Edit tour
Linux
Analysis Report
SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf
Overview
General Information
Sample name: | SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Analysis ID: | 1502372 |
MD5: | 4de74a22ebb3b2008d93fdf898611bdb |
SHA1: | eb8c46d817f3fca933e91e289897789122b73a54 |
SHA256: | 728c84285231652ea1b50ed634d83ef0c6e60a78db8ce93a8ae578e21f677f7e |
Tags: | elf |
Infos: |
Detection
Mirai
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1502372 |
Start date and time: | 2024-09-01 01:50:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Detection: | MAL |
Classification: | mal72.troj.evad.linELF@0/0@2/0 |
Command: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
PID: | 5487 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5488, Parent: 5487)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5491, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5494, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5497, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5506, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5529, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5532, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5535, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5538, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5541, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5544, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5550, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5553, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5556, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5559, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5562, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5565, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5569, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5572, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5575, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5578, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5581, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5585, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5591, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5594, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5597, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5600, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5603, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5607, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5610, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5613, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5616, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5619, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5622, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5633, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5638, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5641, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5644, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5647, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5650, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5656, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5659, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5662, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5665, Parent: 5488)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5489, Parent: 5487)
- SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf New Fork (PID: 5490, Parent: 5487)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
Linux_Trojan_Mirai_564b8eda | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Click to see the 9 entries |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Program segment: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Linux.Backdoor.Mirai | ||
21% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.156.71.225 | unknown | Bulgaria | 31420 | TERASYST-ASBG | false | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
94.156.71.225 | Get hash | malicious | Mirai | Browse | ||
185.125.190.26 | Get hash | malicious | Gafgyt, Mirai, Okiru | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Mirai, Gafgyt, Okiru | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai, Okiru | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
TERASYST-ASBG | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | Go Injector, Stealc, Vidar | Browse |
| ||
Get hash | malicious | XWorm | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.889937425972499 |
TrID: |
|
File name: | SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
File size: | 36'284 bytes |
MD5: | 4de74a22ebb3b2008d93fdf898611bdb |
SHA1: | eb8c46d817f3fca933e91e289897789122b73a54 |
SHA256: | 728c84285231652ea1b50ed634d83ef0c6e60a78db8ce93a8ae578e21f677f7e |
SHA512: | 2bc0a4d9610ae4f15475a3eae1b85d812cb8c5229e53f09f2e47aaf26c6963eaffae5d57b27271f2bb35979ddf358e53adcebc1df503030e9854214af1a3c944 |
SSDEEP: | 768:1LAridbETdBiaspZ6gprUn825GlheuRbCE2gDH2jIlqcxyuButNRMu:1LAridbY4G8O8/ZgEBDMcxyuButLMu |
TLSH: | 68F2E1E6C29D1B69C1E74D7422A888B30073575F50DF962FFD786AC8EC9C0852A1FD24 |
File Content Preview: | .ELF..............>.......@.....@...................@.8...@.......................@.......@....................... .............@.......@La.....@La.............................Q.td......................................................".UPX! .......x=..x=. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 64 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x8caa | 0x8caa | 7.8929 | 0x5 | R E | 0x200000 | ||
LOAD | 0xc40 | 0x614c40 | 0x614c40 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x1000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 1, 2024 01:50:50.820677996 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:50.825460911 CEST | 3778 | 39314 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:50.825508118 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:50.827960968 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:50.832690954 CEST | 3778 | 39314 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:50.832737923 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:50.837476969 CEST | 3778 | 39314 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:51.430572987 CEST | 3778 | 39314 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:51.430748940 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.430804014 CEST | 39314 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.431375027 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.436153889 CEST | 3778 | 39316 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:51.436233997 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.436742067 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.441498995 CEST | 3778 | 39316 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:51.441576004 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:51.446486950 CEST | 3778 | 39316 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.251951933 CEST | 3778 | 39316 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.252074957 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.252106905 CEST | 39316 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.252527952 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.257366896 CEST | 3778 | 39318 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.257460117 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.257986069 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.262748957 CEST | 3778 | 39318 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.262815952 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.267544985 CEST | 3778 | 39318 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.863177061 CEST | 3778 | 39318 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.863373995 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.863399029 CEST | 39318 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.863790035 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.868591070 CEST | 3778 | 39320 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.868653059 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.869189024 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.873959064 CEST | 3778 | 39320 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:52.874000072 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:52.878784895 CEST | 3778 | 39320 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:53.583168030 CEST | 3778 | 39320 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:53.583477974 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.583477974 CEST | 39320 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.583900928 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.588701010 CEST | 3778 | 39322 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:53.588783979 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.589363098 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.594132900 CEST | 3778 | 39322 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:53.594178915 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:53.598941088 CEST | 3778 | 39322 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.185484886 CEST | 3778 | 39322 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.185842037 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.185842037 CEST | 39322 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.186310053 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.191165924 CEST | 3778 | 39324 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.191211939 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.191937923 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.196702003 CEST | 3778 | 39324 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.196743965 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.201533079 CEST | 3778 | 39324 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.799185038 CEST | 3778 | 39324 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.799278975 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.799295902 CEST | 39324 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.799783945 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.804594994 CEST | 3778 | 39326 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.804680109 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.805313110 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.810071945 CEST | 3778 | 39326 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:54.810118914 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:54.814868927 CEST | 3778 | 39326 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:55.401500940 CEST | 3778 | 39326 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:55.401803970 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.401803970 CEST | 39326 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.402224064 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.406975031 CEST | 3778 | 39328 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:55.407035112 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.407562971 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.412316084 CEST | 3778 | 39328 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:55.412364006 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:55.417094946 CEST | 3778 | 39328 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.006472111 CEST | 3778 | 39328 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.006632090 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.006632090 CEST | 39328 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.006961107 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.011759043 CEST | 3778 | 39330 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.011828899 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.012490034 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.017232895 CEST | 3778 | 39330 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.017273903 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.022051096 CEST | 3778 | 39330 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.616307974 CEST | 3778 | 39330 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.616372108 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.616372108 CEST | 39330 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.617017984 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.621772051 CEST | 3778 | 39332 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.621870995 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.623051882 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.627763987 CEST | 3778 | 39332 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:56.627820015 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:56.632523060 CEST | 3778 | 39332 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.239523888 CEST | 3778 | 39332 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.239772081 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.239772081 CEST | 39332 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.241630077 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.246397018 CEST | 3778 | 39334 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.249399900 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.249990940 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.254769087 CEST | 3778 | 39334 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.261404991 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.266161919 CEST | 3778 | 39334 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.875552893 CEST | 3778 | 39334 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.875720024 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.875720024 CEST | 39334 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.876096964 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.880844116 CEST | 3778 | 39336 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.880918980 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.881527901 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.886298895 CEST | 3778 | 39336 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:57.886339903 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:57.891093016 CEST | 3778 | 39336 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:58.494172096 CEST | 3778 | 39336 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:58.494498014 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.494498014 CEST | 39336 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.494839907 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.499634981 CEST | 3778 | 39338 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:58.499680042 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.500193119 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.504949093 CEST | 3778 | 39338 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:58.504988909 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:58.509799004 CEST | 3778 | 39338 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.118700027 CEST | 3778 | 39338 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.118869066 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.118869066 CEST | 39338 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.119215965 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.123960018 CEST | 3778 | 39340 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.124036074 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.124651909 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.129393101 CEST | 3778 | 39340 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.129439116 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.134218931 CEST | 3778 | 39340 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.719997883 CEST | 3778 | 39340 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.720244884 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.720244884 CEST | 39340 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.720668077 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.725516081 CEST | 3778 | 39342 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.725564003 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.726089001 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.730839968 CEST | 3778 | 39342 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:50:59.730896950 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:50:59.735642910 CEST | 3778 | 39342 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.346983910 CEST | 3778 | 39342 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.347179890 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.347179890 CEST | 39342 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.347557068 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.352298021 CEST | 3778 | 39344 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.352344036 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.352941990 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.357675076 CEST | 3778 | 39344 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.357731104 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.362505913 CEST | 3778 | 39344 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.956201077 CEST | 3778 | 39344 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.956259012 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.956259012 CEST | 39344 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.956587076 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.961349964 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.961441040 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.962043047 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.966825008 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:00.966869116 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:00.971616030 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:02.800941944 CEST | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Sep 1, 2024 01:51:10.971721888 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:10.976671934 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:14.142086983 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:51:14.142322063 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:51:32.751643896 CEST | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
Sep 1, 2024 01:52:14.187390089 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:52:14.192251921 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:52:14.354574919 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:52:14.354691029 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:53:14.405050993 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:53:14.411792040 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:53:14.574048996 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:53:14.574246883 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:54:14.629295111 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Sep 1, 2024 01:54:14.634218931 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:54:14.796329975 CEST | 3778 | 39346 | 94.156.71.225 | 192.168.2.14 |
Sep 1, 2024 01:54:14.796384096 CEST | 39346 | 3778 | 192.168.2.14 | 94.156.71.225 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 1, 2024 01:53:36.844108105 CEST | 36170 | 53 | 192.168.2.14 | 1.1.1.1 |
Sep 1, 2024 01:53:36.844178915 CEST | 52004 | 53 | 192.168.2.14 | 1.1.1.1 |
Sep 1, 2024 01:53:36.851208925 CEST | 53 | 36170 | 1.1.1.1 | 192.168.2.14 |
Sep 1, 2024 01:53:36.851228952 CEST | 53 | 52004 | 1.1.1.1 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 1, 2024 01:53:36.844108105 CEST | 192.168.2.14 | 1.1.1.1 | 0x522a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 1, 2024 01:53:36.844178915 CEST | 192.168.2.14 | 1.1.1.1 | 0x6285 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 1, 2024 01:53:36.851208925 CEST | 1.1.1.1 | 192.168.2.14 | 0x522a | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Sep 1, 2024 01:53:36.851208925 CEST | 1.1.1.1 | 192.168.2.14 | 0x522a | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 23:50:50 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:50:50 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:50:50 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:50:55 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:00 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:06 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:11 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:17 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:22 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:27 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:32 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:37 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:42 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:47 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:53 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:51:58 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:03 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:08 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:13 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:18 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:23 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:28 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:33 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:38 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:43 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:48 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:53 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:52:58 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:03 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:08 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:13 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:18 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:23 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:28 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:33 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:38 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:43 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:48 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:53 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:53:58 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:54:03 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:54:08 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:54:13 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:54:18 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:54:23 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:50:50 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |
Start time (UTC): | 23:50:50 |
Start date (UTC): | 31/08/2024 |
Path: | /tmp/SecuriteInfo.com.Linux.Siggen.9999.9304.22091.elf |
Arguments: | - |
File size: | 36284 bytes |
MD5 hash: | 4de74a22ebb3b2008d93fdf898611bdb |