8.8 | 0x7217 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 92.223.30.118 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 193.32.179.248 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 92.38.135.247 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 195.2.81.97 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 139.162.84.81 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 185.255.178.242 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 185.255.178.106 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 193.32.177.163 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 92.38.160.12 | A (IP address) | IN (0x0001) | false | ||
Aug 31, 2024 14:49:12.493129015 CEST | 8.8.8.8 | 192.168.2.15 | 0x7217 | No error (0) | 92.38.160.9 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 12:49:11 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/botnt.arm5.elf |
Arguments: | /tmp/botnt.arm5.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 12:49:11 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/botnt.arm5.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 12:51:02 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/botnt.arm5.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 12:51:02 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/botnt.arm5.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |