Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:na.elf
Analysis ID:1528782
MD5:f7645a38ffbf63bce7429580b1aea9aa
SHA1:cab0e6480fdb89a8cf4b66f50ea6ebfc98a1dbe9
SHA256:6057190ea3e2531ad5d67e762e53e0ed314a4df35c21fe76d580ba3a6be3e313
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528782
Start date and time:2024-10-08 10:50:01 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 19s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:na.elf
Detection:MAL
Classification:mal72.troj.linELF@0/0@49/0

Runtime Messages

Command:/tmp/na.elf
PID:5502
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
zenci
Standard Error:

Process Tree

  • system is lnxubuntu20
  • na.elf (PID: 5502, Parent: 5420, MD5: f7645a38ffbf63bce7429580b1aea9aa) Arguments: /tmp/na.elf
    • na.elf New Fork (PID: 5503, Parent: 5502)
      • na.elf New Fork (PID: 5509, Parent: 5503)
  • udisksd New Fork (PID: 5514, Parent: 803)
  • dumpe2fs (PID: 5514, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
na.elfLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0x9534:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
na.elfLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0x9d23:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
na.elfLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7632:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x7768:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
na.elfLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xc49e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
na.elfLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0x98e3:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 4 entries

Memory Dumps

SourceRuleDescriptionAuthorStrings
5509.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
  • 0x9534:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
5509.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
  • 0x9d23:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
5509.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_d4227dbfunknownunknown
  • 0x7632:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
  • 0x7768:$a: FF 48 81 EC D0 00 00 00 48 8D 84 24 E0 00 00 00 48 89 54 24 30 C7 04 24 18 00
5509.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_d996d335unknownunknown
  • 0xc49e:$a: D0 EB 0F 40 38 37 75 04 48 89 F8 C3 49 FF C8 48 FF C7 4D 85 C0
5509.1.0000000000400000.000000000040f000.r-x.sdmpLinux_Trojan_Gafgyt_620087b9unknownunknown
  • 0x98e3:$a: 48 89 D8 48 83 C8 01 EB 04 48 8B 76 10 48 3B 46 08 72 F6 48 8B
Click to see the 13 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: na.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: na.elfReversingLabs: Detection: 57%
Source: na.elfVirustotal: Detection: 60%Perma Link
Machine Learning detection for sample
Source: na.elfJoe Sandbox ML: detected

Networking

barindex
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 93.123.39.105 ports 38241,1,2,3,4,8
Source: global trafficTCP traffic: 192.168.2.15:52614 -> 93.123.39.105:38241
Source: /tmp/na.elf (PID: 5502)Socket: 127.0.0.1:2353Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknownUDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknownUDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknownUDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknownUDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknownUDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknownUDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknownUDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 139.84.165.176
Source: global trafficDNS traffic detected: DNS query: enemybotnet.com

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
Source: ELF static info symbol of initial sample.symtab present: no
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: na.elf, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5509.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
Source: 5502.1.0000000000400000.000000000040f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
Source: classification engineClassification label: mal72.troj.linELF@0/0@49/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528782 Sample: na.elf Startdate: 08/10/2024 Architecture: LINUX Score: 72 16 enemybotnet.com 93.123.39.105, 38241, 52614, 52616 NET1-ASBG Bulgaria 2->16 18 Malicious sample detected (through community Yara rule) 2->18 20 Antivirus / Scanner detection for submitted sample 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 2 other signatures 2->24 8 na.elf 2->8         started        10 udisksd dumpe2fs 2->10         started        signatures3 process4 process5 12 na.elf 8->12         started        process6 14 na.elf 12->14         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
na.elf58%ReversingLabsLinux.Trojan.Mirai
na.elf61%VirustotalBrowse
na.elf100%AviraEXP/ELF.Mirai.W
na.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
enemybotnet.com14%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
enemybotnet.com
93.123.39.105
truetrueunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
93.123.39.105
enemybotnet.comBulgaria
43561NET1-ASBGtrue

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
93.123.39.105na.elfGet hashmaliciousUnknownBrowse
    na.elfGet hashmaliciousUnknownBrowse
      na.elfGet hashmaliciousUnknownBrowse
        na.elfGet hashmaliciousUnknownBrowse
          na.elfGet hashmaliciousUnknownBrowse
            arm7.elfGet hashmaliciousMiraiBrowse
              x86.elfGet hashmaliciousUnknownBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                enemybotnet.comna.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                arm7.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.105
                x86.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                NET1-ASBGna.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousUnknownBrowse
                • 93.123.39.105
                na.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.116
                na.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.116
                na.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.116
                na.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.116
                na.elfGet hashmaliciousMiraiBrowse
                • 93.123.39.116

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                Entropy (8bit):6.034894386295873
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:na.elf
                File size:63'264 bytes
                MD5:f7645a38ffbf63bce7429580b1aea9aa
                SHA1:cab0e6480fdb89a8cf4b66f50ea6ebfc98a1dbe9
                SHA256:6057190ea3e2531ad5d67e762e53e0ed314a4df35c21fe76d580ba3a6be3e313
                SHA512:799fcefd190bdea37b42f467afb74933e67ccfd5f086e43072159bef8018452ec95bd75c2cef5b81a2e9954b71ebeac05f4ed17bfbae13356d1149298a4bb4e3
                SSDEEP:1536:KzGIfL8YS4+Q41druM/iIAyUvuxM3s+PQBuh8Qw6:iGID8XBQ41cQQyUEv+PVh8Qw6
                TLSH:15533A17B540C0FCC59DC174572AB63AF673757D0238B3AA3798EB126E4AE614E2E640
                File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@.....p.......p.................................P.......P.....`........=..............Q.td....................................................H...._........H........

                Static ELF Info

                ELF header

                Class:ELF64
                Data:2's complement, little endian
                Version:1 (current)
                Machine:Advanced Micro Devices X86-64
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x400194
                Flags:0x0
                ELF Header Size:64
                Program Header Offset:64
                Program Header Size:56
                Number of Program Headers:3
                Section Header Offset:62624
                Section Header Size:64
                Number of Section Headers:10
                Header String Table Index:9

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x4000e80xe80x130x00x6AX001
                .textPROGBITS0x4001000x1000xc8260x00x6AX0016
                .finiPROGBITS0x40c9260xc9260xe0x00x6AX001
                .rodataPROGBITS0x40c9400xc9400x1a300x00x2A0032
                .ctorsPROGBITS0x50f0000xf0000x100x00x3WA008
                .dtorsPROGBITS0x50f0100xf0100x100x00x3WA008
                .dataPROGBITS0x50f0400xf0400x4200x00x3WA0032
                .bssNOBITS0x50f4600xf4600x39680x00x3WA0032
                .shstrtabSTRTAB0x00xf4600x3e0x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x4000000x4000000xe3700xe3706.31910x5R E0x100000.init .text .fini .rodata
                LOAD0xf0000x50f0000x50f0000x4600x3dc82.17520x6RW 0x100000.ctors .dtors .data .bss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Oct 8, 2024 10:50:49.095293999 CEST5261438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:50:49.100100994 CEST382415261493.123.39.105192.168.2.15
                Oct 8, 2024 10:50:49.100158930 CEST5261438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:50:49.100948095 CEST5261438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:50:49.105360985 CEST382415261493.123.39.105192.168.2.15
                Oct 8, 2024 10:50:49.105438948 CEST5261438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:50:49.105832100 CEST382415261493.123.39.105192.168.2.15
                Oct 8, 2024 10:50:49.110229015 CEST382415261493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:00.283716917 CEST5261638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:00.289845943 CEST382415261693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:00.289927006 CEST5261638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:00.290765047 CEST5261638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:00.295080900 CEST382415261693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:00.295141935 CEST5261638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:00.295520067 CEST382415261693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:00.299963951 CEST382415261693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:01.507530928 CEST5261838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:01.512466908 CEST382415261893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:01.512615919 CEST5261838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:01.513827085 CEST5261838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:01.518208981 CEST382415261893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:01.518323898 CEST5261838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:01.518660069 CEST382415261893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:01.523217916 CEST382415261893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:03.047537088 CEST5262038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:03.052484989 CEST382415262093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:03.052572966 CEST5262038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:03.053823948 CEST5262038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:03.057734966 CEST382415262093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:03.057864904 CEST5262038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:03.058664083 CEST382415262093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:03.062664032 CEST382415262093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:19.292335987 CEST5262238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:19.299232006 CEST382415262293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:19.299319983 CEST5262238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:19.300586939 CEST5262238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:19.306354046 CEST382415262293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:19.306464911 CEST5262238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:19.307290077 CEST382415262293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:19.313416004 CEST382415262293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:25.480070114 CEST5262438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:25.485045910 CEST382415262493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:25.485157967 CEST5262438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:25.486248016 CEST5262438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:25.490200043 CEST382415262493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:25.490309000 CEST5262438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:25.491017103 CEST382415262493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:25.495160103 CEST382415262493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:36.522789001 CEST5262638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:36.527642965 CEST382415262693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:36.527764082 CEST5262638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:36.528950930 CEST5262638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:36.533060074 CEST382415262693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:36.533139944 CEST5262638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:36.534173965 CEST382415262693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:36.537935019 CEST382415262693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:37.711779118 CEST5262838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:37.717324018 CEST382415262893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:37.717428923 CEST5262838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:37.718435049 CEST5262838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:37.722665071 CEST382415262893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:37.722754002 CEST5262838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:37.723347902 CEST382415262893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:37.727643013 CEST382415262893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:39.083690882 CEST5263038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:39.088624001 CEST382415263093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:39.088742018 CEST5263038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:39.089653969 CEST5263038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:39.093911886 CEST382415263093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:39.093996048 CEST5263038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:39.094455004 CEST382415263093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:39.099086046 CEST382415263093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:40.261295080 CEST5263238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:40.266226053 CEST382415263293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:40.266308069 CEST5263238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:40.268017054 CEST5263238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:40.271523952 CEST382415263293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:40.271625996 CEST5263238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:40.272815943 CEST382415263293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:40.276490927 CEST382415263293.123.39.105192.168.2.15
                Oct 8, 2024 10:51:46.293735981 CEST5263438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:46.298705101 CEST382415263493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:46.298825979 CEST5263438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:46.300329924 CEST5263438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:46.304145098 CEST382415263493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:46.304291010 CEST5263438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:46.305258036 CEST382415263493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:46.309226990 CEST382415263493.123.39.105192.168.2.15
                Oct 8, 2024 10:51:52.527544975 CEST5263638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:52.532538891 CEST382415263693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:52.532633066 CEST5263638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:52.533798933 CEST5263638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:52.537750006 CEST382415263693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:52.538135052 CEST5263638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:52.538815022 CEST382415263693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:52.543641090 CEST382415263693.123.39.105192.168.2.15
                Oct 8, 2024 10:51:53.551989079 CEST5263838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:53.556982994 CEST382415263893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:53.557091951 CEST5263838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:53.558015108 CEST5263838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:53.562221050 CEST382415263893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:53.562318087 CEST5263838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:53.562846899 CEST382415263893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:53.568068027 CEST382415263893.123.39.105192.168.2.15
                Oct 8, 2024 10:51:54.861289978 CEST5264038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:54.866343975 CEST382415264093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:54.866425037 CEST5264038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:54.867189884 CEST5264038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:54.871620893 CEST382415264093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:54.871712923 CEST5264038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:51:54.872126102 CEST382415264093.123.39.105192.168.2.15
                Oct 8, 2024 10:51:54.876462936 CEST382415264093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:01.041090012 CEST5264238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:01.047213078 CEST382415264293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:01.047350883 CEST5264238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:01.048494101 CEST5264238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:01.054105997 CEST382415264293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:01.054227114 CEST5264238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:01.054570913 CEST382415264293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:01.059684038 CEST382415264293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:02.545157909 CEST5264438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:02.550138950 CEST382415264493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:02.550247908 CEST5264438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:02.551312923 CEST5264438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:02.555603981 CEST382415264493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:02.555733919 CEST5264438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:02.556224108 CEST382415264493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:02.563287020 CEST382415264493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:03.722588062 CEST5264638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:03.727469921 CEST382415264693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:03.727544069 CEST5264638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:03.728631973 CEST5264638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:03.732714891 CEST382415264693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:03.732786894 CEST5264638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:03.733414888 CEST382415264693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:03.738497019 CEST382415264693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:09.956295967 CEST5264838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:09.961247921 CEST382415264893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:09.961318016 CEST5264838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:09.962383986 CEST5264838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:09.966444016 CEST382415264893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:09.966531992 CEST5264838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:09.967202902 CEST382415264893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:09.971601963 CEST382415264893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:11.179218054 CEST5265038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:11.185091019 CEST382415265093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:11.185162067 CEST5265038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:11.186369896 CEST5265038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:11.191247940 CEST382415265093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:11.191340923 CEST5265038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:11.192106962 CEST382415265093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:11.197190046 CEST382415265093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:12.404655933 CEST5265238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:12.409672022 CEST382415265293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:12.409765959 CEST5265238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:12.410861969 CEST5265238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:12.415290117 CEST382415265293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:12.415437937 CEST5265238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:12.415951014 CEST382415265293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:12.420562983 CEST382415265293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:23.584774017 CEST5265438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:23.591826916 CEST382415265493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:23.591950893 CEST5265438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:23.593014002 CEST5265438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:23.598604918 CEST382415265493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:23.598721027 CEST5265438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:23.599195004 CEST382415265493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:23.604989052 CEST382415265493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:24.799187899 CEST5265638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:24.804233074 CEST382415265693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:24.804316998 CEST5265638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:24.805500031 CEST5265638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:24.809706926 CEST382415265693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:24.809811115 CEST5265638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:24.810297966 CEST382415265693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:24.814656973 CEST382415265693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:25.829538107 CEST5265838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:25.834503889 CEST382415265893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:25.834646940 CEST5265838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:25.835592985 CEST5265838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:25.840097904 CEST382415265893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:25.840234995 CEST5265838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:25.840425968 CEST382415265893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:25.845099926 CEST382415265893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:27.004403114 CEST5266038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:27.009330988 CEST382415266093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:27.009430885 CEST5266038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:27.010293961 CEST5266038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:27.014842987 CEST382415266093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:27.014955044 CEST5266038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:27.015050888 CEST382415266093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:27.019737005 CEST382415266093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:28.033726931 CEST5266238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:28.038940907 CEST382415266293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:28.039084911 CEST5266238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:28.039968967 CEST5266238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:28.044833899 CEST382415266293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:28.044900894 CEST5266238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:28.049777985 CEST382415266293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:28.064692020 CEST382415266293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:29.080581903 CEST5266438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:29.085622072 CEST382415266493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:29.085716963 CEST5266438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:29.086855888 CEST5266438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:29.090887070 CEST382415266493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:29.090996027 CEST5266438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:29.091731071 CEST382415266493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:29.095849037 CEST382415266493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:30.256047010 CEST5266638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:30.260945082 CEST382415266693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:30.261038065 CEST5266638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:30.262042046 CEST5266638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:30.266365051 CEST382415266693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:30.266462088 CEST5266638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:30.266824961 CEST382415266693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:30.271281958 CEST382415266693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:31.757610083 CEST5266838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:31.762564898 CEST382415266893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:31.762676954 CEST5266838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:31.763887882 CEST5266838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:31.768347025 CEST382415266893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:31.768439054 CEST5266838241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:31.768719912 CEST382415266893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:31.773437977 CEST382415266893.123.39.105192.168.2.15
                Oct 8, 2024 10:52:37.795825005 CEST5267038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:37.801253080 CEST382415267093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:37.801460981 CEST5267038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:37.802323103 CEST5267038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:37.807018995 CEST382415267093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:37.807079077 CEST5267038241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:37.807118893 CEST382415267093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:37.812102079 CEST382415267093.123.39.105192.168.2.15
                Oct 8, 2024 10:52:38.969815016 CEST5267238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:38.974948883 CEST382415267293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:38.975090027 CEST5267238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:38.977166891 CEST5267238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:38.980427027 CEST382415267293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:38.980678082 CEST5267238241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:38.982042074 CEST382415267293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:38.985944986 CEST382415267293.123.39.105192.168.2.15
                Oct 8, 2024 10:52:40.189929962 CEST5267438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:40.194876909 CEST382415267493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:40.195024014 CEST5267438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:40.196378946 CEST5267438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:40.200238943 CEST382415267493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:40.200345993 CEST5267438241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:40.201206923 CEST382415267493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:40.205176115 CEST382415267493.123.39.105192.168.2.15
                Oct 8, 2024 10:52:46.442930937 CEST5267638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:46.448029995 CEST382415267693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:46.448096991 CEST5267638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:46.448885918 CEST5267638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:46.453337908 CEST382415267693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:46.453469992 CEST5267638241192.168.2.1593.123.39.105
                Oct 8, 2024 10:52:46.453716040 CEST382415267693.123.39.105192.168.2.15
                Oct 8, 2024 10:52:46.458435059 CEST382415267693.123.39.105192.168.2.15

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Oct 8, 2024 10:50:49.084217072 CEST3384653192.168.2.15152.53.15.127
                Oct 8, 2024 10:50:49.094736099 CEST5333846152.53.15.127192.168.2.15
                Oct 8, 2024 10:50:50.107474089 CEST4745453192.168.2.15178.254.22.166
                Oct 8, 2024 10:50:55.111743927 CEST3597053192.168.2.15137.220.52.23
                Oct 8, 2024 10:51:00.118457079 CEST5049053192.168.2.15202.61.197.122
                Oct 8, 2024 10:51:00.282675028 CEST5350490202.61.197.122192.168.2.15
                Oct 8, 2024 10:51:01.298521042 CEST3315153192.168.2.1580.152.203.134
                Oct 8, 2024 10:51:01.506192923 CEST533315180.152.203.134192.168.2.15
                Oct 8, 2024 10:51:02.521166086 CEST5261553192.168.2.1581.169.136.222
                Oct 8, 2024 10:51:03.045363903 CEST535261581.169.136.222192.168.2.15
                Oct 8, 2024 10:51:04.060178995 CEST3376353192.168.2.1564.176.6.48
                Oct 8, 2024 10:51:09.066608906 CEST5154253192.168.2.1564.176.6.48
                Oct 8, 2024 10:51:14.070919037 CEST5548053192.168.2.15178.254.22.166
                Oct 8, 2024 10:51:19.077316999 CEST3329353192.168.2.15217.160.70.42
                Oct 8, 2024 10:51:19.291280031 CEST5333293217.160.70.42192.168.2.15
                Oct 8, 2024 10:51:20.309165001 CEST3938653192.168.2.15137.220.52.23
                Oct 8, 2024 10:51:25.316313028 CEST5455253192.168.2.15202.61.197.122
                Oct 8, 2024 10:51:25.478765011 CEST5354552202.61.197.122192.168.2.15
                Oct 8, 2024 10:51:26.493606091 CEST4349253192.168.2.15178.254.22.166
                Oct 8, 2024 10:51:31.499916077 CEST5360953192.168.2.15178.254.22.166
                Oct 8, 2024 10:51:36.506520987 CEST3657853192.168.2.1551.158.108.203
                Oct 8, 2024 10:51:36.522078037 CEST533657851.158.108.203192.168.2.15
                Oct 8, 2024 10:51:37.535896063 CEST3641553192.168.2.15168.235.111.72
                Oct 8, 2024 10:51:37.710683107 CEST5336415168.235.111.72192.168.2.15
                Oct 8, 2024 10:51:38.725214958 CEST4270253192.168.2.1580.152.203.134
                Oct 8, 2024 10:51:39.082613945 CEST534270280.152.203.134192.168.2.15
                Oct 8, 2024 10:51:40.096771002 CEST4543653192.168.2.15202.61.197.122
                Oct 8, 2024 10:51:40.259720087 CEST5345436202.61.197.122192.168.2.15
                Oct 8, 2024 10:51:41.274916887 CEST4052653192.168.2.1570.34.254.19
                Oct 8, 2024 10:51:46.281876087 CEST3907953192.168.2.15152.53.15.127
                Oct 8, 2024 10:51:46.292422056 CEST5339079152.53.15.127192.168.2.15
                Oct 8, 2024 10:51:47.307004929 CEST5577553192.168.2.15178.254.22.166
                Oct 8, 2024 10:51:52.313817978 CEST5505553192.168.2.15185.181.61.24
                Oct 8, 2024 10:51:52.526424885 CEST5355055185.181.61.24192.168.2.15
                Oct 8, 2024 10:51:53.541152954 CEST5560653192.168.2.15194.36.144.87
                Oct 8, 2024 10:51:53.551354885 CEST5355606194.36.144.87192.168.2.15
                Oct 8, 2024 10:51:54.565241098 CEST4203753192.168.2.1565.21.1.106
                Oct 8, 2024 10:51:54.860171080 CEST534203765.21.1.106192.168.2.15
                Oct 8, 2024 10:51:55.874299049 CEST4324553192.168.2.1564.176.6.48
                Oct 8, 2024 10:52:00.880759954 CEST3381553192.168.2.15202.61.197.122
                Oct 8, 2024 10:52:01.039829969 CEST5333815202.61.197.122192.168.2.15
                Oct 8, 2024 10:52:02.057003021 CEST4259053192.168.2.1580.152.203.134
                Oct 8, 2024 10:52:02.543881893 CEST534259080.152.203.134192.168.2.15
                Oct 8, 2024 10:52:03.558358908 CEST4069153192.168.2.15202.61.197.122
                Oct 8, 2024 10:52:03.721587896 CEST5340691202.61.197.122192.168.2.15
                Oct 8, 2024 10:52:04.735264063 CEST5886753192.168.2.15137.220.52.23
                Oct 8, 2024 10:52:09.742343903 CEST3750253192.168.2.15217.160.70.42
                Oct 8, 2024 10:52:09.955168009 CEST5337502217.160.70.42192.168.2.15
                Oct 8, 2024 10:52:10.969120979 CEST5626753192.168.2.15217.160.70.42
                Oct 8, 2024 10:52:11.178106070 CEST5356267217.160.70.42192.168.2.15
                Oct 8, 2024 10:52:12.194449902 CEST5187353192.168.2.15185.181.61.24
                Oct 8, 2024 10:52:12.403537989 CEST5351873185.181.61.24192.168.2.15
                Oct 8, 2024 10:52:13.418519974 CEST4768853192.168.2.15137.220.52.23
                Oct 8, 2024 10:52:18.421654940 CEST5757553192.168.2.15137.220.52.23
                Oct 8, 2024 10:52:23.424447060 CEST4676553192.168.2.15168.235.111.72
                Oct 8, 2024 10:52:23.583601952 CEST5346765168.235.111.72192.168.2.15
                Oct 8, 2024 10:52:24.601634026 CEST5064353192.168.2.15185.181.61.24
                Oct 8, 2024 10:52:24.797935009 CEST5350643185.181.61.24192.168.2.15
                Oct 8, 2024 10:52:25.812822104 CEST4716153192.168.2.1551.158.108.203
                Oct 8, 2024 10:52:25.828797102 CEST534716151.158.108.203192.168.2.15
                Oct 8, 2024 10:52:26.842780113 CEST3514553192.168.2.15168.235.111.72
                Oct 8, 2024 10:52:27.003518105 CEST5335145168.235.111.72192.168.2.15
                Oct 8, 2024 10:52:28.017117023 CEST5729453192.168.2.1551.158.108.203
                Oct 8, 2024 10:52:28.033108950 CEST535729451.158.108.203192.168.2.15
                Oct 8, 2024 10:52:29.069120884 CEST5175153192.168.2.15152.53.15.127
                Oct 8, 2024 10:52:29.079587936 CEST5351751152.53.15.127192.168.2.15
                Oct 8, 2024 10:52:30.093750000 CEST5143553192.168.2.15202.61.197.122
                Oct 8, 2024 10:52:30.254544973 CEST5351435202.61.197.122192.168.2.15
                Oct 8, 2024 10:52:31.269414902 CEST4679953192.168.2.1580.152.203.134
                Oct 8, 2024 10:52:31.756376028 CEST534679980.152.203.134192.168.2.15
                Oct 8, 2024 10:52:32.771509886 CEST5520653192.168.2.15139.84.165.176
                Oct 8, 2024 10:52:37.778675079 CEST3778853192.168.2.1551.158.108.203
                Oct 8, 2024 10:52:37.794817924 CEST533778851.158.108.203192.168.2.15
                Oct 8, 2024 10:52:38.809994936 CEST4790753192.168.2.15202.61.197.122
                Oct 8, 2024 10:52:38.967525959 CEST5347907202.61.197.122192.168.2.15
                Oct 8, 2024 10:52:39.984760046 CEST4635053192.168.2.15217.160.70.42
                Oct 8, 2024 10:52:40.188528061 CEST5346350217.160.70.42192.168.2.15
                Oct 8, 2024 10:52:41.202996969 CEST3361153192.168.2.15178.254.22.166
                Oct 8, 2024 10:52:46.209914923 CEST3425653192.168.2.15217.160.70.42
                Oct 8, 2024 10:52:46.441864014 CEST5334256217.160.70.42192.168.2.15
                Oct 8, 2024 10:52:47.456016064 CEST5860953192.168.2.15139.84.165.176

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Oct 8, 2024 10:50:49.084217072 CEST192.168.2.15152.53.15.1270xc6bbStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:50:50.107474089 CEST192.168.2.15178.254.22.1660xa9b3Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:50:55.111743927 CEST192.168.2.15137.220.52.230x4737Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:00.118457079 CEST192.168.2.15202.61.197.1220x4c41Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:01.298521042 CEST192.168.2.1580.152.203.1340x2579Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:02.521166086 CEST192.168.2.1581.169.136.2220xee30Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:04.060178995 CEST192.168.2.1564.176.6.480xc7e1Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:09.066608906 CEST192.168.2.1564.176.6.480x81a8Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:14.070919037 CEST192.168.2.15178.254.22.1660x3d9bStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:19.077316999 CEST192.168.2.15217.160.70.420x848cStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:20.309165001 CEST192.168.2.15137.220.52.230x92aaStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:25.316313028 CEST192.168.2.15202.61.197.1220xaebeStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:26.493606091 CEST192.168.2.15178.254.22.1660xc75eStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:31.499916077 CEST192.168.2.15178.254.22.1660x85a6Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:36.506520987 CEST192.168.2.1551.158.108.2030xdfbaStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:37.535896063 CEST192.168.2.15168.235.111.720x104Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:38.725214958 CEST192.168.2.1580.152.203.1340xb369Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:40.096771002 CEST192.168.2.15202.61.197.1220x2fdStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:41.274916887 CEST192.168.2.1570.34.254.190x46fStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:46.281876087 CEST192.168.2.15152.53.15.1270x5c4fStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:47.307004929 CEST192.168.2.15178.254.22.1660x125aStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:52.313817978 CEST192.168.2.15185.181.61.240x99edStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:53.541152954 CEST192.168.2.15194.36.144.870x1f94Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:54.565241098 CEST192.168.2.1565.21.1.1060x8292Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:55.874299049 CEST192.168.2.1564.176.6.480xf8fbStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:00.880759954 CEST192.168.2.15202.61.197.1220x4cd7Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:02.057003021 CEST192.168.2.1580.152.203.1340x1968Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:03.558358908 CEST192.168.2.15202.61.197.1220xe6aaStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:04.735264063 CEST192.168.2.15137.220.52.230x9e41Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:09.742343903 CEST192.168.2.15217.160.70.420x8eeeStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:10.969120979 CEST192.168.2.15217.160.70.420x47caStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:12.194449902 CEST192.168.2.15185.181.61.240x38daStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:13.418519974 CEST192.168.2.15137.220.52.230x6ca3Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:18.421654940 CEST192.168.2.15137.220.52.230x33b3Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:23.424447060 CEST192.168.2.15168.235.111.720x719Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:24.601634026 CEST192.168.2.15185.181.61.240x267fStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:25.812822104 CEST192.168.2.1551.158.108.2030x246dStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:26.842780113 CEST192.168.2.15168.235.111.720xc7a2Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:28.017117023 CEST192.168.2.1551.158.108.2030xc10eStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:29.069120884 CEST192.168.2.15152.53.15.1270xbce8Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:30.093750000 CEST192.168.2.15202.61.197.1220xd897Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:31.269414902 CEST192.168.2.1580.152.203.1340xc0f8Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:32.771509886 CEST192.168.2.15139.84.165.1760xa89aStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:37.778675079 CEST192.168.2.1551.158.108.2030x3109Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:38.809994936 CEST192.168.2.15202.61.197.1220x39b0Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:39.984760046 CEST192.168.2.15217.160.70.420x171bStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:41.202996969 CEST192.168.2.15178.254.22.1660xcdb8Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:46.209914923 CEST192.168.2.15217.160.70.420xad31Standard query (0)enemybotnet.comA (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:47.456016064 CEST192.168.2.15139.84.165.1760x515eStandard query (0)enemybotnet.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Oct 8, 2024 10:50:49.094736099 CEST152.53.15.127192.168.2.150xc6bbNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:00.282675028 CEST202.61.197.122192.168.2.150x4c41No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:01.506192923 CEST80.152.203.134192.168.2.150x2579No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:03.045363903 CEST81.169.136.222192.168.2.150xee30No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:19.291280031 CEST217.160.70.42192.168.2.150x848cNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:25.478765011 CEST202.61.197.122192.168.2.150xaebeNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:36.522078037 CEST51.158.108.203192.168.2.150xdfbaNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:37.710683107 CEST168.235.111.72192.168.2.150x104No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:39.082613945 CEST80.152.203.134192.168.2.150xb369No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:40.259720087 CEST202.61.197.122192.168.2.150x2fdNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:46.292422056 CEST152.53.15.127192.168.2.150x5c4fNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:52.526424885 CEST185.181.61.24192.168.2.150x99edNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:53.551354885 CEST194.36.144.87192.168.2.150x1f94No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:51:54.860171080 CEST65.21.1.106192.168.2.150x8292No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:01.039829969 CEST202.61.197.122192.168.2.150x4cd7No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:02.543881893 CEST80.152.203.134192.168.2.150x1968No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:03.721587896 CEST202.61.197.122192.168.2.150xe6aaNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:09.955168009 CEST217.160.70.42192.168.2.150x8eeeNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:11.178106070 CEST217.160.70.42192.168.2.150x47caNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:12.403537989 CEST185.181.61.24192.168.2.150x38daNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:23.583601952 CEST168.235.111.72192.168.2.150x719No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:24.797935009 CEST185.181.61.24192.168.2.150x267fNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:25.828797102 CEST51.158.108.203192.168.2.150x246dNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:27.003518105 CEST168.235.111.72192.168.2.150xc7a2No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:28.033108950 CEST51.158.108.203192.168.2.150xc10eNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:29.079587936 CEST152.53.15.127192.168.2.150xbce8No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:30.254544973 CEST202.61.197.122192.168.2.150xd897No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:31.756376028 CEST80.152.203.134192.168.2.150xc0f8No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:37.794817924 CEST51.158.108.203192.168.2.150x3109No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:38.967525959 CEST202.61.197.122192.168.2.150x39b0No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:40.188528061 CEST217.160.70.42192.168.2.150x171bNo error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false
                Oct 8, 2024 10:52:46.441864014 CEST217.160.70.42192.168.2.150xad31No error (0)enemybotnet.com93.123.39.105A (IP address)IN (0x0001)false

                System Behavior

                General

                Start time (UTC):08:50:47
                Start date (UTC):08/10/2024
                Path:/tmp/na.elf
                Arguments:/tmp/na.elf
                File size:63264 bytes
                MD5 hash:f7645a38ffbf63bce7429580b1aea9aa

                Chronological Activities


                General

                Start time (UTC):08:50:47
                Start date (UTC):08/10/2024
                Path:/tmp/na.elf
                Arguments:-
                File size:63264 bytes
                MD5 hash:f7645a38ffbf63bce7429580b1aea9aa

                Chronological Activities


                General

                Start time (UTC):08:50:47
                Start date (UTC):08/10/2024
                Path:/tmp/na.elf
                Arguments:-
                File size:63264 bytes
                MD5 hash:f7645a38ffbf63bce7429580b1aea9aa

                Chronological Activities


                General

                Start time (UTC):08:50:47
                Start date (UTC):08/10/2024
                Path:/usr/lib/udisks2/udisksd
                Arguments:-
                File size:483056 bytes
                MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                Chronological Activities


                General

                Start time (UTC):08:50:47
                Start date (UTC):08/10/2024
                Path:/usr/sbin/dumpe2fs
                Arguments:dumpe2fs -h /dev/dm-0
                File size:31112 bytes
                MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                Chronological Activities