Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528778 |
Start date and time: | 2024-10-08 10:46:14 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal56.linELF@0/0@36/0 |
Command: | /tmp/na.elf |
PID: | 6206 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | zenci |
Standard Error: |
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
57% | Virustotal | Browse | ||
53% | ReversingLabs | Linux.Exploit.Mirai | ||
100% | Avira | EXP/ELF.Mirai.W |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
akamaisus.dyn | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.798100793666167 |
TrID: |
|
File name: | na.elf |
File size: | 55'472 bytes |
MD5: | f56ba281f91d4d31de3af57e72dee818 |
SHA1: | 3fea0260ade94a6ee41244398c0ac095c44c9899 |
SHA256: | b561e39594ff47df3eeac90d75996213255090763d1cde1a1eace6c945659981 |
SHA512: | 523f314a2f3c74162fe7fdc82376fe0906a10f1bbb53638d00e82bf8cc4c0359574f1584913a71a6210f89b9846570920b47e67adff9d2478b5dade8b43a5516 |
SSDEEP: | 768:CBg4h+aWmD/HiehHqU2jLBc6iM4SrC5PL8bdKLehPgaYopNv+okCxKlFkfbGXKI:CBfh+3x1LjG27KihPb3fPkCxvGa |
TLSH: | 4F439E3BC42A2E58E19482F5B8658F791B53F94482476FFE16A6C1328047EACF7493F4 |
File Content Preview: | .ELF..............*.......@.4... .......4. ...(...............@...@.|...|.....................A...A.`....5..........Q.td............................././"O.n........#.*@........#.*@L....o&O.n...l..............................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 55072 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x30 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0xbe60 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x40bf40 | 0xbf40 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x40bf64 | 0xbf64 | 0x1418 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x41d380 | 0xd380 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x41d388 | 0xd388 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x41d394 | 0xd394 | 0x34c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x41d6e0 | 0xd6e0 | 0x31b8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xd6e0 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0xd37c | 0xd37c | 6.8538 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xd380 | 0x41d380 | 0x41d380 | 0x360 | 0x3518 | 2.6613 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 10:46:52.765188932 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 8, 2024 10:46:58.396497965 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 8, 2024 10:46:59.932334900 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 8, 2024 10:47:13.242619991 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 8, 2024 10:47:25.528721094 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 8, 2024 10:47:29.624435902 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 8, 2024 10:47:54.196737051 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 10:46:53.490731001 CEST | 44587 | 53 | 192.168.2.23 | 185.181.61.24 |
Oct 8, 2024 10:46:53.524496078 CEST | 53 | 44587 | 185.181.61.24 | 192.168.2.23 |
Oct 8, 2024 10:46:53.525414944 CEST | 48155 | 53 | 192.168.2.23 | 139.84.165.176 |
Oct 8, 2024 10:46:58.531227112 CEST | 49552 | 53 | 192.168.2.23 | 139.84.165.176 |
Oct 8, 2024 10:47:03.540537119 CEST | 52427 | 53 | 192.168.2.23 | 139.84.165.176 |
Oct 8, 2024 10:47:15.548048019 CEST | 37621 | 53 | 192.168.2.23 | 70.34.254.19 |
Oct 8, 2024 10:47:20.554162025 CEST | 59766 | 53 | 192.168.2.23 | 178.254.22.166 |
Oct 8, 2024 10:47:25.560128927 CEST | 38038 | 53 | 192.168.2.23 | 178.254.22.166 |
Oct 8, 2024 10:47:30.567487955 CEST | 32926 | 53 | 192.168.2.23 | 80.152.203.134 |
Oct 8, 2024 10:47:30.807508945 CEST | 53 | 32926 | 80.152.203.134 | 192.168.2.23 |
Oct 8, 2024 10:47:32.813790083 CEST | 52820 | 53 | 192.168.2.23 | 194.36.144.87 |
Oct 8, 2024 10:47:32.824151039 CEST | 53 | 52820 | 194.36.144.87 | 192.168.2.23 |
Oct 8, 2024 10:47:32.826179028 CEST | 42293 | 53 | 192.168.2.23 | 80.152.203.134 |
Oct 8, 2024 10:47:32.859730005 CEST | 53 | 42293 | 80.152.203.134 | 192.168.2.23 |
Oct 8, 2024 10:47:32.862624884 CEST | 42547 | 53 | 192.168.2.23 | 80.152.203.134 |
Oct 8, 2024 10:47:32.885931015 CEST | 53 | 42547 | 80.152.203.134 | 192.168.2.23 |
Oct 8, 2024 10:47:32.888154984 CEST | 42321 | 53 | 192.168.2.23 | 81.169.136.222 |
Oct 8, 2024 10:47:32.916543961 CEST | 53 | 42321 | 81.169.136.222 | 192.168.2.23 |
Oct 8, 2024 10:47:38.922382116 CEST | 60493 | 53 | 192.168.2.23 | 81.169.136.222 |
Oct 8, 2024 10:47:38.950802088 CEST | 53 | 60493 | 81.169.136.222 | 192.168.2.23 |
Oct 8, 2024 10:47:38.951843977 CEST | 40567 | 53 | 192.168.2.23 | 152.53.15.127 |
Oct 8, 2024 10:47:38.962080956 CEST | 53 | 40567 | 152.53.15.127 | 192.168.2.23 |
Oct 8, 2024 10:47:38.963320017 CEST | 33061 | 53 | 192.168.2.23 | 152.53.15.127 |
Oct 8, 2024 10:47:38.974028111 CEST | 53 | 33061 | 152.53.15.127 | 192.168.2.23 |
Oct 8, 2024 10:47:38.975219965 CEST | 37116 | 53 | 192.168.2.23 | 65.21.1.106 |
Oct 8, 2024 10:47:39.002233982 CEST | 53 | 37116 | 65.21.1.106 | 192.168.2.23 |
Oct 8, 2024 10:47:46.006072044 CEST | 55112 | 53 | 192.168.2.23 | 137.220.52.23 |
Oct 8, 2024 10:47:51.011399984 CEST | 34100 | 53 | 192.168.2.23 | 202.61.197.122 |
Oct 8, 2024 10:47:51.021888018 CEST | 53 | 34100 | 202.61.197.122 | 192.168.2.23 |
Oct 8, 2024 10:47:51.023066044 CEST | 37652 | 53 | 192.168.2.23 | 81.169.136.222 |
Oct 8, 2024 10:47:51.050879955 CEST | 53 | 37652 | 81.169.136.222 | 192.168.2.23 |
Oct 8, 2024 10:47:51.051836967 CEST | 36825 | 53 | 192.168.2.23 | 70.34.254.19 |
Oct 8, 2024 10:48:06.057898998 CEST | 55649 | 53 | 192.168.2.23 | 168.235.111.72 |
Oct 8, 2024 10:48:06.147540092 CEST | 53 | 55649 | 168.235.111.72 | 192.168.2.23 |
Oct 8, 2024 10:48:06.149466038 CEST | 58362 | 53 | 192.168.2.23 | 137.220.52.23 |
Oct 8, 2024 10:48:11.155428886 CEST | 37925 | 53 | 192.168.2.23 | 152.53.15.127 |
Oct 8, 2024 10:48:11.408198118 CEST | 53 | 37925 | 152.53.15.127 | 192.168.2.23 |
Oct 8, 2024 10:48:11.409192085 CEST | 36537 | 53 | 192.168.2.23 | 65.21.1.106 |
Oct 8, 2024 10:48:11.435720921 CEST | 53 | 36537 | 65.21.1.106 | 192.168.2.23 |
Oct 8, 2024 10:48:12.438033104 CEST | 39313 | 53 | 192.168.2.23 | 139.84.165.176 |
Oct 8, 2024 10:48:17.443633080 CEST | 56793 | 53 | 192.168.2.23 | 65.21.1.106 |
Oct 8, 2024 10:48:17.470345974 CEST | 53 | 56793 | 65.21.1.106 | 192.168.2.23 |
Oct 8, 2024 10:48:17.471493006 CEST | 49500 | 53 | 192.168.2.23 | 5.161.109.23 |
Oct 8, 2024 10:48:22.477396965 CEST | 57558 | 53 | 192.168.2.23 | 81.169.136.222 |
Oct 8, 2024 10:48:22.505105019 CEST | 53 | 57558 | 81.169.136.222 | 192.168.2.23 |
Oct 8, 2024 10:48:23.509660006 CEST | 42569 | 53 | 192.168.2.23 | 137.220.52.23 |
Oct 8, 2024 10:48:28.515865088 CEST | 55199 | 53 | 192.168.2.23 | 5.161.109.23 |
Oct 8, 2024 10:48:33.521059990 CEST | 47048 | 53 | 192.168.2.23 | 70.34.254.19 |
Oct 8, 2024 10:48:38.522218943 CEST | 47899 | 53 | 192.168.2.23 | 185.181.61.24 |
Oct 8, 2024 10:48:38.555641890 CEST | 53 | 47899 | 185.181.61.24 | 192.168.2.23 |
Oct 8, 2024 10:48:47.559101105 CEST | 57776 | 53 | 192.168.2.23 | 217.160.70.42 |
Oct 8, 2024 10:48:47.592031956 CEST | 53 | 57776 | 217.160.70.42 | 192.168.2.23 |
Oct 8, 2024 10:48:47.593813896 CEST | 44503 | 53 | 192.168.2.23 | 80.152.203.134 |
Oct 8, 2024 10:48:47.652964115 CEST | 53 | 44503 | 80.152.203.134 | 192.168.2.23 |
Oct 8, 2024 10:48:47.654992104 CEST | 51899 | 53 | 192.168.2.23 | 217.160.70.42 |
Oct 8, 2024 10:48:47.682116985 CEST | 53 | 51899 | 217.160.70.42 | 192.168.2.23 |
Oct 8, 2024 10:48:47.683422089 CEST | 42241 | 53 | 192.168.2.23 | 137.220.52.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 10:46:53.490731001 CEST | 192.168.2.23 | 185.181.61.24 | 0x871d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:46:53.525414944 CEST | 192.168.2.23 | 139.84.165.176 | 0x2a9c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:46:58.531227112 CEST | 192.168.2.23 | 139.84.165.176 | 0xed10 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:03.540537119 CEST | 192.168.2.23 | 139.84.165.176 | 0x927a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:15.548048019 CEST | 192.168.2.23 | 70.34.254.19 | 0x4a0b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:20.554162025 CEST | 192.168.2.23 | 178.254.22.166 | 0xc28c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:25.560128927 CEST | 192.168.2.23 | 178.254.22.166 | 0xf004 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:30.567487955 CEST | 192.168.2.23 | 80.152.203.134 | 0xf70a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.813790083 CEST | 192.168.2.23 | 194.36.144.87 | 0xa1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.826179028 CEST | 192.168.2.23 | 80.152.203.134 | 0x3733 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.862624884 CEST | 192.168.2.23 | 80.152.203.134 | 0x8482 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.888154984 CEST | 192.168.2.23 | 81.169.136.222 | 0xd6bd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.922382116 CEST | 192.168.2.23 | 81.169.136.222 | 0xf33e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.951843977 CEST | 192.168.2.23 | 152.53.15.127 | 0xd53d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.963320017 CEST | 192.168.2.23 | 152.53.15.127 | 0x526d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.975219965 CEST | 192.168.2.23 | 65.21.1.106 | 0xf25e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:46.006072044 CEST | 192.168.2.23 | 137.220.52.23 | 0x7a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:51.011399984 CEST | 192.168.2.23 | 202.61.197.122 | 0x123a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:51.023066044 CEST | 192.168.2.23 | 81.169.136.222 | 0xc9ed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:51.051836967 CEST | 192.168.2.23 | 70.34.254.19 | 0xc794 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:06.057898998 CEST | 192.168.2.23 | 168.235.111.72 | 0x5e40 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:06.149466038 CEST | 192.168.2.23 | 137.220.52.23 | 0xb69a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:11.155428886 CEST | 192.168.2.23 | 152.53.15.127 | 0x4549 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:11.409192085 CEST | 192.168.2.23 | 65.21.1.106 | 0xf7bb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:12.438033104 CEST | 192.168.2.23 | 139.84.165.176 | 0x7f3a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:17.443633080 CEST | 192.168.2.23 | 65.21.1.106 | 0x616c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:17.471493006 CEST | 192.168.2.23 | 5.161.109.23 | 0xf8e3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:22.477396965 CEST | 192.168.2.23 | 81.169.136.222 | 0x6857 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:23.509660006 CEST | 192.168.2.23 | 137.220.52.23 | 0x44a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:28.515865088 CEST | 192.168.2.23 | 5.161.109.23 | 0x3a5d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:33.521059990 CEST | 192.168.2.23 | 70.34.254.19 | 0x2e74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:38.522218943 CEST | 192.168.2.23 | 185.181.61.24 | 0x18dc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.559101105 CEST | 192.168.2.23 | 217.160.70.42 | 0x684c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.593813896 CEST | 192.168.2.23 | 80.152.203.134 | 0xa660 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.654992104 CEST | 192.168.2.23 | 217.160.70.42 | 0x3b74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.683422089 CEST | 192.168.2.23 | 137.220.52.23 | 0x70e8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 10:46:53.524496078 CEST | 185.181.61.24 | 192.168.2.23 | 0x871d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:30.807508945 CEST | 80.152.203.134 | 192.168.2.23 | 0xf70a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.824151039 CEST | 194.36.144.87 | 192.168.2.23 | 0xa1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.859730005 CEST | 80.152.203.134 | 192.168.2.23 | 0x3733 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.885931015 CEST | 80.152.203.134 | 192.168.2.23 | 0x8482 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:32.916543961 CEST | 81.169.136.222 | 192.168.2.23 | 0xd6bd | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.950802088 CEST | 81.169.136.222 | 192.168.2.23 | 0xf33e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.962080956 CEST | 152.53.15.127 | 192.168.2.23 | 0xd53d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:38.974028111 CEST | 152.53.15.127 | 192.168.2.23 | 0x526d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:39.002233982 CEST | 65.21.1.106 | 192.168.2.23 | 0xf25e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:51.021888018 CEST | 202.61.197.122 | 192.168.2.23 | 0x123a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:47:51.050879955 CEST | 81.169.136.222 | 192.168.2.23 | 0xc9ed | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:06.147540092 CEST | 168.235.111.72 | 192.168.2.23 | 0x5e40 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:11.408198118 CEST | 152.53.15.127 | 192.168.2.23 | 0x4549 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:11.435720921 CEST | 65.21.1.106 | 192.168.2.23 | 0xf7bb | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:17.470345974 CEST | 65.21.1.106 | 192.168.2.23 | 0x616c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:22.505105019 CEST | 81.169.136.222 | 192.168.2.23 | 0x6857 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:38.555641890 CEST | 185.181.61.24 | 192.168.2.23 | 0x18dc | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.592031956 CEST | 217.160.70.42 | 192.168.2.23 | 0x684c | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.652964115 CEST | 80.152.203.134 | 192.168.2.23 | 0xa660 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:48:47.682116985 CEST | 217.160.70.42 | 192.168.2.23 | 0x3b74 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 08:46:50 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:46:51 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:46:51 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 08:46:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/udisks2/udisksd |
Arguments: | - |
File size: | 483056 bytes |
MD5 hash: | 1d7ae439cc3d82fa6b127671ce037a24 |
Start time (UTC): | 08:46:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/dumpe2fs |
Arguments: | dumpe2fs -h /dev/dm-0 |
File size: | 31112 bytes |
MD5 hash: | 5c66f7d8f7681a40562cf049ad4b72b4 |