Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf
Overview
General Information
Sample name: | SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
Analysis ID: | 1528443 |
MD5: | 2fd315976500cd449d24be74e1fcb417 |
SHA1: | 972e0935bff64d887a1876bc087ece18232ad6a7 |
SHA256: | 2dd2b35de6fd2980eefe6c9591f5256164c7027dcd9cca6fc4e49d175cb761af |
Tags: | elf |
Infos: |
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Sample scans a subnet
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528443 |
Start date and time: | 2024-10-07 22:44:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
Detection: | MAL |
Classification: | mal60.spre.troj.spyw.evad.linELF@0/0@1/0 |
- VT rate limit hit for: SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf
Command: | /tmp/SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
PID: | 6252 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Firmware update in progress |
Standard Error: |
- system is lnxubuntu20
- SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf New Fork (PID: 6256, Parent: 6252)
- SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf New Fork (PID: 6258, Parent: 6256)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior |
Source: | Subnet 5.230.228.0/24: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 Network Service Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
iranistrash.libre | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.230.171.9 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.122.81 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
5.230.122.80 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.228.47 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
172.217.192.127 | unknown | United States | 15169 | GOOGLEUS | false | |
5.230.228.46 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.42 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.45 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
94.131.118.154 | unknown | Ukraine | 29632 | NASSIST-ASGI | false | |
5.230.228.44 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.62 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
194.156.98.15 | unknown | Russian Federation | 135330 | ADCDATACOM-AS-APADCDATACOMHK | false | |
5.230.118.247 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.230.122.81 | Get hash | malicious | Unknown | Browse | ||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
5.230.228.46 | Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Moobot, Okiru | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.039828463715291 |
TrID: |
|
File name: | SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
File size: | 66'448 bytes |
MD5: | 2fd315976500cd449d24be74e1fcb417 |
SHA1: | 972e0935bff64d887a1876bc087ece18232ad6a7 |
SHA256: | 2dd2b35de6fd2980eefe6c9591f5256164c7027dcd9cca6fc4e49d175cb761af |
SHA512: | 84506c4b17d9a1789be77c2484937824907f23cdcdc986460c6438da0d5fda7df7f091ff3fa44ecfd0e0b5fb4f5a194552082ef2d5e11061dfdfbdc4368fbe18 |
SSDEEP: | 768:OFLlqqhyaHJ/Ds2iJTG54j9YVyRyEyq8708MkOiZhly34tViCclJhpgAzsik7Wis:PcAj1yEyq84zniZM4tECepgAzQWi/Uh |
TLSH: | 68533985BD818A12C5E42376FB2E46CD3352A7E8E2EE32138D225F1577CAC2B0D77651 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(..........................................................%..........Q.td..................................-...L."...q=..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 66008 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xf5fc | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x176ac | 0xf6ac | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x176c0 | 0xf6c0 | 0x6e8 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.eh_frame | PROGBITS | 0x17da8 | 0xfda8 | 0x4 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x18000 | 0x10000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x18008 | 0x10008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x18014 | 0x10014 | 0x17c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x18190 | 0x10190 | 0x2418 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x10190 | 0x48 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xfdac | 0xfdac | 6.0968 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .eh_frame | |
LOAD | 0x10000 | 0x18000 | 0x18000 | 0x190 | 0x25a8 | 1.2198 | 0x6 | RW | 0x8000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:44:55.751410007 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 7, 2024 22:45:00.135894060 CEST | 34444 | 18004 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:00.140707016 CEST | 18004 | 34444 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:00.140789032 CEST | 34444 | 18004 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:00.141418934 CEST | 34444 | 18004 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:00.146282911 CEST | 18004 | 34444 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:01.125776052 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 7, 2024 22:45:01.823589087 CEST | 18004 | 34444 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:01.824073076 CEST | 34444 | 18004 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:01.828994989 CEST | 18004 | 34444 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:02.661515951 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 7, 2024 22:45:03.825911045 CEST | 38848 | 4444 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:45:03.830760002 CEST | 4444 | 38848 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:45:03.830831051 CEST | 38848 | 4444 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:45:03.830861092 CEST | 38848 | 4444 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:45:03.835778952 CEST | 4444 | 38848 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:45:10.982197046 CEST | 4444 | 38848 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:45:10.982528925 CEST | 38848 | 4444 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:45:10.988123894 CEST | 4444 | 38848 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:45:12.986936092 CEST | 48614 | 25565 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:12.991830111 CEST | 25565 | 48614 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:12.991976023 CEST | 48614 | 25565 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:12.992482901 CEST | 48614 | 25565 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:12.997370005 CEST | 25565 | 48614 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:14.687565088 CEST | 25565 | 48614 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:14.687906981 CEST | 48614 | 25565 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:14.687906981 CEST | 48614 | 25565 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:45:14.692862034 CEST | 25565 | 48614 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:45:16.484599113 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 7, 2024 22:45:17.689490080 CEST | 40710 | 10554 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:45:17.702804089 CEST | 10554 | 40710 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:45:17.702886105 CEST | 40710 | 10554 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:45:17.702903986 CEST | 40710 | 10554 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:45:17.710448980 CEST | 10554 | 40710 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:45:19.330749035 CEST | 10554 | 40710 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:45:19.331302881 CEST | 40710 | 10554 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:45:19.331468105 CEST | 40710 | 10554 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:45:19.336276054 CEST | 10554 | 40710 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:45:20.333847046 CEST | 33986 | 9001 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:20.339063883 CEST | 9001 | 33986 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:20.339170933 CEST | 33986 | 9001 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:20.339240074 CEST | 33986 | 9001 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:20.344799042 CEST | 9001 | 33986 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:22.016911983 CEST | 9001 | 33986 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:22.017239094 CEST | 33986 | 9001 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:22.022012949 CEST | 9001 | 33986 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:23.021883965 CEST | 34608 | 10001 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:45:24.023735046 CEST | 10001 | 34608 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:45:24.025054932 CEST | 34608 | 10001 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:45:24.025054932 CEST | 34608 | 10001 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:45:24.029880047 CEST | 10001 | 34608 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:45:25.885354996 CEST | 10001 | 34608 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:45:25.885901928 CEST | 34608 | 10001 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:45:25.891407967 CEST | 10001 | 34608 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:45:26.722381115 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 7, 2024 22:45:27.888297081 CEST | 44358 | 27014 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:45:27.893383026 CEST | 27014 | 44358 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:45:27.893496037 CEST | 44358 | 27014 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:45:27.893548012 CEST | 44358 | 27014 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:45:27.898399115 CEST | 27014 | 44358 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:45:29.774811983 CEST | 27014 | 44358 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:45:29.777627945 CEST | 44358 | 27014 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:45:29.782432079 CEST | 27014 | 44358 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:45:30.777859926 CEST | 58774 | 1935 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:30.782701015 CEST | 1935 | 58774 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:30.782774925 CEST | 58774 | 1935 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:30.782851934 CEST | 58774 | 1935 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:30.788100958 CEST | 1935 | 58774 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:32.447592020 CEST | 1935 | 58774 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:32.448528051 CEST | 58774 | 1935 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:45:32.454134941 CEST | 1935 | 58774 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:45:32.865518093 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 7, 2024 22:45:33.450839043 CEST | 57044 | 3389 | 192.168.2.23 | 5.230.228.42 |
Oct 7, 2024 22:45:33.967318058 CEST | 3389 | 57044 | 5.230.228.42 | 192.168.2.23 |
Oct 7, 2024 22:45:33.967606068 CEST | 57044 | 3389 | 192.168.2.23 | 5.230.228.42 |
Oct 7, 2024 22:45:33.967881918 CEST | 57044 | 3389 | 192.168.2.23 | 5.230.228.42 |
Oct 7, 2024 22:45:33.972877026 CEST | 3389 | 57044 | 5.230.228.42 | 192.168.2.23 |
Oct 7, 2024 22:45:43.976771116 CEST | 57044 | 3389 | 192.168.2.23 | 5.230.228.42 |
Oct 7, 2024 22:45:43.982096910 CEST | 3389 | 57044 | 5.230.228.42 | 192.168.2.23 |
Oct 7, 2024 22:45:43.982194901 CEST | 57044 | 3389 | 192.168.2.23 | 5.230.228.42 |
Oct 7, 2024 22:45:45.978941917 CEST | 49104 | 9000 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:45:45.984325886 CEST | 9000 | 49104 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:45:45.984425068 CEST | 49104 | 9000 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:45:45.984491110 CEST | 49104 | 9000 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:45:45.990021944 CEST | 9000 | 49104 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:45:55.993449926 CEST | 49104 | 9000 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:45:55.999644041 CEST | 9000 | 49104 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:45:55.999753952 CEST | 49104 | 9000 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:45:57.438174009 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 7, 2024 22:45:57.995301008 CEST | 57606 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:45:58.000133991 CEST | 2222 | 57606 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:45:58.000238895 CEST | 57606 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:45:58.000305891 CEST | 57606 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:45:58.005076885 CEST | 2222 | 57606 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:46:00.158761978 CEST | 2222 | 57606 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:46:00.159174919 CEST | 57606 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:46:00.164047956 CEST | 2222 | 57606 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:46:01.161129951 CEST | 59962 | 7777 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:46:01.168206930 CEST | 7777 | 59962 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:46:01.168293953 CEST | 59962 | 7777 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:46:01.168368101 CEST | 59962 | 7777 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:46:01.176562071 CEST | 7777 | 59962 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:46:03.186500072 CEST | 7777 | 59962 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:46:03.186820984 CEST | 59962 | 7777 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:46:03.192322016 CEST | 7777 | 59962 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:46:04.188699961 CEST | 60680 | 19153 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:46:04.194001913 CEST | 19153 | 60680 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:46:04.194140911 CEST | 60680 | 19153 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:46:04.194191933 CEST | 60680 | 19153 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:46:04.199106932 CEST | 19153 | 60680 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:46:06.081613064 CEST | 19153 | 60680 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:46:06.082240105 CEST | 60680 | 19153 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:46:06.087769985 CEST | 19153 | 60680 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:46:09.083658934 CEST | 34640 | 9000 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:46:09.089649916 CEST | 9000 | 34640 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:46:09.089768887 CEST | 34640 | 9000 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:46:09.089768887 CEST | 34640 | 9000 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:46:09.095307112 CEST | 9000 | 34640 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:46:16.154990911 CEST | 9000 | 34640 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:46:16.155316114 CEST | 34640 | 9000 | 192.168.2.23 | 5.230.228.47 |
Oct 7, 2024 22:46:16.163081884 CEST | 9000 | 34640 | 5.230.228.47 | 192.168.2.23 |
Oct 7, 2024 22:46:17.915419102 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 7, 2024 22:46:19.157082081 CEST | 33684 | 3074 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:19.162334919 CEST | 3074 | 33684 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:19.162451029 CEST | 33684 | 3074 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:19.162532091 CEST | 33684 | 3074 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:19.167360067 CEST | 3074 | 33684 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:29.169909000 CEST | 33684 | 3074 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:29.175169945 CEST | 3074 | 33684 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:29.175257921 CEST | 33684 | 3074 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:32.172135115 CEST | 59188 | 18004 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:46:32.178452015 CEST | 18004 | 59188 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:46:32.178549051 CEST | 59188 | 18004 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:46:32.178786993 CEST | 59188 | 18004 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:46:32.183959961 CEST | 18004 | 59188 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:46:34.464833021 CEST | 18004 | 59188 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:46:34.465293884 CEST | 59188 | 18004 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:46:34.470410109 CEST | 18004 | 59188 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:46:35.466681957 CEST | 47414 | 2222 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:35.471962929 CEST | 2222 | 47414 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:35.472079039 CEST | 47414 | 2222 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:35.472110987 CEST | 47414 | 2222 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:35.476984024 CEST | 2222 | 47414 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:45.480879068 CEST | 47414 | 2222 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:45.488933086 CEST | 2222 | 47414 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:45.489017010 CEST | 47414 | 2222 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:46.482332945 CEST | 60860 | 10554 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:46.487504959 CEST | 10554 | 60860 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:46.487584114 CEST | 60860 | 10554 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:46.487613916 CEST | 60860 | 10554 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:46.493980885 CEST | 10554 | 60860 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:56.489384890 CEST | 60860 | 10554 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:56.496469021 CEST | 10554 | 60860 | 5.230.228.45 | 192.168.2.23 |
Oct 7, 2024 22:46:56.496567965 CEST | 60860 | 10554 | 192.168.2.23 | 5.230.228.45 |
Oct 7, 2024 22:46:58.491528988 CEST | 44500 | 2222 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:46:58.496951103 CEST | 2222 | 44500 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:46:58.497045994 CEST | 44500 | 2222 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:46:58.497129917 CEST | 44500 | 2222 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:46:58.502132893 CEST | 2222 | 44500 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:47:00.170639992 CEST | 2222 | 44500 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:47:00.171001911 CEST | 44500 | 2222 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:47:00.176037073 CEST | 2222 | 44500 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:47:02.173295021 CEST | 51024 | 25565 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:47:02.178885937 CEST | 25565 | 51024 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:47:02.179045916 CEST | 51024 | 25565 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:47:02.179225922 CEST | 51024 | 25565 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:47:02.184465885 CEST | 25565 | 51024 | 5.230.228.44 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:44:59.546540022 CEST | 21124 | 3478 | 192.168.2.23 | 172.217.192.127 |
Oct 7, 2024 22:45:00.093246937 CEST | 3478 | 21124 | 172.217.192.127 | 192.168.2.23 |
Oct 7, 2024 22:45:00.123281956 CEST | 41037 | 53 | 192.168.2.23 | 194.36.144.87 |
Oct 7, 2024 22:45:00.133337975 CEST | 53 | 41037 | 194.36.144.87 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:00.123281956 CEST | 192.168.2.23 | 194.36.144.87 | 0x37f3 | Standard query (0) | 16 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:00.133337975 CEST | 194.36.144.87 | 192.168.2.23 | 0x37f3 | No error (0) | TXT (Text strings) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:44:54 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
Arguments: | /tmp/SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 20:44:58 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 20:44:59 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-COW.15022.10577.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |