Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528779
MD5:	048af0f33f1d94915d634b19bd159964
SHA1:	de04bf9ea61cf0c042e53f5da90d94e5c5b37154
SHA256:	80db654728e36088c332abd739fbb66410f8e49a55bdd360c041bf94b8d842d7
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528779
Start date and time:	2024-10-08 10:48:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal60.troj.linELF@0/0@46/0

Runtime Messages

Command:	/tmp/na.elf
PID:	5479
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	zenci
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 5479, Parent: 5403, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/na.elf

na.elf New Fork (PID: 5481, Parent: 5479)

na.elf New Fork (PID: 5491, Parent: 5481)

udisksd New Fork (PID: 5495, Parent: 803)

dumpe2fs (PID: 5495, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf	ReversingLabs: Detection: 52%
Source: na.elf	Virustotal: Detection: 63%			Perma Link

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 93.123.39.105 ports 38241,1,2,3,4,8

Source: global traffic

TCP traffic: 192.168.2.14:34708 -> 93.123.39.105:38241

Source: /tmp/na.elf (PID: 5479)

Socket: 127.0.0.1:2353

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknown	UDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknown	UDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176

Source: global traffic

DNS traffic detected: DNS query: enemybotnet.com

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.linELF@0/0@46/0

Source: /tmp/na.elf (PID: 5479)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5479.1.0000557e1f67e000.0000557e1f7ac000.rw-.sdmp, na.elf, 5491.1.0000557e1f67e000.0000557e1f7ac000.rw-.sdmp	Binary or memory string: ~U!/etc/qemu-binfmt/arm
Source: na.elf, 5479.1.0000557e1f67e000.0000557e1f7ac000.rw-.sdmp, na.elf, 5491.1.0000557e1f67e000.0000557e1f7ac000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: na.elf, 5479.1.00007ffdf3bd4000.00007ffdf3bf5000.rw-.sdmp, na.elf, 5491.1.00007ffdf3bd4000.00007ffdf3bf5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: na.elf, 5479.1.00007ffdf3bd4000.00007ffdf3bf5000.rw-.sdmp, na.elf, 5491.1.00007ffdf3bd4000.00007ffdf3bf5000.rw-.sdmp	Binary or memory string: /~x86_64/usr/bin/qemu-arm/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	53%	ReversingLabs	Linux.Backdoor.Mirai
na.elf	63%	Virustotal		Browse
na.elf	100%	Avira	EXP/ELF.Mirai.W

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
enemybotnet.com	14%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
enemybotnet.com	93.123.39.105	true	true	14%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
93.123.39.105	enemybotnet.com	Bulgaria		43561	NET1-ASBG	true
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
93.123.39.105	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Mirai	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
185.125.190.26	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Mirai	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
	boatnet.x86.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	2xl3rbZjPq.elf	Get hash	malicious	Mirai	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
enemybotnet.com	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	arm7.elf	Get hash	malicious	Mirai	Browse	93.123.39.105
	x86.elf	Get hash	malicious	Unknown	Browse	93.123.39.105

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NET1-ASBG	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	na.elf	Get hash	malicious	Unknown	Browse	93.123.39.105
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	na.elf	Get hash	malicious	Mirai	Browse	93.123.39.116
	arm7.elf	Get hash	malicious	Mirai	Browse	93.123.39.105
CANONICAL-ASGB	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	na.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Unknown	Browse	91.189.91.42

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.0666069812914865
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	64'080 bytes
MD5:	048af0f33f1d94915d634b19bd159964
SHA1:	de04bf9ea61cf0c042e53f5da90d94e5c5b37154
SHA256:	80db654728e36088c332abd739fbb66410f8e49a55bdd360c041bf94b8d842d7
SHA512:	52ebe0b2249d9d7d46784f97d7d2d3526368fdddadd121f049696fc4dcbdacd6363f90d78c50df2b9cff04c04fc0d6c409c3d02b8facb3c126e5c5f2745a8108
SSDEEP:	768:rdmLofzkz4IikDXNvCjCcetSuoTwA0RECJz/NRGbkXHvuMV/A8KqT1L91SVLEvaA:gLQc4IZDQetkwFKSX5Qqd9oZEvat1
TLSH:	B3532980BC819A13C6D052B7FB5E428D732717A8D2EE73139D266F11378B92F0E67652
File Content Preview:	.ELF...a..........(.........4...........4. ...(.....................................................d....5..........Q.td..................................-...L."....7..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	63680
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0xdfd0	0x0	0x6	AX	16
.fini	PROGBITS	0x16080	0xe080	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x16094	0xe094	0x1484	0x0	0x2	A	4
.ctors	PROGBITS	0x1f51c	0xf51c	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1f524	0xf524	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1f530	0xf530	0x350	0x0	0x3	WA	4
.bss	NOBITS	0x1f880	0xf880	0x31b8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xf880	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0xf518	0xf518	6.1023	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0xf51c	0x1f51c	0x1f51c	0x364	0x351c	2.6287	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 10:48:48.725553989 CEST	34708	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:48.730797052 CEST	38241	34708	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:48.731026888 CEST	34708	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:48.731940031 CEST	34708	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:48.736258030 CEST	38241	34708	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:48.736442089 CEST	34708	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:48.736814022 CEST	38241	34708	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:48.741354942 CEST	38241	34708	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:49.897224903 CEST	34710	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:49.902046919 CEST	38241	34710	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:49.902092934 CEST	34710	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:49.902576923 CEST	34710	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:49.907315016 CEST	38241	34710	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:49.907325983 CEST	38241	34710	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:55.381364107 CEST	46540	443	192.168.2.14	185.125.190.26
Oct 8, 2024 10:48:56.138062954 CEST	34712	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:56.142862082 CEST	38241	34712	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:56.142955065 CEST	34712	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:56.143486977 CEST	34712	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:56.148065090 CEST	38241	34712	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:56.148140907 CEST	34712	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:56.148222923 CEST	38241	34712	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:56.152915955 CEST	38241	34712	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:58.002875090 CEST	34714	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:58.007925987 CEST	38241	34714	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:58.007992983 CEST	34714	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:58.008840084 CEST	34714	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:58.015233994 CEST	38241	34714	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:58.015290976 CEST	34714	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:58.015777111 CEST	38241	34714	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:58.021281004 CEST	38241	34714	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:59.033260107 CEST	34716	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:59.038501024 CEST	38241	34716	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:59.038605928 CEST	34716	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:59.039114952 CEST	34716	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:59.043919086 CEST	38241	34716	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:59.044022083 CEST	34716	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:48:59.044045925 CEST	38241	34716	93.123.39.105	192.168.2.14
Oct 8, 2024 10:48:59.048868895 CEST	38241	34716	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:00.259263039 CEST	34718	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:00.264125109 CEST	38241	34718	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:00.264199018 CEST	34718	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:00.264797926 CEST	34718	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:00.269396067 CEST	38241	34718	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:00.269696951 CEST	34718	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:00.269726038 CEST	38241	34718	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:00.274471998 CEST	38241	34718	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:06.293411970 CEST	34720	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:06.298243999 CEST	38241	34720	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:06.298338890 CEST	34720	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:06.299223900 CEST	34720	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:06.303466082 CEST	38241	34720	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:06.303565025 CEST	34720	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:06.304004908 CEST	38241	34720	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:06.308402061 CEST	38241	34720	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:12.518745899 CEST	34722	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:12.523634911 CEST	38241	34722	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:12.523749113 CEST	34722	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:12.524286032 CEST	34722	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:12.528800011 CEST	38241	34722	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:12.528882980 CEST	34722	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:12.529083014 CEST	38241	34722	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:12.533770084 CEST	38241	34722	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:13.691307068 CEST	34724	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:13.696204901 CEST	38241	34724	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:13.696264982 CEST	34724	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:13.697160959 CEST	34724	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:13.701479912 CEST	38241	34724	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:13.701550961 CEST	34724	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:13.701960087 CEST	38241	34724	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:13.706336975 CEST	38241	34724	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:19.720535040 CEST	34726	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:19.725414038 CEST	38241	34726	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:19.725505114 CEST	34726	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:19.726227999 CEST	34726	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:19.730787992 CEST	38241	34726	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:19.730874062 CEST	34726	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:19.731079102 CEST	38241	34726	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:19.735852003 CEST	38241	34726	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:26.100030899 CEST	46540	443	192.168.2.14	185.125.190.26
Oct 8, 2024 10:49:30.756551981 CEST	34728	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:30.761409044 CEST	38241	34728	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:30.761487961 CEST	34728	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:30.762372017 CEST	34728	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:30.766634941 CEST	38241	34728	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:30.766721010 CEST	34728	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:30.767187119 CEST	38241	34728	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:30.771490097 CEST	38241	34728	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:31.991199970 CEST	34730	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:31.997078896 CEST	38241	34730	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:31.997209072 CEST	34730	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:31.998456001 CEST	34730	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:32.003504992 CEST	38241	34730	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:32.003596067 CEST	34730	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:32.004179001 CEST	38241	34730	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:32.008356094 CEST	38241	34730	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:38.025415897 CEST	34732	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:38.030426979 CEST	38241	34732	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:38.030509949 CEST	34732	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:38.031738997 CEST	34732	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:38.036912918 CEST	38241	34732	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:38.036987066 CEST	34732	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:38.041851997 CEST	38241	34732	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:38.042443991 CEST	38241	34732	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:39.205213070 CEST	34734	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:39.210608006 CEST	38241	34734	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:39.210735083 CEST	34734	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:39.212013006 CEST	34734	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:39.216439962 CEST	38241	34734	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:39.216519117 CEST	34734	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:39.216949940 CEST	38241	34734	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:39.223061085 CEST	38241	34734	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:45.464189053 CEST	34736	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:45.469047070 CEST	38241	34736	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:45.469119072 CEST	34736	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:45.471088886 CEST	34736	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:45.474286079 CEST	38241	34736	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:45.475210905 CEST	34736	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:45.475990057 CEST	38241	34736	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:45.479994059 CEST	38241	34736	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:46.671665907 CEST	34738	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:46.676557064 CEST	38241	34738	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:46.676623106 CEST	34738	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:46.677557945 CEST	34738	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:46.681864023 CEST	38241	34738	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:46.681971073 CEST	34738	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:46.682643890 CEST	38241	34738	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:46.686846972 CEST	38241	34738	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:57.860203981 CEST	34740	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:57.865185976 CEST	38241	34740	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:57.865330935 CEST	34740	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:57.866302013 CEST	34740	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:57.870574951 CEST	38241	34740	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:57.870731115 CEST	34740	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:57.870769978 CEST	34740	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:49:57.871088028 CEST	38241	34740	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:57.875612974 CEST	38241	34740	93.123.39.105	192.168.2.14
Oct 8, 2024 10:49:57.875627041 CEST	38241	34740	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:14.104290962 CEST	34742	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:14.109210014 CEST	38241	34742	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:14.109395981 CEST	34742	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:14.110039949 CEST	34742	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:14.114578962 CEST	38241	34742	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:14.114706039 CEST	34742	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:14.114847898 CEST	38241	34742	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:14.122068882 CEST	38241	34742	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:15.133378983 CEST	34744	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:15.138242960 CEST	38241	34744	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:15.138343096 CEST	34744	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:15.139060020 CEST	34744	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:15.143527031 CEST	38241	34744	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:15.143651009 CEST	34744	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:15.143831968 CEST	38241	34744	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:15.148518085 CEST	38241	34744	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:17.211704016 CEST	34746	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:17.217416048 CEST	38241	34746	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:17.217485905 CEST	34746	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:17.218148947 CEST	34746	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:17.222620964 CEST	38241	34746	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:17.222722054 CEST	34746	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:17.222920895 CEST	38241	34746	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:17.227554083 CEST	38241	34746	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:18.432605028 CEST	34748	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:18.437516928 CEST	38241	34748	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:18.437608004 CEST	34748	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:18.438303947 CEST	34748	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:18.442888975 CEST	38241	34748	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:18.442959070 CEST	34748	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:18.443070889 CEST	38241	34748	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:18.447782040 CEST	38241	34748	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:29.468250990 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:29.473203897 CEST	38241	34750	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:29.473275900 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:29.474354982 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:29.479185104 CEST	38241	34750	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:29.479264021 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:29.484075069 CEST	38241	34750	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:30.081521034 CEST	38241	34750	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:30.081675053 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:30.081794024 CEST	34750	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.252293110 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.257076979 CEST	38241	34752	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:33.257123947 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.257752895 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.262543917 CEST	38241	34752	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:33.262600899 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.267425060 CEST	38241	34752	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:33.875447989 CEST	38241	34752	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:33.875597954 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:33.875649929 CEST	34752	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:41.234906912 CEST	34754	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:41.239701033 CEST	38241	34754	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:41.239790916 CEST	34754	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:41.240535975 CEST	34754	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:41.244987965 CEST	38241	34754	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:41.245057106 CEST	34754	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:41.245251894 CEST	38241	34754	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:41.249857903 CEST	38241	34754	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:42.259208918 CEST	34756	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:42.264128923 CEST	38241	34756	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:42.264302969 CEST	34756	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:42.265248060 CEST	34756	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:42.269392014 CEST	38241	34756	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:42.269481897 CEST	34756	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:42.270050049 CEST	38241	34756	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:42.274383068 CEST	38241	34756	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:43.508996010 CEST	34758	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:43.513856888 CEST	38241	34758	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:43.513942003 CEST	34758	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:43.514628887 CEST	34758	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:43.519084930 CEST	38241	34758	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:43.519159079 CEST	34758	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:43.519418001 CEST	38241	34758	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:43.524000883 CEST	38241	34758	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:45.060710907 CEST	34760	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:45.065876961 CEST	38241	34760	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:45.065948963 CEST	34760	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:45.067509890 CEST	34760	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:45.070988894 CEST	38241	34760	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:45.071082115 CEST	34760	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:45.072328091 CEST	38241	34760	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:45.075788975 CEST	38241	34760	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:51.091773987 CEST	34762	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:51.096628904 CEST	38241	34762	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:51.096734047 CEST	34762	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:51.097704887 CEST	34762	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:51.101861954 CEST	38241	34762	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:51.101996899 CEST	34762	38241	192.168.2.14	93.123.39.105
Oct 8, 2024 10:50:51.102675915 CEST	38241	34762	93.123.39.105	192.168.2.14
Oct 8, 2024 10:50:51.106852055 CEST	38241	34762	93.123.39.105	192.168.2.14

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 10:48:48.520395994 CEST	37698	53	192.168.2.14	81.169.136.222
Oct 8, 2024 10:48:48.723895073 CEST	53	37698	81.169.136.222	192.168.2.14
Oct 8, 2024 10:48:49.738895893 CEST	58081	53	192.168.2.14	202.61.197.122
Oct 8, 2024 10:48:49.896581888 CEST	53	58081	202.61.197.122	192.168.2.14
Oct 8, 2024 10:48:50.908981085 CEST	49611	53	192.168.2.14	137.220.52.23
Oct 8, 2024 10:48:55.915427923 CEST	41104	53	192.168.2.14	80.152.203.134
Oct 8, 2024 10:48:56.137307882 CEST	53	41104	80.152.203.134	192.168.2.14
Oct 8, 2024 10:48:57.149751902 CEST	48492	53	192.168.2.14	51.158.108.203
Oct 8, 2024 10:48:58.002007961 CEST	53	48492	51.158.108.203	192.168.2.14
Oct 8, 2024 10:48:59.016789913 CEST	44426	53	192.168.2.14	51.158.108.203
Oct 8, 2024 10:48:59.032577991 CEST	53	44426	51.158.108.203	192.168.2.14
Oct 8, 2024 10:49:00.045907021 CEST	48433	53	192.168.2.14	217.160.70.42
Oct 8, 2024 10:49:00.258536100 CEST	53	48433	217.160.70.42	192.168.2.14
Oct 8, 2024 10:49:01.271260977 CEST	51938	53	192.168.2.14	64.176.6.48
Oct 8, 2024 10:49:06.277278900 CEST	36711	53	192.168.2.14	51.158.108.203
Oct 8, 2024 10:49:06.292879105 CEST	53	36711	51.158.108.203	192.168.2.14
Oct 8, 2024 10:49:07.305980921 CEST	53719	53	192.168.2.14	5.161.109.23
Oct 8, 2024 10:49:12.312285900 CEST	58686	53	192.168.2.14	185.181.61.24
Oct 8, 2024 10:49:12.518167973 CEST	53	58686	185.181.61.24	192.168.2.14
Oct 8, 2024 10:49:13.531661987 CEST	33503	53	192.168.2.14	168.235.111.72
Oct 8, 2024 10:49:13.690280914 CEST	53	33503	168.235.111.72	192.168.2.14
Oct 8, 2024 10:49:14.703409910 CEST	39869	53	192.168.2.14	5.161.109.23
Oct 8, 2024 10:49:19.709338903 CEST	33292	53	192.168.2.14	194.36.144.87
Oct 8, 2024 10:49:19.720058918 CEST	53	33292	194.36.144.87	192.168.2.14
Oct 8, 2024 10:49:20.733411074 CEST	35502	53	192.168.2.14	5.161.109.23
Oct 8, 2024 10:49:25.739190102 CEST	36781	53	192.168.2.14	64.176.6.48
Oct 8, 2024 10:49:30.745615959 CEST	38085	53	192.168.2.14	152.53.15.127
Oct 8, 2024 10:49:30.755996943 CEST	53	38085	152.53.15.127	192.168.2.14
Oct 8, 2024 10:49:31.769263983 CEST	35705	53	192.168.2.14	217.160.70.42
Oct 8, 2024 10:49:31.989970922 CEST	53	35705	217.160.70.42	192.168.2.14
Oct 8, 2024 10:49:33.006119967 CEST	45636	53	192.168.2.14	64.176.6.48
Oct 8, 2024 10:49:38.013008118 CEST	43415	53	192.168.2.14	152.53.15.127
Oct 8, 2024 10:49:38.024666071 CEST	53	43415	152.53.15.127	192.168.2.14
Oct 8, 2024 10:49:39.046808958 CEST	48134	53	192.168.2.14	168.235.111.72
Oct 8, 2024 10:49:39.204320908 CEST	53	48134	168.235.111.72	192.168.2.14
Oct 8, 2024 10:49:40.219489098 CEST	58998	53	192.168.2.14	178.254.22.166
Oct 8, 2024 10:49:45.227401972 CEST	54385	53	192.168.2.14	217.160.70.42
Oct 8, 2024 10:49:45.463236094 CEST	53	54385	217.160.70.42	192.168.2.14
Oct 8, 2024 10:49:46.476996899 CEST	46186	53	192.168.2.14	185.181.61.24
Oct 8, 2024 10:49:46.670728922 CEST	53	46186	185.181.61.24	192.168.2.14
Oct 8, 2024 10:49:47.684206009 CEST	48173	53	192.168.2.14	139.84.165.176
Oct 8, 2024 10:49:52.690885067 CEST	44580	53	192.168.2.14	5.161.109.23
Oct 8, 2024 10:49:57.697290897 CEST	33890	53	192.168.2.14	168.235.111.72
Oct 8, 2024 10:49:57.858750105 CEST	53	33890	168.235.111.72	192.168.2.14
Oct 8, 2024 10:49:58.873543024 CEST	56373	53	192.168.2.14	70.34.254.19
Oct 8, 2024 10:50:03.880301952 CEST	47577	53	192.168.2.14	137.220.52.23
Oct 8, 2024 10:50:08.885987997 CEST	45722	53	192.168.2.14	137.220.52.23
Oct 8, 2024 10:50:13.891963959 CEST	47653	53	192.168.2.14	185.181.61.24
Oct 8, 2024 10:50:14.103569031 CEST	53	47653	185.181.61.24	192.168.2.14
Oct 8, 2024 10:50:15.116709948 CEST	53947	53	192.168.2.14	51.158.108.203
Oct 8, 2024 10:50:15.132586002 CEST	53	53947	51.158.108.203	192.168.2.14
Oct 8, 2024 10:50:16.145426989 CEST	41140	53	192.168.2.14	217.160.70.42
Oct 8, 2024 10:50:17.210427999 CEST	53	41140	217.160.70.42	192.168.2.14
Oct 8, 2024 10:50:18.225397110 CEST	41530	53	192.168.2.14	81.169.136.222
Oct 8, 2024 10:50:18.431691885 CEST	53	41530	81.169.136.222	192.168.2.14
Oct 8, 2024 10:50:19.445075989 CEST	56809	53	192.168.2.14	178.254.22.166
Oct 8, 2024 10:50:24.451313972 CEST	58729	53	192.168.2.14	137.220.52.23
Oct 8, 2024 10:50:29.457743883 CEST	41822	53	192.168.2.14	194.36.144.87
Oct 8, 2024 10:50:29.467741966 CEST	53	41822	194.36.144.87	192.168.2.14
Oct 8, 2024 10:50:32.085735083 CEST	55776	53	192.168.2.14	80.152.203.134
Oct 8, 2024 10:50:33.251422882 CEST	53	55776	80.152.203.134	192.168.2.14
Oct 8, 2024 10:50:35.879180908 CEST	43643	53	192.168.2.14	139.84.165.176
Oct 8, 2024 10:50:40.886804104 CEST	59750	53	192.168.2.14	202.61.197.122
Oct 8, 2024 10:50:41.232517004 CEST	53	59750	202.61.197.122	192.168.2.14
Oct 8, 2024 10:50:42.247714043 CEST	38847	53	192.168.2.14	152.53.15.127
Oct 8, 2024 10:50:42.257916927 CEST	53	38847	152.53.15.127	192.168.2.14
Oct 8, 2024 10:50:43.272195101 CEST	37246	53	192.168.2.14	81.169.136.222
Oct 8, 2024 10:50:43.508212090 CEST	53	37246	81.169.136.222	192.168.2.14
Oct 8, 2024 10:50:44.521424055 CEST	49406	53	192.168.2.14	168.235.111.72
Oct 8, 2024 10:50:45.059533119 CEST	53	49406	168.235.111.72	192.168.2.14
Oct 8, 2024 10:50:46.074404955 CEST	60280	53	192.168.2.14	5.161.109.23
Oct 8, 2024 10:50:51.080962896 CEST	53820	53	192.168.2.14	152.53.15.127
Oct 8, 2024 10:50:51.091242075 CEST	53	53820	152.53.15.127	192.168.2.14
Oct 8, 2024 10:50:52.104950905 CEST	41747	53	192.168.2.14	139.84.165.176

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 10:48:48.520395994 CEST	192.168.2.14	81.169.136.222	0xeebf	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:49.738895893 CEST	192.168.2.14	202.61.197.122	0x1ab8	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:50.908981085 CEST	192.168.2.14	137.220.52.23	0xb69d	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:55.915427923 CEST	192.168.2.14	80.152.203.134	0xa042	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:57.149751902 CEST	192.168.2.14	51.158.108.203	0x37fb	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:59.016789913 CEST	192.168.2.14	51.158.108.203	0x6c3a	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:00.045907021 CEST	192.168.2.14	217.160.70.42	0x94f4	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:01.271260977 CEST	192.168.2.14	64.176.6.48	0x3db1	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:06.277278900 CEST	192.168.2.14	51.158.108.203	0x7d87	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:07.305980921 CEST	192.168.2.14	5.161.109.23	0x6acd	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:12.312285900 CEST	192.168.2.14	185.181.61.24	0x8abc	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:13.531661987 CEST	192.168.2.14	168.235.111.72	0x81d5	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:14.703409910 CEST	192.168.2.14	5.161.109.23	0xd00c	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:19.709338903 CEST	192.168.2.14	194.36.144.87	0x45f7	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:20.733411074 CEST	192.168.2.14	5.161.109.23	0xdefd	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:25.739190102 CEST	192.168.2.14	64.176.6.48	0xa3b1	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:30.745615959 CEST	192.168.2.14	152.53.15.127	0x5896	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:31.769263983 CEST	192.168.2.14	217.160.70.42	0x857c	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:33.006119967 CEST	192.168.2.14	64.176.6.48	0x3dee	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:38.013008118 CEST	192.168.2.14	152.53.15.127	0x8a1a	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:39.046808958 CEST	192.168.2.14	168.235.111.72	0xbe8	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:40.219489098 CEST	192.168.2.14	178.254.22.166	0xc5dc	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:45.227401972 CEST	192.168.2.14	217.160.70.42	0xf9e4	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:46.476996899 CEST	192.168.2.14	185.181.61.24	0xe24a	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:47.684206009 CEST	192.168.2.14	139.84.165.176	0x7ed7	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:52.690885067 CEST	192.168.2.14	5.161.109.23	0x6c24	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:57.697290897 CEST	192.168.2.14	168.235.111.72	0x8722	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:58.873543024 CEST	192.168.2.14	70.34.254.19	0x8d20	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:03.880301952 CEST	192.168.2.14	137.220.52.23	0xd0a8	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:08.885987997 CEST	192.168.2.14	137.220.52.23	0x7d1e	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:13.891963959 CEST	192.168.2.14	185.181.61.24	0xd7cc	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:15.116709948 CEST	192.168.2.14	51.158.108.203	0xcf2	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:16.145426989 CEST	192.168.2.14	217.160.70.42	0x5278	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:18.225397110 CEST	192.168.2.14	81.169.136.222	0x57c9	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:19.445075989 CEST	192.168.2.14	178.254.22.166	0x194e	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:24.451313972 CEST	192.168.2.14	137.220.52.23	0x3ba4	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:29.457743883 CEST	192.168.2.14	194.36.144.87	0x44ae	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:32.085735083 CEST	192.168.2.14	80.152.203.134	0x32cb	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:35.879180908 CEST	192.168.2.14	139.84.165.176	0x5bd7	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:40.886804104 CEST	192.168.2.14	202.61.197.122	0x7356	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:42.247714043 CEST	192.168.2.14	152.53.15.127	0x37c	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:43.272195101 CEST	192.168.2.14	81.169.136.222	0x2253	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:44.521424055 CEST	192.168.2.14	168.235.111.72	0x9012	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:46.074404955 CEST	192.168.2.14	5.161.109.23	0x7caa	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:51.080962896 CEST	192.168.2.14	152.53.15.127	0x9a5d	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:52.104950905 CEST	192.168.2.14	139.84.165.176	0xc46e	Standard query (0)	enemybotnet.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 10:48:48.723895073 CEST	81.169.136.222	192.168.2.14	0xeebf	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:49.896581888 CEST	202.61.197.122	192.168.2.14	0x1ab8	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:56.137307882 CEST	80.152.203.134	192.168.2.14	0xa042	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:58.002007961 CEST	51.158.108.203	192.168.2.14	0x37fb	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:48:59.032577991 CEST	51.158.108.203	192.168.2.14	0x6c3a	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:00.258536100 CEST	217.160.70.42	192.168.2.14	0x94f4	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:06.292879105 CEST	51.158.108.203	192.168.2.14	0x7d87	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:12.518167973 CEST	185.181.61.24	192.168.2.14	0x8abc	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:13.690280914 CEST	168.235.111.72	192.168.2.14	0x81d5	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:19.720058918 CEST	194.36.144.87	192.168.2.14	0x45f7	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:30.755996943 CEST	152.53.15.127	192.168.2.14	0x5896	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:31.989970922 CEST	217.160.70.42	192.168.2.14	0x857c	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:38.024666071 CEST	152.53.15.127	192.168.2.14	0x8a1a	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:39.204320908 CEST	168.235.111.72	192.168.2.14	0xbe8	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:45.463236094 CEST	217.160.70.42	192.168.2.14	0xf9e4	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:46.670728922 CEST	185.181.61.24	192.168.2.14	0xe24a	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:49:57.858750105 CEST	168.235.111.72	192.168.2.14	0x8722	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:14.103569031 CEST	185.181.61.24	192.168.2.14	0xd7cc	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:15.132586002 CEST	51.158.108.203	192.168.2.14	0xcf2	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:17.210427999 CEST	217.160.70.42	192.168.2.14	0x5278	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:18.431691885 CEST	81.169.136.222	192.168.2.14	0x57c9	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:29.467741966 CEST	194.36.144.87	192.168.2.14	0x44ae	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:33.251422882 CEST	80.152.203.134	192.168.2.14	0x32cb	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:41.232517004 CEST	202.61.197.122	192.168.2.14	0x7356	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:42.257916927 CEST	152.53.15.127	192.168.2.14	0x37c	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:43.508212090 CEST	81.169.136.222	192.168.2.14	0x2253	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:45.059533119 CEST	168.235.111.72	192.168.2.14	0x9012	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false
Oct 8, 2024 10:50:51.091242075 CEST	152.53.15.127	192.168.2.14	0x9a5d	No error (0)	enemybotnet.com	93.123.39.105	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 5479, Parent PID: 5403

General

Start time (UTC):	08:48:46
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: na.elf PID: 5481, Parent PID: 5479

General

Start time (UTC):	08:48:46
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: na.elf PID: 5491, Parent PID: 5481

General

Start time (UTC):	08:48:46
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: udisksd PID: 5495, Parent PID: 803

General

Start time (UTC):	08:48:46
Start date (UTC):	08/10/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Chronological Activities

Analysis Process: dumpe2fs PID: 5495, Parent PID: 803

General

Start time (UTC):	08:48:46
Start date (UTC):	08/10/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: na.elf PID: 5479, Parent PID: 5403

General

Chronological Activities

Analysis Process: na.elf PID: 5481, Parent PID: 5479

General

Chronological Activities

Analysis Process: na.elf PID: 5491, Parent PID: 5481

General

Chronological Activities

Analysis Process: udisksd PID: 5495, Parent PID: 803

General

Chronological Activities

Analysis Process: dumpe2fs PID: 5495, Parent PID: 803

General

Chronological Activities

Linux Analysis Report
na.elf