Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1527368 |
Start date and time: | 2024-10-06 23:00:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal52.evad.linELF@0/0@2/0 |
- VT rate limit hit for: na.elf
Command: | /tmp/na.elf |
PID: | 5637 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | 2024/10/06 16:01:51 Forking 2024/10/06 16:01:51 Connecting to 152.136.107.163:3232 2024/10/06 16:01:54 Successfully connnected 152.136.107.163:3232 2024/10/06 16:01:55 [client] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: jump 2024/10/06 16:01:57 [152.136.107.163:3232] INFO jumphost.go:52 func1() : New SSH connection, version SSH-2.0-paramiko_3.0.0 2024/10/06 16:01:58 [152.136.107.163:3232] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: session 2024/10/06 16:01:59 [152.136.107.163:3232] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: session 2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:57 Session() : Session got request: "exec" 2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:109 Session() : Session disconnected 2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:157 Session() : Session disconnected 2024/10/06 16:02:00 [client] ERROR jumphost.go:97 func1() : Channel call back error: connection terminated |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Program segment: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Stderr: 2024/10/06 16:01:51 Forking2024/10/06 16:01:51 Connecting to 152.136.107.163:32322024/10/06 16:01:54 Successfully connnected 152.136.107.163:32322024/10/06 16:01:55 [client] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: jump2024/10/06 16:01:57 [152.136.107.163:3232] INFO jumphost.go:52 func1() : New SSH connection, version SSH-2.0-paramiko_3.0.02024/10/06 16:01:58 [152.136.107.163:3232] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: session2024/10/06 16:01:59 [152.136.107.163:3232] INFO global.go:118 RegisterChannelCallbacks() : Handling channel: session2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:57 Session() : Session got request: "exec"2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:109 Session() : Session disconnected2024/10/06 16:02:00 [152.136.107.163:3232] INFO session.go:157 Session() : Session disconnected2024/10/06 16:02:00 [client] ERROR jumphost.go:97 func1() : Channel call back error: connection terminated: |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Linux.Hacktool.RevhellMarte |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
152.136.107.163 | unknown | China | 45090 | CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | false |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | Get hash | malicious | RunningRAT | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Metasploit, Meterpreter | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | CobaltStrike, Metasploit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.882845039462739 |
TrID: |
|
File name: | na.elf |
File size: | 3'282'304 bytes |
MD5: | c669c8487b5586dc6580ea8e2bd29719 |
SHA1: | 264a4998ce2926b15e6974032be216b01168f60e |
SHA256: | 73fc8f69d01fb8c5e37f19df9aa8e84d5724dde24cc124004167f450873d40f2 |
SHA512: | fa49ccd21aec928edf20887ff4b88592cd8d281d7926e1c1d9fe539f725a3101a9add3d058fe0656475c0a00b8f0951c38f73f9bef1a2c859cd07884fced19f0 |
SSDEEP: | 98304:JkktXm1YJc9muZcKTc9HNu510CCtCE4sdh7:JM1YJaZcBzCYCoh7 |
TLSH: | 7FE533A78812497C141A727937D6F55A31DF7AF24A84CCB2115F4F878A7F2EEDA31820 |
File Content Preview: | .ELF..............>.......r.....@...................@.8...@.......................@.......@.......2.......2.............................. r...... r.............P.Q.............Q.td.....................................................?..UPX!.........0...0. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 64 |
Program Header Offset: | 64 |
Program Header Size: | 56 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 64 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x321500 | 0x321500 | 7.8829 | 0x5 | R E | 0x1000 | ||
LOAD | 0x0 | 0x722000 | 0x722000 | 0x0 | 0x510350 | 0.0000 | 0x6 | RW | 0x1000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 6, 2024 23:01:53.116647005 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:53.121831894 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:53.122255087 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:53.124332905 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:53.139101028 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.016747952 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.017072916 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.113425016 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.118880033 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.148802996 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.148981094 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.156619072 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.202420950 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.674113035 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.674484015 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.678570986 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.682116985 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:54.683562040 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.686992884 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.774285078 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:54.774615049 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:55.237757921 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:55.238112926 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:55.242588043 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:55.248034954 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:55.550688028 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:55.558151007 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:55.563668013 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:55.866085052 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:55.872595072 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:55.878247023 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.180910110 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.223903894 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.329221964 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.329444885 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.336194038 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.341608047 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.419466972 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.419557095 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.428601027 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.432163954 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:56.433849096 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.437654972 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.898201942 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:56.898425102 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.033907890 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.034141064 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.034607887 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.034813881 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.040999889 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.046456099 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.047059059 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.051342010 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.605818987 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.648161888 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.736505032 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.736778021 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.744672060 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.749557018 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.750014067 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.753019094 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.754807949 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.755748034 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:57.757930040 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:57.760555029 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:58.305756092 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:58.306001902 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:58.440632105 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:58.440970898 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:58.445003033 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:58.448657990 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:58.450867891 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:58.454210043 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.005919933 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.006429911 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.138648987 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.139115095 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.144598007 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.149614096 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.149933100 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.154850960 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.709817886 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.751796961 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.840882063 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.841386080 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.848323107 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.853472948 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:01:59.857778072 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:01:59.862946987 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:00.409759045 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:00.409975052 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:00.540785074 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:00.541234970 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:00.547470093 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:00.552968025 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:00.555638075 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:00.561209917 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.110101938 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.110547066 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.244906902 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.245362043 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.251466990 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.256493092 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.260552883 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.265502930 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.320285082 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.325295925 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.325912952 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.330863953 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.643724918 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.647738934 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.652697086 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.817625999 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.859834909 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.948621035 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:01.948863983 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.956428051 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:01.961334944 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:07.029412031 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:07.030061007 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:07.037178993 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:07.042265892 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:12.347491026 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:12.348089933 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:12.354918003 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:12.360407114 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:17.663039923 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:17.668055058 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:17.673257113 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:22.980129957 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:22.986711025 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:22.992003918 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:28.294605970 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:28.298914909 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:28.303735018 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:33.607338905 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:33.613348961 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:33.618623018 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:38.921207905 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:38.929033995 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:38.934453964 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:44.237771034 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:44.245521069 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:44.454071999 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:44.479521990 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:44.479589939 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:44.479624987 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:44.479744911 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:49.781959057 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:49.782180071 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:49.787018061 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:49.792071104 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:55.096049070 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:02:55.096473932 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:55.104604959 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:02:55.110258102 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:00.413166046 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:00.413322926 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:00.418343067 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:00.423338890 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:05.727226973 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:05.733061075 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:05.738636971 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:11.041060925 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:11.046678066 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:11.052633047 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:16.355571985 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:16.361712933 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:16.366611958 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:21.676371098 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:21.686219931 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:21.692436934 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:26.993835926 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:27.001729012 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:27.007124901 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:32.309886932 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:32.316708088 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:32.321577072 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:37.629667044 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:37.635545969 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:37.640486956 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:42.943622112 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:42.951263905 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:42.956182003 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:48.259659052 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:48.266697884 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:48.271768093 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:53.581967115 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:53.589771986 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:53.594737053 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:58.897886038 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:03:58.904741049 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:03:58.909919977 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:04.212934017 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:04.219681025 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:04.224912882 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:09.534940004 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:09.544469118 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:09.549504995 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:14.852775097 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:14.859675884 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:14.864965916 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:20.169061899 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:20.176700115 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:20.184317112 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:25.486939907 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:25.495956898 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:25.501135111 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:30.804155111 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:30.812778950 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:30.818391085 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:36.121670008 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:36.144273043 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:36.149709940 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:36.585402966 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:36.590694904 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:36.590919018 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:36.590919018 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:36.590919018 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:36.595959902 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:36.595990896 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:37.034034014 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:37.034337044 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:39.034188032 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:39.034454107 CEST | 45162 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 6, 2024 23:04:39.040481091 CEST | 53 | 45162 | 8.8.8.8 | 192.168.2.14 |
Oct 6, 2024 23:04:41.452438116 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:41.457245111 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:41.462297916 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:46.766356945 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:46.772836924 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:46.778027058 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:52.166044950 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:52.175704002 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:52.180767059 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:57.883575916 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:57.883654118 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:04:57.883761883 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:57.892124891 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:04:57.898271084 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:03.241844893 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:03.242257118 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:03.249671936 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:03.255229950 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:08.557706118 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:08.558305025 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:08.566404104 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:08.572004080 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:13.874814987 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:13.884633064 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:13.889993906 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:19.193042040 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:19.202816010 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:19.208077908 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:24.511090994 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Oct 6, 2024 23:05:24.520797014 CEST | 38832 | 3232 | 192.168.2.14 | 152.136.107.163 |
Oct 6, 2024 23:05:24.526833057 CEST | 3232 | 38832 | 152.136.107.163 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 6, 2024 23:04:36.590919018 CEST | 192.168.2.14 | 8.8.8.8 | 0x2a5c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 6, 2024 23:04:36.590919018 CEST | 192.168.2.14 | 8.8.8.8 | 0xbd84 | Standard query (0) | 28 | IN (0x0001) | false |
System Behavior
Start time (UTC): | 21:01:51 |
Start date (UTC): | 06/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 3282304 bytes |
MD5 hash: | c669c8487b5586dc6580ea8e2bd29719 |
Start time (UTC): | 21:01:51 |
Start date (UTC): | 06/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 3282304 bytes |
MD5 hash: | c669c8487b5586dc6580ea8e2bd29719 |
Start time (UTC): | 21:01:51 |
Start date (UTC): | 06/10/2024 |
Path: | /proc/self/exe |
Arguments: | /proc/self/exe |
File size: | 3282304 bytes |
MD5 hash: | c669c8487b5586dc6580ea8e2bd29719 |
Start time (UTC): | 21:02:00 |
Start date (UTC): | 06/10/2024 |
Path: | /proc/self/exe |
Arguments: | - |
File size: | 3282304 bytes |
MD5 hash: | c669c8487b5586dc6580ea8e2bd29719 |
Start time (UTC): | 21:02:00 |
Start date (UTC): | 06/10/2024 |
Path: | /usr/bin/whoami |
Arguments: | whoami |
File size: | 39256 bytes |
MD5 hash: | dbc1888ae50bb5d4d9a7a210d51be710 |