Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Sample scans a subnet
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528446 |
Start date and time: | 2024-10-07 22:44:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
Detection: | MAL |
Classification: | mal60.spre.troj.spyw.evad.linELF@0/0@1/0 |
- VT rate limit hit for: SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf
Command: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
PID: | 5624 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Firmware update in progress |
Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 5605, Parent: 3678)
- dash New Fork (PID: 5606, Parent: 3678)
- SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf New Fork (PID: 5628, Parent: 5624)
- SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf New Fork (PID: 5630, Parent: 5628)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior |
Source: | Subnet 5.230.228.0/24: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 Network Service Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
iranistrash.libre | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.230.171.9 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.171.8 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.122.82 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.122.80 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.47 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
172.217.192.127 | unknown | United States | 15169 | GOOGLEUS | false | |
5.230.228.46 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.42 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.44 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
94.131.118.154 | unknown | Ukraine | 29632 | NASSIST-ASGI | true | |
185.248.144.209 | unknown | France | 31531 | POINT-ASUA | false | |
5.230.228.62 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
194.156.98.15 | unknown | Russian Federation | 135330 | ADCDATACOM-AS-APADCDATACOMHK | false | |
5.230.118.247 | unknown | Germany | 12586 | ASGHOSTNETDE | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.248.144.209 | Get hash | malicious | Unknown | Browse | ||
5.230.228.62 | Get hash | malicious | Unknown | Browse | ||
194.156.98.15 | Get hash | malicious | Unknown | Browse | ||
5.230.118.247 | Get hash | malicious | Unknown | Browse | ||
5.230.228.46 | Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.050195297376419 |
TrID: |
|
File name: | SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
File size: | 83'180 bytes |
MD5: | 5d959c2b7278b8c8b2c4a3f1554bb96e |
SHA1: | a2ff0e2fd22b31f16f2b3bcc7a3e5ac61c03f5d0 |
SHA256: | 727d897cbf2466bc6390ec82e4056aa5047597390719fd1c556fef01303d91bd |
SHA512: | de5aa96b74ef67dd27511a83e34e3455dcaa0e750eb89d51a4f958d1fc77503c533429586e0cb185d0ad1104b98627376825b41792da897a157da4242ff096eb |
SSDEEP: | 1536:7wFKWWnCCgFmieKTImRoqQA1LJVNcCWSt5cbhd:7GKWWnSmiePANZ8SIbX |
TLSH: | F6834B21BA761E27C0D0B57921F7432AF2F5464918A8CA1F7E710E8EFF6556032137B9 |
File Content Preview: | .ELF...........................4..C......4. ...(......................?...?...............@...@...@.......I.........dt.Q................................@..(....@.M.................#.....b...`.....!..... ...@.....".........`......$ ... ...@...........`.... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 82700 |
Section Header Size: | 40 |
Number of Section Headers: | 12 |
Header String Table Index: | 11 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100b0 | 0xb0 | 0x1370c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x237bc | 0x137bc | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x237d0 | 0x137d0 | 0x7d8 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.eh_frame | PROGBITS | 0x34000 | 0x14000 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.ctors | PROGBITS | 0x34004 | 0x14004 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x3400c | 0x1400c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x34018 | 0x14018 | 0xd4 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x340f0 | 0x140f0 | 0x1cc | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.bss | NOBITS | 0x342c0 | 0x142bc | 0x46f0 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.shstrtab | STRTAB | 0x0 | 0x142bc | 0x4d | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000 | 0x10000 | 0x13fa8 | 0x13fa8 | 6.0743 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x14000 | 0x34000 | 0x34000 | 0x2bc | 0x49b0 | 3.0650 | 0x6 | RW | 0x10000 | .eh_frame .ctors .dtors .got .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:45:07.188383102 CEST | 34592 | 7000 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:07.193567038 CEST | 7000 | 34592 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:07.193918943 CEST | 34592 | 7000 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:07.203037977 CEST | 34592 | 7000 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:07.207962990 CEST | 7000 | 34592 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:08.872001886 CEST | 7000 | 34592 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:08.872457027 CEST | 34592 | 7000 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:08.877463102 CEST | 7000 | 34592 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:11.874357939 CEST | 56206 | 3478 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:11.879374981 CEST | 3478 | 56206 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:11.879461050 CEST | 56206 | 3478 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:11.879487991 CEST | 56206 | 3478 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:11.884280920 CEST | 3478 | 56206 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:13.725682020 CEST | 3478 | 56206 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:13.726005077 CEST | 56206 | 3478 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:13.731193066 CEST | 3478 | 56206 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:14.729933023 CEST | 60560 | 10001 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:45:14.734900951 CEST | 10001 | 60560 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:45:14.735002995 CEST | 60560 | 10001 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:45:14.735112906 CEST | 60560 | 10001 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:45:14.740021944 CEST | 10001 | 60560 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:45:16.389075041 CEST | 10001 | 60560 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:45:16.389484882 CEST | 60560 | 10001 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:45:16.395875931 CEST | 10001 | 60560 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:45:19.392002106 CEST | 49554 | 7777 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:19.400295019 CEST | 7777 | 49554 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:19.400413990 CEST | 49554 | 7777 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:19.400525093 CEST | 49554 | 7777 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:19.408274889 CEST | 7777 | 49554 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:21.288559914 CEST | 7777 | 49554 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:21.289382935 CEST | 49554 | 7777 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:21.294334888 CEST | 7777 | 49554 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:24.291877031 CEST | 49308 | 995 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:24.296950102 CEST | 995 | 49308 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:24.297023058 CEST | 49308 | 995 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:24.297080994 CEST | 49308 | 995 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:24.302409887 CEST | 995 | 49308 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:26.147627115 CEST | 995 | 49308 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:26.148053885 CEST | 49308 | 995 | 192.168.2.15 | 5.230.171.9 |
Oct 7, 2024 22:45:26.152861118 CEST | 995 | 49308 | 5.230.171.9 | 192.168.2.15 |
Oct 7, 2024 22:45:27.150372982 CEST | 45434 | 993 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:27.156049967 CEST | 993 | 45434 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:27.156187057 CEST | 45434 | 993 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:27.156223059 CEST | 45434 | 993 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:27.161056042 CEST | 993 | 45434 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:29.167356968 CEST | 993 | 45434 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:29.167749882 CEST | 45434 | 993 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:29.172693014 CEST | 993 | 45434 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:32.169759989 CEST | 53896 | 3544 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:32.174757004 CEST | 3544 | 53896 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:32.174850941 CEST | 53896 | 3544 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:32.174945116 CEST | 53896 | 3544 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:32.179891109 CEST | 3544 | 53896 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:34.027929068 CEST | 3544 | 53896 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:34.028666973 CEST | 53896 | 3544 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:34.033500910 CEST | 3544 | 53896 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:35.030998945 CEST | 39694 | 2022 | 192.168.2.15 | 5.230.228.47 |
Oct 7, 2024 22:45:35.037638903 CEST | 2022 | 39694 | 5.230.228.47 | 192.168.2.15 |
Oct 7, 2024 22:45:35.037735939 CEST | 39694 | 2022 | 192.168.2.15 | 5.230.228.47 |
Oct 7, 2024 22:45:35.037770033 CEST | 39694 | 2022 | 192.168.2.15 | 5.230.228.47 |
Oct 7, 2024 22:45:35.046998024 CEST | 2022 | 39694 | 5.230.228.47 | 192.168.2.15 |
Oct 7, 2024 22:45:36.714616060 CEST | 2022 | 39694 | 5.230.228.47 | 192.168.2.15 |
Oct 7, 2024 22:45:36.715045929 CEST | 39694 | 2022 | 192.168.2.15 | 5.230.228.47 |
Oct 7, 2024 22:45:36.720031023 CEST | 2022 | 39694 | 5.230.228.47 | 192.168.2.15 |
Oct 7, 2024 22:45:37.717205048 CEST | 55080 | 34567 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:45:37.722060919 CEST | 34567 | 55080 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:45:37.722141981 CEST | 55080 | 34567 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:45:37.722218037 CEST | 55080 | 34567 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:45:37.727144957 CEST | 34567 | 55080 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:45:39.893624067 CEST | 34567 | 55080 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:45:39.893970013 CEST | 55080 | 34567 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:45:39.899157047 CEST | 34567 | 55080 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:45:41.896759033 CEST | 56310 | 22022 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:41.903009892 CEST | 22022 | 56310 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:41.903090954 CEST | 56310 | 22022 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:41.903155088 CEST | 56310 | 22022 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:41.908184052 CEST | 22022 | 56310 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:43.779917002 CEST | 22022 | 56310 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:43.780607939 CEST | 56310 | 22022 | 192.168.2.15 | 5.230.171.8 |
Oct 7, 2024 22:45:43.788393974 CEST | 22022 | 56310 | 5.230.171.8 | 192.168.2.15 |
Oct 7, 2024 22:45:46.782798052 CEST | 60228 | 27014 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:46.787926912 CEST | 27014 | 60228 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:46.788002014 CEST | 60228 | 27014 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:46.788090944 CEST | 60228 | 27014 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:46.792999029 CEST | 27014 | 60228 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:48.601628065 CEST | 27014 | 60228 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:48.601957083 CEST | 60228 | 27014 | 192.168.2.15 | 185.248.144.209 |
Oct 7, 2024 22:45:48.607090950 CEST | 27014 | 60228 | 185.248.144.209 | 192.168.2.15 |
Oct 7, 2024 22:45:50.603199005 CEST | 43676 | 10001 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:50.608184099 CEST | 10001 | 43676 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:50.608246088 CEST | 43676 | 10001 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:50.608268976 CEST | 43676 | 10001 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:50.613221884 CEST | 10001 | 43676 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:52.600181103 CEST | 10001 | 43676 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:52.600425005 CEST | 43676 | 10001 | 192.168.2.15 | 194.156.98.15 |
Oct 7, 2024 22:45:52.605659008 CEST | 10001 | 43676 | 194.156.98.15 | 192.168.2.15 |
Oct 7, 2024 22:45:55.602165937 CEST | 50404 | 2022 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:45:55.607817888 CEST | 2022 | 50404 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:45:55.607912064 CEST | 50404 | 2022 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:45:55.607981920 CEST | 50404 | 2022 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:45:55.612915039 CEST | 2022 | 50404 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:45:57.298851967 CEST | 2022 | 50404 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:45:57.299170971 CEST | 50404 | 2022 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:45:57.304086924 CEST | 2022 | 50404 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:45:59.301059008 CEST | 60072 | 3389 | 192.168.2.15 | 5.230.122.82 |
Oct 7, 2024 22:45:59.306245089 CEST | 3389 | 60072 | 5.230.122.82 | 192.168.2.15 |
Oct 7, 2024 22:45:59.306339979 CEST | 60072 | 3389 | 192.168.2.15 | 5.230.122.82 |
Oct 7, 2024 22:45:59.306410074 CEST | 60072 | 3389 | 192.168.2.15 | 5.230.122.82 |
Oct 7, 2024 22:45:59.311357021 CEST | 3389 | 60072 | 5.230.122.82 | 192.168.2.15 |
Oct 7, 2024 22:46:01.474301100 CEST | 3389 | 60072 | 5.230.122.82 | 192.168.2.15 |
Oct 7, 2024 22:46:01.474801064 CEST | 60072 | 3389 | 192.168.2.15 | 5.230.122.82 |
Oct 7, 2024 22:46:01.479921103 CEST | 3389 | 60072 | 5.230.122.82 | 192.168.2.15 |
Oct 7, 2024 22:46:04.476174116 CEST | 34888 | 2222 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:46:04.481296062 CEST | 2222 | 34888 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:46:04.481429100 CEST | 34888 | 2222 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:46:04.481512070 CEST | 34888 | 2222 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:46:04.486762047 CEST | 2222 | 34888 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:46:14.491472960 CEST | 34888 | 2222 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:46:14.496908903 CEST | 2222 | 34888 | 5.230.228.44 | 192.168.2.15 |
Oct 7, 2024 22:46:14.496978045 CEST | 34888 | 2222 | 192.168.2.15 | 5.230.228.44 |
Oct 7, 2024 22:46:15.494837046 CEST | 33758 | 993 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:15.499943972 CEST | 993 | 33758 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:15.500050068 CEST | 33758 | 993 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:15.500103951 CEST | 33758 | 993 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:15.505861998 CEST | 993 | 33758 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:17.189742088 CEST | 993 | 33758 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:17.190145969 CEST | 33758 | 993 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:17.195076942 CEST | 993 | 33758 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:19.193985939 CEST | 48688 | 9001 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:19.199255943 CEST | 9001 | 48688 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:19.199320078 CEST | 48688 | 9001 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:19.199374914 CEST | 48688 | 9001 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:19.204322100 CEST | 9001 | 48688 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:20.871710062 CEST | 9001 | 48688 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:20.871941090 CEST | 48688 | 9001 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:20.872077942 CEST | 48688 | 9001 | 192.168.2.15 | 5.230.228.62 |
Oct 7, 2024 22:46:20.876972914 CEST | 9001 | 48688 | 5.230.228.62 | 192.168.2.15 |
Oct 7, 2024 22:46:22.874669075 CEST | 37800 | 27014 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:22.879882097 CEST | 27014 | 37800 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:46:22.879968882 CEST | 37800 | 27014 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:22.880031109 CEST | 37800 | 27014 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:22.885389090 CEST | 27014 | 37800 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:46:32.889940977 CEST | 37800 | 27014 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:32.896892071 CEST | 27014 | 37800 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:46:32.896960974 CEST | 37800 | 27014 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:33.891735077 CEST | 52656 | 3389 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:46:33.896961927 CEST | 3389 | 52656 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:46:33.897144079 CEST | 52656 | 3389 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:46:33.897172928 CEST | 52656 | 3389 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:46:33.903338909 CEST | 3389 | 52656 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:46:36.080957890 CEST | 3389 | 52656 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:46:36.081717968 CEST | 52656 | 3389 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:46:36.086596012 CEST | 3389 | 52656 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:46:37.084598064 CEST | 41856 | 19153 | 192.168.2.15 | 5.230.228.42 |
Oct 7, 2024 22:46:37.089818001 CEST | 19153 | 41856 | 5.230.228.42 | 192.168.2.15 |
Oct 7, 2024 22:46:37.089987040 CEST | 41856 | 19153 | 192.168.2.15 | 5.230.228.42 |
Oct 7, 2024 22:46:37.090032101 CEST | 41856 | 19153 | 192.168.2.15 | 5.230.228.42 |
Oct 7, 2024 22:46:37.094995975 CEST | 19153 | 41856 | 5.230.228.42 | 192.168.2.15 |
Oct 7, 2024 22:46:47.099941969 CEST | 41856 | 19153 | 192.168.2.15 | 5.230.228.42 |
Oct 7, 2024 22:46:47.109190941 CEST | 19153 | 41856 | 5.230.228.42 | 192.168.2.15 |
Oct 7, 2024 22:46:47.109281063 CEST | 41856 | 19153 | 192.168.2.15 | 5.230.228.42 |
Oct 7, 2024 22:46:50.101708889 CEST | 40044 | 35000 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:50.109599113 CEST | 35000 | 40044 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:46:50.109674931 CEST | 40044 | 35000 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:50.109697104 CEST | 40044 | 35000 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:46:50.114567041 CEST | 35000 | 40044 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:47:00.119574070 CEST | 40044 | 35000 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:47:00.125353098 CEST | 35000 | 40044 | 94.131.118.154 | 192.168.2.15 |
Oct 7, 2024 22:47:00.125423908 CEST | 40044 | 35000 | 192.168.2.15 | 94.131.118.154 |
Oct 7, 2024 22:47:01.125874996 CEST | 58822 | 7777 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:01.130959988 CEST | 7777 | 58822 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:01.131042957 CEST | 58822 | 7777 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:01.131093025 CEST | 58822 | 7777 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:01.136037111 CEST | 7777 | 58822 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:02.849390984 CEST | 7777 | 58822 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:02.849769115 CEST | 58822 | 7777 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:02.854784012 CEST | 7777 | 58822 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:03.852173090 CEST | 50728 | 9000 | 192.168.2.15 | 5.230.118.247 |
Oct 7, 2024 22:47:03.857291937 CEST | 9000 | 50728 | 5.230.118.247 | 192.168.2.15 |
Oct 7, 2024 22:47:03.857423067 CEST | 50728 | 9000 | 192.168.2.15 | 5.230.118.247 |
Oct 7, 2024 22:47:03.857484102 CEST | 50728 | 9000 | 192.168.2.15 | 5.230.118.247 |
Oct 7, 2024 22:47:03.862431049 CEST | 9000 | 50728 | 5.230.118.247 | 192.168.2.15 |
Oct 7, 2024 22:47:05.709356070 CEST | 9000 | 50728 | 5.230.118.247 | 192.168.2.15 |
Oct 7, 2024 22:47:05.709680080 CEST | 50728 | 9000 | 192.168.2.15 | 5.230.118.247 |
Oct 7, 2024 22:47:05.714895010 CEST | 9000 | 50728 | 5.230.118.247 | 192.168.2.15 |
Oct 7, 2024 22:47:08.711426020 CEST | 60874 | 443 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:08.711487055 CEST | 443 | 60874 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:08.711541891 CEST | 60874 | 443 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:08.711891890 CEST | 60874 | 443 | 192.168.2.15 | 5.230.228.46 |
Oct 7, 2024 22:47:08.711918116 CEST | 443 | 60874 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:08.711973906 CEST | 443 | 60874 | 5.230.228.46 | 192.168.2.15 |
Oct 7, 2024 22:47:10.715348959 CEST | 53626 | 7000 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:47:10.720458984 CEST | 7000 | 53626 | 5.230.122.80 | 192.168.2.15 |
Oct 7, 2024 22:47:10.720742941 CEST | 53626 | 7000 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:47:10.720779896 CEST | 53626 | 7000 | 192.168.2.15 | 5.230.122.80 |
Oct 7, 2024 22:47:10.725609064 CEST | 7000 | 53626 | 5.230.122.80 | 192.168.2.15 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:45:06.464057922 CEST | 55741 | 3478 | 192.168.2.15 | 172.217.192.127 |
Oct 7, 2024 22:45:07.022897959 CEST | 3478 | 55741 | 172.217.192.127 | 192.168.2.15 |
Oct 7, 2024 22:45:07.109447956 CEST | 57766 | 53 | 192.168.2.15 | 217.160.70.42 |
Oct 7, 2024 22:45:07.136672020 CEST | 53 | 57766 | 217.160.70.42 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:07.109447956 CEST | 192.168.2.15 | 217.160.70.42 | 0x161c | Standard query (0) | 16 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:45:07.136672020 CEST | 217.160.70.42 | 192.168.2.15 | 0x161c | No error (0) | TXT (Text strings) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.O4CuIEpsBu /tmp/tmp.vVFwAXA4E6 /tmp/tmp.brf0F1ZgS2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:44:51 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.O4CuIEpsBu /tmp/tmp.vVFwAXA4E6 /tmp/tmp.brf0F1ZgS2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:45:01 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
Arguments: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time (UTC): | 20:45:05 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
Arguments: | - |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
Start time (UTC): | 20:45:05 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.5487.13505.elf |
Arguments: | - |
File size: | 4379400 bytes |
MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |