Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1527234
MD5:	1b0e1d2bf03f0593cbb08b390c80e809
SHA1:	ad168a1383186aef1e21615d81d1b40b628b1b64
SHA256:	ca0952bad4ffd4d54211f312c879c063ce0be249a0926d865db38305aeabfe96
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Mirai

Score:	80
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Machine Learning detection for sample

Sample deletes itself

Detected TCP or UDP traffic on non-standard ports

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527234
Start date and time:	2024-10-06 22:08:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal80.troj.evad.linELF@0/0@39/0

Warnings

VT rate limit hit for: na.elf

Runtime Messages

Command:	/tmp/na.elf
PID:	5465
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 5465, Parent: 5388, MD5: 1b0e1d2bf03f0593cbb08b390c80e809) Arguments: /tmp/na.elf

na.elf New Fork (PID: 5466, Parent: 5465)

na.elf New Fork (PID: 5467, Parent: 5466)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
na.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
na.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x16360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1639c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1643c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1648c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
na.elf	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xcd28:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
na.elf	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xd61f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
na.elf	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9f96:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0xf564:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
na.elf	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x103be:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
na.elf	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x15526:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
na.elf	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xd1df:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
na.elf	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x136c6:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
na.elf	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xd4aa:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
na.elf	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x138bf:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
na.elf	Linux_Trojan_Mirai_1e0c5ce0	unknown	unknown	0x1d88:$a: 4C 24 54 31 F6 41 B8 04 00 00 00 BA 03 00 00 00 C7 44 24 54 01 00
na.elf	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x500f:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
na.elf	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x4152:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Click to see the 9 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5465.1.0000000000400000.0000000000419000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x16360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16388:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1639c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1643c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1648c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x164f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_9e9530a7	unknown	unknown	0xcd28:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_807911a2	unknown	unknown	0xd61f:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_d4227dbf	unknown	unknown	0x9f96:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00 0xf564:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_d996d335	unknown	unknown	0x103be:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_d0c57a2e	unknown	unknown	0x15526:$a: 07 0F B6 57 01 C1 E0 08 09 D0 89 06 0F BE 47 02 C1 E8 1F 89
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_620087b9	unknown	unknown	0xd1df:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_0cd591cd	unknown	unknown	0x136c6:$a: 4E F8 48 8D 4E D8 49 8D 42 E0 48 83 C7 03 EB 6B 4C 8B 46 F8 48 8D
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_33b4111a	unknown	unknown	0xd4aa:$a: C1 83 E1 0F 74 1A B8 10 00 00 00 48 29 C8 48 8D 0C 02 48 89 DA 48
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Gafgyt_a33a8363	unknown	unknown	0x138bf:$a: 41 88 02 48 85 D2 75 ED 5A 5B 5D 41 5C 41 5D 4C 89 F0 41 5E
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Mirai_1e0c5ce0	unknown	unknown	0x1d88:$a: 4C 24 54 31 F6 41 B8 04 00 00 00 BA 03 00 00 00 C7 44 24 54 01 00
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Mirai_6a77af0f	unknown	unknown	0x500f:$a: 31 D1 89 0F 48 83 C7 04 85 F6 7E 3B 44 89 C8 45 89 D1 45 89 C2 41
5465.1.0000000000400000.0000000000419000.r-x.sdmp	Linux_Trojan_Mirai_e0cf29e2	unknown	unknown	0x4152:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C2 83 FE 01
Process Memory Space: na.elf PID: 5465	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: na.elf PID: 5465	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x793:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x80b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x833:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x847:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x85b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x86f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x883:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x897:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ab:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8bf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x90f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x923:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 11 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 57%

Machine Learning detection for sample

Source: na.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.13:49406 -> 5.59.249.232:1995

Source: global traffic

TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26

Source: global traffic

DNS traffic detected: DNS query: net.igxhost.ru

Source: unknown

Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: Process Memory Space: na.elf PID: 5465, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/x38/xFJ/x93/xID/x9A/pro

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/na.elf (PID: 5467)

SIGKILL sent: pid: 2, result: successful

Jump to behavior

Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: na.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
Source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: Process Memory Space: na.elf PID: 5465, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal80.troj.evad.linELF@0/0@39/0

Hooking and other Techniques for Hiding and Protection

Sample deletes itself

Source: /tmp/na.elf (PID: 5465)

File: /tmp/na.elf

Jump to behavior

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: na.elf, type: SAMPLE
Source: Yara match	File source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: na.elf PID: 5465, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: na.elf, type: SAMPLE
Source: Yara match	File source: 5465.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: na.elf PID: 5465, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 File Deletion	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
na.elf	58%	ReversingLabs	Linux.Backdoor.Mirai
na.elf	100%	Avira	EXP/ELF.Mirai.Z.A
na.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
net.igxhost.ru	5.59.249.232	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false
5.59.249.232	net.igxhost.ru	Czech Republic		50923	METRO-SET-ASMetrosetAutonomousSystemRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
185.125.190.26	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai, Moobot	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai, Moobot	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Mirai	Browse
	cayo.arm7.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai, Moobot	Browse	91.189.91.42
METRO-SET-ASMetrosetAutonomousSystemRU	c.mips.elf	Get hash	malicious	Unknown	Browse	5.59.248.92
	hidakibest.arm4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.arm5.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	5.59.248.206
	hidakibest.x86.elf	Get hash	malicious	Mirai, Gafgyt	Browse	5.59.248.206
	aHvzby2qN7.elf	Get hash	malicious	Mirai	Browse	5.59.248.52

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.202440339486156
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	138'552 bytes
MD5:	1b0e1d2bf03f0593cbb08b390c80e809
SHA1:	ad168a1383186aef1e21615d81d1b40b628b1b64
SHA256:	ca0952bad4ffd4d54211f312c879c063ce0be249a0926d865db38305aeabfe96
SHA512:	2f30340abb7d3fee7d38698e46edabf978972239bd95e92116d014d06feea89c8e151b48fa1860864779f26eb46080722d6bd4d4f1693e9cd861a5d92fc5b722
SSDEEP:	3072:gfJBhdnBRTHcLCzsyvSVv2mW+BsgQyeWvtdHkWm6:gfJBhdnnTHcLT9GWJm
TLSH:	5DD34A1BB5C180FDC4DAC1B84BDAF53ADD32B1AD1238B15B27D4AA222E4DE315F1DA50
File Content Preview:	.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................Q.......Q.............................Q.td....................................................H...._....*]..H........

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400194
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	137912
Section Header Size:	64
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x4000e8	0xe8	0x13	0x0	0x6	AX	1
.text	PROGBITS	0x400100	0x100	0x15d56	0x0	0x6	AX	16
.fini	PROGBITS	0x415e56	0x15e56	0xe	0x0	0x6	AX	1
.rodata	PROGBITS	0x415e80	0x15e80	0x2d40	0x0	0x2	A	32
.ctors	PROGBITS	0x518bc8	0x18bc8	0x18	0x0	0x3	WA	8
.dtors	PROGBITS	0x518be0	0x18be0	0x10	0x0	0x3	WA	8
.data	PROGBITS	0x518c00	0x18c00	0x8e78	0x0	0x3	WA	32
.bss	NOBITS	0x521a80	0x21a78	0x8200	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x21a78	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x18bc0	0x18bc0	6.3822	0x5	R E	0x100000	.init .text .fini .rodata
LOAD	0x18bc8	0x518bc8	0x518bc8	0x8eb0	0x110b8	0.2335	0x6	RW	0x100000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 22:09:38.371193886 CEST	49406	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:38.376074076 CEST	1995	49406	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:38.376132011 CEST	49406	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:38.377057076 CEST	49406	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:38.381856918 CEST	1995	49406	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:38.381900072 CEST	49406	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:38.386713028 CEST	1995	49406	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:40.141983032 CEST	1995	49406	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:40.142086983 CEST	49406	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:40.147301912 CEST	1995	49406	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:41.187748909 CEST	49408	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:41.192624092 CEST	1995	49408	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:41.192677021 CEST	49408	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:41.194463015 CEST	49408	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:41.199357986 CEST	1995	49408	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:41.199400902 CEST	49408	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:41.204379082 CEST	1995	49408	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:42.955596924 CEST	1995	49408	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:42.955926895 CEST	49408	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:42.961519957 CEST	1995	49408	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:43.965662956 CEST	49410	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:43.970586061 CEST	1995	49410	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:43.970686913 CEST	49410	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:43.972197056 CEST	49410	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:43.977102995 CEST	1995	49410	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:43.977169991 CEST	49410	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:43.981961012 CEST	1995	49410	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:45.784327984 CEST	1995	49410	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:45.784626961 CEST	49410	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:45.789731026 CEST	1995	49410	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:46.797396898 CEST	49412	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:46.802551031 CEST	1995	49412	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:46.802606106 CEST	49412	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:46.803248882 CEST	49412	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:46.807985067 CEST	1995	49412	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:46.808029890 CEST	49412	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:46.812877893 CEST	1995	49412	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:48.485088110 CEST	1995	49412	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:48.485228062 CEST	49412	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:48.490251064 CEST	1995	49412	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:49.122787952 CEST	48202	443	192.168.2.13	185.125.190.26
Oct 6, 2024 22:09:49.499286890 CEST	49414	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:49.504120111 CEST	1995	49414	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:49.504194021 CEST	49414	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:49.505153894 CEST	49414	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:49.509960890 CEST	1995	49414	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:49.510011911 CEST	49414	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:49.514873981 CEST	1995	49414	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:51.223680973 CEST	1995	49414	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:51.223824024 CEST	49414	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:51.228713989 CEST	1995	49414	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:52.232971907 CEST	49416	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:52.237888098 CEST	1995	49416	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:52.237952948 CEST	49416	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:52.238497019 CEST	49416	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:52.243532896 CEST	1995	49416	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:52.244618893 CEST	49416	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:52.249425888 CEST	1995	49416	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:53.977335930 CEST	1995	49416	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:53.977672100 CEST	49416	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:53.982609987 CEST	1995	49416	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:54.997082949 CEST	49418	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:55.002341032 CEST	1995	49418	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:55.002408981 CEST	49418	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:55.003532887 CEST	49418	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:55.008342981 CEST	1995	49418	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:55.008400917 CEST	49418	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:55.013175964 CEST	1995	49418	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:56.739718914 CEST	1995	49418	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:56.739962101 CEST	49418	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:56.744818926 CEST	1995	49418	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:57.749505043 CEST	49420	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:57.754508972 CEST	1995	49420	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:57.754591942 CEST	49420	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:57.755301952 CEST	49420	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:57.760229111 CEST	1995	49420	5.59.249.232	192.168.2.13
Oct 6, 2024 22:09:57.760318995 CEST	49420	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:09:57.765259027 CEST	1995	49420	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:01.924298048 CEST	1995	49420	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:01.924488068 CEST	49420	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:01.929258108 CEST	1995	49420	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:02.937685966 CEST	49422	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:02.942498922 CEST	1995	49422	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:02.942696095 CEST	49422	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:02.943902969 CEST	49422	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:02.948780060 CEST	1995	49422	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:02.948849916 CEST	49422	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:02.953732014 CEST	1995	49422	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:04.638881922 CEST	1995	49422	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:04.639209032 CEST	49422	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:04.644153118 CEST	1995	49422	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:05.648914099 CEST	49424	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:05.653686047 CEST	1995	49424	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:05.653749943 CEST	49424	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:05.655410051 CEST	49424	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:05.660223961 CEST	1995	49424	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:05.660280943 CEST	49424	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:05.665119886 CEST	1995	49424	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:07.378062010 CEST	1995	49424	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:07.378164053 CEST	49424	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:07.382973909 CEST	1995	49424	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:08.388310909 CEST	49426	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:08.393163919 CEST	1995	49426	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:08.393232107 CEST	49426	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:08.394036055 CEST	49426	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:08.398866892 CEST	1995	49426	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:08.398920059 CEST	49426	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:08.403803110 CEST	1995	49426	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:10.150229931 CEST	1995	49426	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:10.150403023 CEST	49426	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:10.155261993 CEST	1995	49426	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:11.160469055 CEST	49428	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:11.165283918 CEST	1995	49428	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:11.165350914 CEST	49428	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:11.166096926 CEST	49428	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:11.170860052 CEST	1995	49428	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:11.170928001 CEST	49428	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:11.175792933 CEST	1995	49428	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:12.893942118 CEST	1995	49428	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:12.894161940 CEST	49428	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:12.898948908 CEST	1995	49428	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:13.904391050 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:13.909303904 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:13.909389019 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:13.910118103 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:13.914923906 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:13.914980888 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:13.919816971 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:19.842808008 CEST	48202	443	192.168.2.13	185.125.190.26
Oct 6, 2024 22:10:23.920387030 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:23.925451994 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:27.520725965 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:27.520939112 CEST	49430	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:27.525784969 CEST	1995	49430	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:28.531563044 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:28.536434889 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:28.536556005 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:28.537647963 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:28.542404890 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:28.542480946 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:28.750968933 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:28.761933088 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:28.761950016 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:30.217767000 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:30.218118906 CEST	49432	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:30.224293947 CEST	1995	49432	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:31.229091883 CEST	49434	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:31.234338999 CEST	1995	49434	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:31.234441996 CEST	49434	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:31.235374928 CEST	49434	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:31.240493059 CEST	1995	49434	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:31.240561008 CEST	49434	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:31.245755911 CEST	1995	49434	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:32.976198912 CEST	1995	49434	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:32.976658106 CEST	49434	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:32.981535912 CEST	1995	49434	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:33.992719889 CEST	49436	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:33.997704029 CEST	1995	49436	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:33.997823000 CEST	49436	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:33.999627113 CEST	49436	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:34.004399061 CEST	1995	49436	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:34.004461050 CEST	49436	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:34.009243011 CEST	1995	49436	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:35.724889040 CEST	1995	49436	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:35.725100040 CEST	49436	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:35.730007887 CEST	1995	49436	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:36.735718966 CEST	49438	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:36.740612030 CEST	1995	49438	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:36.740700006 CEST	49438	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:36.741570950 CEST	49438	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:36.746370077 CEST	1995	49438	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:36.746439934 CEST	49438	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:36.751435041 CEST	1995	49438	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:38.443934917 CEST	1995	49438	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:38.444107056 CEST	49438	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:38.449095964 CEST	1995	49438	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:39.455045938 CEST	49440	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:39.459923983 CEST	1995	49440	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:39.460004091 CEST	49440	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:39.461256027 CEST	49440	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:39.466269016 CEST	1995	49440	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:39.466341972 CEST	49440	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:39.471123934 CEST	1995	49440	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:41.194755077 CEST	1995	49440	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:41.194930077 CEST	49440	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:41.199856043 CEST	1995	49440	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:42.206228971 CEST	49442	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:42.211273909 CEST	1995	49442	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:42.211374998 CEST	49442	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:42.212135077 CEST	49442	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:42.217107058 CEST	1995	49442	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:42.217179060 CEST	49442	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:42.222479105 CEST	1995	49442	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:43.963856936 CEST	1995	49442	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:43.964210033 CEST	49442	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:43.969099045 CEST	1995	49442	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:44.975142956 CEST	49444	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:44.980000973 CEST	1995	49444	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:44.980082989 CEST	49444	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:44.981197119 CEST	49444	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:44.986090899 CEST	1995	49444	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:44.986150980 CEST	49444	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:44.991067886 CEST	1995	49444	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:46.710232973 CEST	1995	49444	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:46.710544109 CEST	49444	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:46.715424061 CEST	1995	49444	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:47.895963907 CEST	49446	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:47.900932074 CEST	1995	49446	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:47.901019096 CEST	49446	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:47.902201891 CEST	49446	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:47.907061100 CEST	1995	49446	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:47.907182932 CEST	49446	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:47.912018061 CEST	1995	49446	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:49.614336014 CEST	1995	49446	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:49.614794970 CEST	49446	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:49.619788885 CEST	1995	49446	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:50.627964020 CEST	49448	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:50.632858992 CEST	1995	49448	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:50.633004904 CEST	49448	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:50.634342909 CEST	49448	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:50.639147043 CEST	1995	49448	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:50.639254093 CEST	49448	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:50.644120932 CEST	1995	49448	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:52.351934910 CEST	1995	49448	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:52.352159977 CEST	49448	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:52.357116938 CEST	1995	49448	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:53.362564087 CEST	49450	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:53.368035078 CEST	1995	49450	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:53.368107080 CEST	49450	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:53.368949890 CEST	49450	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:53.373697996 CEST	1995	49450	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:53.373804092 CEST	49450	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:53.378681898 CEST	1995	49450	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:55.084492922 CEST	1995	49450	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:55.084729910 CEST	49450	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:55.089642048 CEST	1995	49450	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:56.095401049 CEST	49452	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:56.100215912 CEST	1995	49452	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:56.100337029 CEST	49452	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:56.101357937 CEST	49452	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:56.106199980 CEST	1995	49452	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:56.106307983 CEST	49452	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:56.111125946 CEST	1995	49452	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:57.845263958 CEST	1995	49452	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:57.845495939 CEST	49452	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:57.850361109 CEST	1995	49452	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:58.856230974 CEST	49454	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:58.861565113 CEST	1995	49454	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:58.861632109 CEST	49454	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:58.862680912 CEST	49454	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:58.867469072 CEST	1995	49454	5.59.249.232	192.168.2.13
Oct 6, 2024 22:10:58.867558002 CEST	49454	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:10:58.872482061 CEST	1995	49454	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:00.586643934 CEST	1995	49454	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:00.586987972 CEST	49454	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:00.591976881 CEST	1995	49454	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:01.600074053 CEST	49456	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:01.605038881 CEST	1995	49456	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:01.605120897 CEST	49456	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:01.606797934 CEST	49456	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:01.611737967 CEST	1995	49456	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:01.611805916 CEST	49456	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:01.616667032 CEST	1995	49456	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:03.435551882 CEST	1995	49456	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:03.435925961 CEST	49456	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:03.440747023 CEST	1995	49456	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:04.447230101 CEST	49458	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:04.452007055 CEST	1995	49458	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:04.452094078 CEST	49458	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:04.453244925 CEST	49458	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:04.457990885 CEST	1995	49458	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:04.458055973 CEST	49458	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:04.462877035 CEST	1995	49458	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:06.141119957 CEST	1995	49458	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:06.141545057 CEST	49458	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:06.146352053 CEST	1995	49458	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:07.159902096 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:07.164844036 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:07.164932013 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:07.165827990 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:07.170649052 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:07.170712948 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:07.175575018 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:08.926022053 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:08.926167965 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.122061014 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:09.122409105 CEST	49460	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.126508951 CEST	1995	49460	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:09.936968088 CEST	49462	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.941837072 CEST	1995	49462	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:09.941900015 CEST	49462	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.942462921 CEST	49462	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.947211027 CEST	1995	49462	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:09.947254896 CEST	49462	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:09.952068090 CEST	1995	49462	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:11.660957098 CEST	1995	49462	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:11.661407948 CEST	49462	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:11.666225910 CEST	1995	49462	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:12.673372984 CEST	49464	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:12.678580999 CEST	1995	49464	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:12.678704023 CEST	49464	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:12.679696083 CEST	49464	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:12.684597015 CEST	1995	49464	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:12.684668064 CEST	49464	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:12.689476013 CEST	1995	49464	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:14.447338104 CEST	1995	49464	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:14.447613955 CEST	49464	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:14.452554941 CEST	1995	49464	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:15.459884882 CEST	49466	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:15.464834929 CEST	1995	49466	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:15.464886904 CEST	49466	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:15.465843916 CEST	49466	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:15.470678091 CEST	1995	49466	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:15.470721006 CEST	49466	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:15.475537062 CEST	1995	49466	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:22.566400051 CEST	1995	49466	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:22.566620111 CEST	49466	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:22.571518898 CEST	1995	49466	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:23.577400923 CEST	49468	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:23.582294941 CEST	1995	49468	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:23.582370043 CEST	49468	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:23.583343983 CEST	49468	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:23.588223934 CEST	1995	49468	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:23.588288069 CEST	49468	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:23.593126059 CEST	1995	49468	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:25.265397072 CEST	1995	49468	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:25.265542984 CEST	49468	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:25.270472050 CEST	1995	49468	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:26.457564116 CEST	49470	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:26.462991953 CEST	1995	49470	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:26.463057995 CEST	49470	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:26.464421034 CEST	49470	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:26.469167948 CEST	1995	49470	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:26.469227076 CEST	49470	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:26.474073887 CEST	1995	49470	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:28.190047979 CEST	1995	49470	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:28.190500021 CEST	49470	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:28.195342064 CEST	1995	49470	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:29.201361895 CEST	49472	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:29.206581116 CEST	1995	49472	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:29.206635952 CEST	49472	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:29.207403898 CEST	49472	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:29.212152004 CEST	1995	49472	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:29.212203979 CEST	49472	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:29.217040062 CEST	1995	49472	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:30.927373886 CEST	1995	49472	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:30.927721024 CEST	49472	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:30.932625055 CEST	1995	49472	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:31.939335108 CEST	49474	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:31.944381952 CEST	1995	49474	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:31.944483042 CEST	49474	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:31.945657015 CEST	49474	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:31.950537920 CEST	1995	49474	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:31.950638056 CEST	49474	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:31.955545902 CEST	1995	49474	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:33.679214954 CEST	1995	49474	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:33.679609060 CEST	49474	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:33.684525967 CEST	1995	49474	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:34.692291021 CEST	49476	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:34.697242022 CEST	1995	49476	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:34.697335005 CEST	49476	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:34.699002028 CEST	49476	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:34.703876972 CEST	1995	49476	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:34.703962088 CEST	49476	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:34.711205006 CEST	1995	49476	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:36.414783001 CEST	1995	49476	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:36.415098906 CEST	49476	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:36.420049906 CEST	1995	49476	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:37.426647902 CEST	49478	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:37.431754112 CEST	1995	49478	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:37.431921959 CEST	49478	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:37.433247089 CEST	49478	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:37.438111067 CEST	1995	49478	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:37.438241959 CEST	49478	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:37.443090916 CEST	1995	49478	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:39.164176941 CEST	1995	49478	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:39.164618969 CEST	49478	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:39.169639111 CEST	1995	49478	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:40.176419020 CEST	49480	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:40.181906939 CEST	1995	49480	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:40.182037115 CEST	49480	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:40.183382034 CEST	49480	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:40.188785076 CEST	1995	49480	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:40.188873053 CEST	49480	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:40.193737984 CEST	1995	49480	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:41.933124065 CEST	1995	49480	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:41.933526039 CEST	49480	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:41.938477993 CEST	1995	49480	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:42.945652008 CEST	49482	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:42.950489998 CEST	1995	49482	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:42.950577974 CEST	49482	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:42.952141047 CEST	49482	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:42.957043886 CEST	1995	49482	5.59.249.232	192.168.2.13
Oct 6, 2024 22:11:42.957125902 CEST	49482	1995	192.168.2.13	5.59.249.232
Oct 6, 2024 22:11:42.961958885 CEST	1995	49482	5.59.249.232	192.168.2.13

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 22:09:38.360402107 CEST	38279	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:38.370762110 CEST	53	38279	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:41.175715923 CEST	35307	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:41.187001944 CEST	53	35307	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:43.958245993 CEST	48838	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:43.965132952 CEST	53	48838	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:46.786849976 CEST	46632	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:46.796998978 CEST	53	46632	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:49.487801075 CEST	55898	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:49.498610020 CEST	53	55898	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:52.225361109 CEST	52529	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:52.232527018 CEST	53	52529	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:54.980596066 CEST	36575	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:54.996314049 CEST	53	36575	8.8.8.8	192.168.2.13
Oct 6, 2024 22:09:57.742005110 CEST	52017	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:09:57.749001980 CEST	53	52017	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:02.927088022 CEST	47206	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:02.936974049 CEST	53	47206	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:05.641073942 CEST	50404	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:05.648036003 CEST	53	50404	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:08.380064011 CEST	34517	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:08.387876034 CEST	53	34517	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:11.152724981 CEST	56927	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:11.159836054 CEST	53	56927	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:13.896749973 CEST	34585	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:13.903717995 CEST	53	34585	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:28.524224997 CEST	50385	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:28.530868053 CEST	53	50385	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:31.220633984 CEST	37028	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:31.228269100 CEST	53	37028	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:33.980103016 CEST	39639	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:33.991739988 CEST	53	39639	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:36.727780104 CEST	40164	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:36.735121965 CEST	53	40164	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:39.447360039 CEST	48815	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:39.454317093 CEST	53	48815	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:42.198185921 CEST	46632	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:42.205600977 CEST	53	46632	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:44.967211962 CEST	33573	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:44.974422932 CEST	53	33573	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:47.713612080 CEST	34201	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:47.895107031 CEST	53	34201	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:50.619590998 CEST	52202	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:50.627274036 CEST	53	52202	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:53.355279922 CEST	34863	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:53.361999035 CEST	53	34863	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:56.087830067 CEST	40417	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:56.094717979 CEST	53	40417	8.8.8.8	192.168.2.13
Oct 6, 2024 22:10:58.848510027 CEST	34138	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:10:58.855632067 CEST	53	34138	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:01.591825962 CEST	34300	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:01.599216938 CEST	53	34300	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:04.439254045 CEST	57743	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:04.446610928 CEST	53	57743	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:07.151496887 CEST	36218	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:07.158289909 CEST	53	36218	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:09.928961992 CEST	38088	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:09.936636925 CEST	53	38088	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:12.664838076 CEST	43658	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:12.672718048 CEST	53	43658	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:15.451641083 CEST	38127	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:15.459114075 CEST	53	38127	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:23.569418907 CEST	40114	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:23.576715946 CEST	53	40114	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:26.268511057 CEST	57070	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:26.456413031 CEST	53	57070	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:29.193089962 CEST	36235	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:29.200699091 CEST	53	36235	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:31.931051016 CEST	36577	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:31.938533068 CEST	53	36577	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:34.683834076 CEST	54316	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:34.691499949 CEST	53	54316	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:37.418788910 CEST	33890	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:37.425869942 CEST	53	33890	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:40.168328047 CEST	59347	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:40.175748110 CEST	53	59347	8.8.8.8	192.168.2.13
Oct 6, 2024 22:11:42.937793016 CEST	48806	53	192.168.2.13	8.8.8.8
Oct 6, 2024 22:11:42.944783926 CEST	53	48806	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 6, 2024 22:09:38.360402107 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:41.175715923 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:43.958245993 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:46.786849976 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:49.487801075 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:52.225361109 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:54.980596066 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:57.742005110 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:02.927088022 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:05.641073942 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:08.380064011 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:11.152724981 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:13.896749973 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:28.524224997 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:31.220633984 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:33.980103016 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:36.727780104 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:39.447360039 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:42.198185921 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:44.967211962 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:47.713612080 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:50.619590998 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:53.355279922 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:56.087830067 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:58.848510027 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:01.591825962 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:04.439254045 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:07.151496887 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:09.928961992 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:12.664838076 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:15.451641083 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:23.569418907 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:26.268511057 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:29.193089962 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:31.931051016 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:34.683834076 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:37.418788910 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:40.168328047 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:42.937793016 CEST	192.168.2.13	8.8.8.8	0x0	Standard query (0)	net.igxhost.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 6, 2024 22:09:38.370762110 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:41.187001944 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:43.965132952 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:46.796998978 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:49.498610020 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:52.232527018 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:54.996314049 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:09:57.749001980 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:02.936974049 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:05.648036003 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:08.387876034 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:11.159836054 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:13.903717995 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:28.530868053 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:31.228269100 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:33.991739988 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:36.735121965 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:39.454317093 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:42.205600977 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:44.974422932 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:47.895107031 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:50.627274036 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:53.361999035 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:56.094717979 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:10:58.855632067 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:01.599216938 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:04.446610928 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:07.158289909 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:09.936636925 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:12.672718048 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:15.459114075 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:23.576715946 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:26.456413031 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:29.200699091 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:31.938533068 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:34.691499949 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:37.425869942 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:40.175748110 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false
Oct 6, 2024 22:11:42.944783926 CEST	8.8.8.8	192.168.2.13	0x0	No error (0)	net.igxhost.ru	5.59.249.232	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 5465, Parent PID: 5388

General

Start time (UTC):	20:09:37
Start date (UTC):	06/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	138552 bytes
MD5 hash:	1b0e1d2bf03f0593cbb08b390c80e809

Chronological Activities

Analysis Process: na.elf PID: 5466, Parent PID: 5465

General

Start time (UTC):	20:09:37
Start date (UTC):	06/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	138552 bytes
MD5 hash:	1b0e1d2bf03f0593cbb08b390c80e809

Chronological Activities

Analysis Process: na.elf PID: 5467, Parent PID: 5466

General

Start time (UTC):	20:09:37
Start date (UTC):	06/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	138552 bytes
MD5 hash:	1b0e1d2bf03f0593cbb08b390c80e809

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: na.elf PID: 5465, Parent PID: 5388

General

Chronological Activities

Analysis Process: na.elf PID: 5466, Parent PID: 5465

General

Chronological Activities

Analysis Process: na.elf PID: 5467, Parent PID: 5466

General

Chronological Activities

Linux Analysis Report
na.elf