Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Sample scans a subnet
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528445 |
Start date and time: | 2024-10-07 22:44:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
Detection: | MAL |
Classification: | mal68.spre.troj.spyw.evad.linELF@0/0@1/0 |
- VT rate limit hit for: SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf
Command: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
PID: | 5486 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Firmware update in progress |
Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 5473, Parent: 3638)
- dash New Fork (PID: 5474, Parent: 3638)
- SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf New Fork (PID: 5488, Parent: 5486)
- SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf New Fork (PID: 5492, Parent: 5488)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior |
Source: | Subnet 5.230.228.0/24: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 Network Service Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
iranistrash.libre | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.230.122.81 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.122.80 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.228.47 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
172.217.192.127 | unknown | United States | 15169 | GOOGLEUS | false | |
5.230.228.46 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.42 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.23 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.44 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.229.83 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.228.62 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
194.156.98.15 | unknown | Russian Federation | 135330 | ADCDATACOM-AS-APADCDATACOMHK | true | |
5.230.118.247 | unknown | Germany | 12586 | ASGHOSTNETDE | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.230.228.62 | Get hash | malicious | Unknown | Browse | ||
5.230.122.81 | Get hash | malicious | Unknown | Browse | ||
194.156.98.15 | Get hash | malicious | Unknown | Browse | ||
5.230.118.247 | Get hash | malicious | Unknown | Browse | ||
5.230.228.46 | Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.089061244850828 |
TrID: |
|
File name: | SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
File size: | 88'852 bytes |
MD5: | 380834dea512053f94df5b254b159b89 |
SHA1: | 2778b4c9c6744c4ee654f399948a852505044ba1 |
SHA256: | b3b9beb35f65fa3c37fd6136aae79a41e4dafce267530cf49ecda77e6094d50f |
SHA512: | 54f6d5fdb935db1542748256479ac4a37fca9fbb11d388a4532153d5361b738636c37f0f675bb739a0ae6cbf16cecf25c4d6f4c9cd8ab39c98486eb6b34c2e08 |
SSDEEP: | 1536:Cdn/bfbBrnx7R/bc0sSI9TUmg9AYJsoPdaFArWOYgD3zpf9l72iubhJR:sfBx7Zg1PIPByXArWOYgD35mbhL |
TLSH: | B8933949BD815B21D8E832BAFE1E118933535BACE3EE7112DD111F2477CA92B0E77942 |
File Content Preview: | .ELF..............(.........4....X......4. ...(........p.T...........................................U...U...............U...U...U..(....S...............U...U...U..................Q.td..................................-...L..................@-.,@...0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 5 |
Section Header Offset: | 88212 |
Section Header Size: | 40 |
Number of Section Headers: | 16 |
Header String Table Index: | 15 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80d4 | 0xd4 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80f0 | 0xf0 | 0x14c10 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x1cd00 | 0x14d00 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1cd10 | 0x14d10 | 0x790 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.extab | PROGBITS | 0x1d4a0 | 0x154a0 | 0x18 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x1d4b8 | 0x154b8 | 0x118 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x255d0 | 0x155d0 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x255d4 | 0x155d4 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x255d4 | 0x155d4 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x255d8 | 0x155d8 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x255e0 | 0x155e0 | 0xa8 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x25688 | 0x15688 | 0x170 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x257f8 | 0x157f8 | 0x51ac | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.ARM.attributes | ARM_ATTRIBUTES | 0x0 | 0x157f8 | 0x16 | 0x0 | 0x0 | 0 | 0 | 1 | |
.shstrtab | STRTAB | 0x0 | 0x1580e | 0x83 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x154b8 | 0x1d4b8 | 0x1d4b8 | 0x118 | 0x118 | 4.4451 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x155d0 | 0x155d0 | 6.1076 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.extab .ARM.exidx | |
LOAD | 0x155d0 | 0x255d0 | 0x255d0 | 0x228 | 0x53d4 | 2.8872 | 0x6 | RW | 0x8000 | .eh_frame .tbss .init_array .fini_array .got .data .bss | |
TLS | 0x155d4 | 0x255d4 | 0x255d4 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:45:02.746500015 CEST | 41876 | 554 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:02.751339912 CEST | 554 | 41876 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:02.751425982 CEST | 41876 | 554 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:02.751939058 CEST | 41876 | 554 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:02.757003069 CEST | 554 | 41876 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:04.778105974 CEST | 554 | 41876 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:04.778517962 CEST | 41876 | 554 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:04.783351898 CEST | 554 | 41876 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:07.780265093 CEST | 58412 | 993 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:07.785406113 CEST | 993 | 58412 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:07.785489082 CEST | 58412 | 993 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:07.785571098 CEST | 58412 | 993 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:07.790874004 CEST | 993 | 58412 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:09.986496925 CEST | 993 | 58412 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:09.986804008 CEST | 58412 | 993 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:09.991875887 CEST | 993 | 58412 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:10.988524914 CEST | 51426 | 5223 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:10.993360043 CEST | 5223 | 51426 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:10.993437052 CEST | 51426 | 5223 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:10.993479967 CEST | 51426 | 5223 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:10.998308897 CEST | 5223 | 51426 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:12.993175983 CEST | 5223 | 51426 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:12.993503094 CEST | 51426 | 5223 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:12.998358011 CEST | 5223 | 51426 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:14.994874001 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:14.999833107 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:14.999887943 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:14.999908924 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:15.005251884 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:17.480887890 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:17.481208086 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:17.482392073 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:17.482434988 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:17.484407902 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:17.484447956 CEST | 47764 | 9000 | 192.168.2.14 | 5.230.228.44 |
Oct 7, 2024 22:45:17.490468025 CEST | 9000 | 47764 | 5.230.228.44 | 192.168.2.14 |
Oct 7, 2024 22:45:20.483098030 CEST | 60590 | 5223 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:20.488482952 CEST | 5223 | 60590 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:20.488631010 CEST | 60590 | 5223 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:20.488631010 CEST | 60590 | 5223 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:20.493565083 CEST | 5223 | 60590 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:22.636631966 CEST | 5223 | 60590 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:22.636972904 CEST | 60590 | 5223 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:22.642008066 CEST | 5223 | 60590 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:24.641515970 CEST | 38394 | 35000 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:45:24.646420956 CEST | 35000 | 38394 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:45:24.646673918 CEST | 38394 | 35000 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:45:24.646673918 CEST | 38394 | 35000 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:45:24.651940107 CEST | 35000 | 38394 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:45:26.324733019 CEST | 35000 | 38394 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:45:26.325074911 CEST | 38394 | 35000 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:45:26.330189943 CEST | 35000 | 38394 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:45:28.326951027 CEST | 53360 | 7777 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:28.332612991 CEST | 7777 | 53360 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:28.332658052 CEST | 53360 | 7777 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:28.332684994 CEST | 53360 | 7777 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:28.339617014 CEST | 7777 | 53360 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:30.337507963 CEST | 7777 | 53360 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:30.337841034 CEST | 53360 | 7777 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:45:30.342953920 CEST | 7777 | 53360 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:45:32.339565039 CEST | 48346 | 3724 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:45:32.346303940 CEST | 3724 | 48346 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:45:32.346421957 CEST | 48346 | 3724 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:45:32.346473932 CEST | 48346 | 3724 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:45:32.353326082 CEST | 3724 | 48346 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:45:42.356266022 CEST | 48346 | 3724 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:45:42.361639023 CEST | 3724 | 48346 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:45:42.361721992 CEST | 48346 | 3724 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:45:43.357548952 CEST | 60852 | 2222 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:45:43.362654924 CEST | 2222 | 60852 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:45:43.362765074 CEST | 60852 | 2222 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:45:43.362778902 CEST | 60852 | 2222 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:45:43.367836952 CEST | 2222 | 60852 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:45:45.046330929 CEST | 2222 | 60852 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:45:45.046696901 CEST | 60852 | 2222 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:45:45.051691055 CEST | 2222 | 60852 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:45:48.048358917 CEST | 39646 | 37777 | 192.168.2.14 | 5.230.228.46 |
Oct 7, 2024 22:45:48.053212881 CEST | 37777 | 39646 | 5.230.228.46 | 192.168.2.14 |
Oct 7, 2024 22:45:48.053359985 CEST | 39646 | 37777 | 192.168.2.14 | 5.230.228.46 |
Oct 7, 2024 22:45:48.053397894 CEST | 39646 | 37777 | 192.168.2.14 | 5.230.228.46 |
Oct 7, 2024 22:45:48.058296919 CEST | 37777 | 39646 | 5.230.228.46 | 192.168.2.14 |
Oct 7, 2024 22:45:49.871537924 CEST | 37777 | 39646 | 5.230.228.46 | 192.168.2.14 |
Oct 7, 2024 22:45:49.872030020 CEST | 39646 | 37777 | 192.168.2.14 | 5.230.228.46 |
Oct 7, 2024 22:45:49.877059937 CEST | 37777 | 39646 | 5.230.228.46 | 192.168.2.14 |
Oct 7, 2024 22:45:51.873441935 CEST | 40622 | 2022 | 192.168.2.14 | 5.230.122.80 |
Oct 7, 2024 22:45:51.878459930 CEST | 2022 | 40622 | 5.230.122.80 | 192.168.2.14 |
Oct 7, 2024 22:45:51.878596067 CEST | 40622 | 2022 | 192.168.2.14 | 5.230.122.80 |
Oct 7, 2024 22:45:51.878596067 CEST | 40622 | 2022 | 192.168.2.14 | 5.230.122.80 |
Oct 7, 2024 22:45:51.883666039 CEST | 2022 | 40622 | 5.230.122.80 | 192.168.2.14 |
Oct 7, 2024 22:45:54.064508915 CEST | 2022 | 40622 | 5.230.122.80 | 192.168.2.14 |
Oct 7, 2024 22:45:54.064909935 CEST | 40622 | 2022 | 192.168.2.14 | 5.230.122.80 |
Oct 7, 2024 22:45:54.069943905 CEST | 2022 | 40622 | 5.230.122.80 | 192.168.2.14 |
Oct 7, 2024 22:45:57.066184044 CEST | 58276 | 22022 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:57.071196079 CEST | 22022 | 58276 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:57.071263075 CEST | 58276 | 22022 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:57.071314096 CEST | 58276 | 22022 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:57.076114893 CEST | 22022 | 58276 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:59.242259026 CEST | 22022 | 58276 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:45:59.242959976 CEST | 58276 | 22022 | 192.168.2.14 | 5.230.122.81 |
Oct 7, 2024 22:45:59.248056889 CEST | 22022 | 58276 | 5.230.122.81 | 192.168.2.14 |
Oct 7, 2024 22:46:01.245091915 CEST | 52474 | 9000 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:01.250917912 CEST | 9000 | 52474 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:01.250999928 CEST | 52474 | 9000 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:01.251051903 CEST | 52474 | 9000 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:01.256705046 CEST | 9000 | 52474 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:11.260833979 CEST | 52474 | 9000 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:11.267124891 CEST | 9000 | 52474 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:11.267187119 CEST | 52474 | 9000 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:14.262202024 CEST | 51258 | 19153 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:46:14.267105103 CEST | 19153 | 51258 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:46:14.267172098 CEST | 51258 | 19153 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:46:14.267199993 CEST | 51258 | 19153 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:46:14.272080898 CEST | 19153 | 51258 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:46:16.258913040 CEST | 19153 | 51258 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:46:16.259293079 CEST | 51258 | 19153 | 192.168.2.14 | 194.156.98.15 |
Oct 7, 2024 22:46:16.266616106 CEST | 19153 | 51258 | 194.156.98.15 | 192.168.2.14 |
Oct 7, 2024 22:46:18.260628939 CEST | 43270 | 3389 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:46:18.265548944 CEST | 3389 | 43270 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:46:18.265727043 CEST | 43270 | 3389 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:46:18.265784025 CEST | 43270 | 3389 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:46:18.270921946 CEST | 3389 | 43270 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:46:19.954982996 CEST | 3389 | 43270 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:46:19.955292940 CEST | 43270 | 3389 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:46:19.955434084 CEST | 43270 | 3389 | 192.168.2.14 | 5.230.228.47 |
Oct 7, 2024 22:46:19.960486889 CEST | 3389 | 43270 | 5.230.228.47 | 192.168.2.14 |
Oct 7, 2024 22:46:21.957511902 CEST | 33628 | 554 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:22.131807089 CEST | 554 | 33628 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:22.131956100 CEST | 33628 | 554 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:22.132122993 CEST | 33628 | 554 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:22.137763977 CEST | 554 | 33628 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:23.844366074 CEST | 554 | 33628 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:23.844685078 CEST | 33628 | 554 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:23.850649118 CEST | 554 | 33628 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:26.846553087 CEST | 47912 | 19153 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:46:26.851411104 CEST | 19153 | 47912 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:46:26.851490021 CEST | 47912 | 19153 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:46:26.851547956 CEST | 47912 | 19153 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:46:26.856637001 CEST | 19153 | 47912 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:46:28.528407097 CEST | 19153 | 47912 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:46:28.529063940 CEST | 47912 | 19153 | 192.168.2.14 | 5.230.228.62 |
Oct 7, 2024 22:46:28.534216881 CEST | 19153 | 47912 | 5.230.228.62 | 192.168.2.14 |
Oct 7, 2024 22:46:31.531049967 CEST | 52372 | 34567 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:31.536221981 CEST | 34567 | 52372 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:31.536329985 CEST | 52372 | 34567 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:31.536386013 CEST | 52372 | 34567 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:31.541594028 CEST | 34567 | 52372 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:41.546165943 CEST | 52372 | 34567 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:41.553143978 CEST | 34567 | 52372 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:46:41.553257942 CEST | 52372 | 34567 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:46:43.548523903 CEST | 54752 | 995 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:43.652185917 CEST | 995 | 54752 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:43.652332067 CEST | 54752 | 995 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:43.652426958 CEST | 54752 | 995 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:43.658541918 CEST | 995 | 54752 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:45.344085932 CEST | 995 | 54752 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:45.344474077 CEST | 54752 | 995 | 192.168.2.14 | 5.230.229.83 |
Oct 7, 2024 22:46:45.349555969 CEST | 995 | 54752 | 5.230.229.83 | 192.168.2.14 |
Oct 7, 2024 22:46:46.345992088 CEST | 46424 | 7777 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:46:46.351007938 CEST | 7777 | 46424 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:46:46.351995945 CEST | 46424 | 7777 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:46:46.352046967 CEST | 46424 | 7777 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:46:46.357481003 CEST | 7777 | 46424 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:46:56.361993074 CEST | 46424 | 7777 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:46:56.368607044 CEST | 7777 | 46424 | 5.230.228.42 | 192.168.2.14 |
Oct 7, 2024 22:46:56.368737936 CEST | 46424 | 7777 | 192.168.2.14 | 5.230.228.42 |
Oct 7, 2024 22:46:58.364284039 CEST | 43618 | 10554 | 192.168.2.14 | 5.230.118.247 |
Oct 7, 2024 22:46:58.369395971 CEST | 10554 | 43618 | 5.230.118.247 | 192.168.2.14 |
Oct 7, 2024 22:46:58.369535923 CEST | 43618 | 10554 | 192.168.2.14 | 5.230.118.247 |
Oct 7, 2024 22:46:58.369605064 CEST | 43618 | 10554 | 192.168.2.14 | 5.230.118.247 |
Oct 7, 2024 22:46:58.374674082 CEST | 10554 | 43618 | 5.230.118.247 | 192.168.2.14 |
Oct 7, 2024 22:47:00.226986885 CEST | 10554 | 43618 | 5.230.118.247 | 192.168.2.14 |
Oct 7, 2024 22:47:00.227550030 CEST | 43618 | 10554 | 192.168.2.14 | 5.230.118.247 |
Oct 7, 2024 22:47:00.232518911 CEST | 10554 | 43618 | 5.230.118.247 | 192.168.2.14 |
Oct 7, 2024 22:47:03.229497910 CEST | 56086 | 3389 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:47:03.234368086 CEST | 3389 | 56086 | 5.230.228.23 | 192.168.2.14 |
Oct 7, 2024 22:47:03.234494925 CEST | 56086 | 3389 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:47:03.234536886 CEST | 56086 | 3389 | 192.168.2.14 | 5.230.228.23 |
Oct 7, 2024 22:47:03.239428997 CEST | 3389 | 56086 | 5.230.228.23 | 192.168.2.14 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:45:02.165894985 CEST | 34702 | 3478 | 192.168.2.14 | 172.217.192.127 |
Oct 7, 2024 22:45:02.727802038 CEST | 3478 | 34702 | 172.217.192.127 | 192.168.2.14 |
Oct 7, 2024 22:45:02.734214067 CEST | 52354 | 53 | 192.168.2.14 | 202.61.197.122 |
Oct 7, 2024 22:45:02.744757891 CEST | 53 | 52354 | 202.61.197.122 | 192.168.2.14 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:02.734214067 CEST | 192.168.2.14 | 202.61.197.122 | 0x5c38 | Standard query (0) | 16 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:02.744757891 CEST | 202.61.197.122 | 192.168.2.14 | 0x5c38 | No error (0) | TXT (Text strings) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.ATtwu24ZWJ /tmp/tmp.NdgjzYv9SV /tmp/tmp.hAuNO4RoFi |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.ATtwu24ZWJ /tmp/tmp.NdgjzYv9SV /tmp/tmp.hAuNO4RoFi |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:44:59 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
Arguments: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 20:45:01 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 20:45:02 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.15130.25224.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |