Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528793
MD5:	81dafff4206f8f940591421cd512c2cf
SHA1:	f9888dd9a7e868b967ff5a0db9195d3726325478
SHA256:	f820461189e55ac4b14ff3f7f47fea1c55458b3cb63c292c38ff2d3f6576380f
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528793
Start date and time:	2024-10-08 10:59:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	na.elf
Detection:	MAL
Classification:	mal56.troj.linELF@0/0@59/0

Runtime Messages

Command:	/tmp/na.elf
PID:	6283
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	thIs wEek on xLaB lEarNs nOthinG xd
Standard Error:

Process Tree

system is lnxubuntu20

na.elf (PID: 6283, Parent: 6205, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/na.elf

na.elf New Fork (PID: 6285, Parent: 6283)

na.elf New Fork (PID: 6287, Parent: 6283)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 18%

Source: na.elf

String: '/proc//exewgetashinitcurltftp/fdsocketproc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin/

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 38.54.57.248 ports 3,4,6,7,9,49376,15987
Source: global traffic	TCP traffic: 156.244.16.207 ports 23789,2,3,7,8,9
Source: global traffic	TCP traffic: 154.205.144.234 ports 54123,1,2,3,4,5
Source: global traffic	TCP traffic: 154.90.62.142 ports 61543,23789,1,3,4,5,6
Source: global traffic	TCP traffic: 156.244.7.75 ports 2,3,6,7,8,32876
Source: global traffic	TCP traffic: 154.223.21.228 ports 46852,61543,2,4,5,6,8,42061,32876,15987
Source: global traffic	TCP traffic: 38.60.249.66 ports 23789,1,2,5,6,7,27651,38429,15987
Source: global traffic	TCP traffic: 38.60.198.180 ports 0,1,2,4,6,42061

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: kr3ddnsnet1.indy. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: r3racegame.indy. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: nineteen.libre. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: subcarrace.indy. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: 21savage.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: krddnsnet.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: 75cents.libre. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: kr2ddnsnet.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: fortyfivehundred.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: ru.coziest.lol. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: 2joints.libre. [malformed]

Source: global traffic	TCP traffic: 192.168.2.23:32798 -> 154.223.21.228:46852
Source: global traffic	TCP traffic: 192.168.2.23:49732 -> 154.205.144.234:54123
Source: global traffic	TCP traffic: 192.168.2.23:40526 -> 154.90.62.142:61543
Source: global traffic	TCP traffic: 192.168.2.23:57654 -> 38.60.249.66:27651
Source: global traffic	TCP traffic: 192.168.2.23:53700 -> 38.54.57.248:49376
Source: global traffic	TCP traffic: 192.168.2.23:35878 -> 156.244.7.75:32876
Source: global traffic	TCP traffic: 192.168.2.23:43772 -> 38.60.198.180:42061
Source: global traffic	TCP traffic: 192.168.2.23:56852 -> 156.244.16.207:23789

Source: /tmp/na.elf (PID: 6283)

Socket: 127.0.0.1:1234

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 161.97.219.84
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.69.123
Source: unknown	UDP traffic detected without corresponding DNS query: 63.231.92.27
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 161.97.219.84
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 162.243.19.47
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 192.3.165.37
Source: unknown	UDP traffic detected without corresponding DNS query: 185.84.81.194
Source: unknown	UDP traffic detected without corresponding DNS query: 192.3.165.37
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 162.243.19.47
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.69.123
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 192.3.165.37
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.69.123
Source: unknown	UDP traffic detected without corresponding DNS query: 185.84.81.194
Source: unknown	UDP traffic detected without corresponding DNS query: 161.97.219.84
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.69.123
Source: unknown	UDP traffic detected without corresponding DNS query: 63.231.92.27
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.69.123
Source: unknown	UDP traffic detected without corresponding DNS query: 161.97.219.84
Source: unknown	UDP traffic detected without corresponding DNS query: 162.243.19.47
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 185.84.81.194
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 116.203.104.203
Source: unknown	UDP traffic detected without corresponding DNS query: 130.61.64.122
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116
Source: unknown	UDP traffic detected without corresponding DNS query: 54.36.111.116

Source: global traffic	DNS traffic detected: DNS query: r3racegame.indy
Source: global traffic	DNS traffic detected: DNS query: kr3ddnsnet1.indy. [malformed]
Source: global traffic	DNS traffic detected: DNS query: r3racegame.indy. [malformed]
Source: global traffic	DNS traffic detected: DNS query: nineteen.libre. [malformed]
Source: global traffic	DNS traffic detected: DNS query: imaverygoodbadboy.libre
Source: global traffic	DNS traffic detected: DNS query: subcarrace.indy. [malformed]
Source: global traffic	DNS traffic detected: DNS query: 21savage.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: krddnsnet.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: 75cents.libre. [malformed]
Source: global traffic	DNS traffic detected: DNS query: kr2ddnsnet.dyn
Source: global traffic	DNS traffic detected: DNS query: kr2ddnsnet.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: eighteen.pirate
Source: global traffic	DNS traffic detected: DNS query: fortyfivehundred.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: ru.coziest.lol. [malformed]
Source: global traffic	DNS traffic detected: DNS query: f.codingdrunk.cc
Source: global traffic	DNS traffic detected: DNS query: krddnsnet.dyn
Source: global traffic	DNS traffic detected: DNS query: 2joints.libre
Source: global traffic	DNS traffic detected: DNS query: kr3ddnsnet1.indy
Source: global traffic	DNS traffic detected: DNS query: subcarrace.indy
Source: global traffic	DNS traffic detected: DNS query: ru.coziest.lol
Source: global traffic	DNS traffic detected: DNS query: nineteen.libre
Source: global traffic	DNS traffic detected: DNS query: 2joints.libre. [malformed]
Source: global traffic	DNS traffic detected: DNS query: 75cents.libre

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.troj.linELF@0/0@59/0

Source: /tmp/na.elf (PID: 6283)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 6283.1.00005636c03c0000.00005636c0468000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: na.elf, 6283.1.00005636c03c0000.00005636c0468000.rw-.sdmp	Binary or memory string: 6V!/etc/qemu-binfmt/mipsel
Source: na.elf, 6283.1.00007ffe53e16000.00007ffe53e37000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel
Source: na.elf, 6283.1.00007ffe53e16000.00007ffe53e37000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
na.elf	18%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
f.codingdrunk.cc	7%	Virustotal	Browse
krddnsnet.dyn	0%	Virustotal	Browse
kr2ddnsnet.dyn	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
75cents.libre	156.244.16.207	true	true		unknown
nineteen.libre	38.60.249.66	true	true		unknown
ru.coziest.lol	38.60.198.180	true	true		unknown
f.codingdrunk.cc	38.54.57.248	true	true	7%, Virustotal, Browse	unknown
r3racegame.indy	154.223.21.228	true	true		unknown
krddnsnet.dyn	154.90.62.142	true	true	0%, Virustotal, Browse	unknown
2joints.libre	156.244.7.75	true	true		unknown
eighteen.pirate	38.60.249.66	true	true		unknown
kr3ddnsnet1.indy	154.223.21.228	true	true		unknown
kr2ddnsnet.dyn	154.90.62.142	true	true	0%, Virustotal, Browse	unknown
imaverygoodbadboy.libre	154.205.144.234	true	true		unknown
subcarrace.indy	154.223.21.228	true	true		unknown
nineteen.libre. [malformed]	unknown	unknown	true		unknown
fortyfivehundred.dyn. [malformed]	unknown	unknown	true		unknown
kr3ddnsnet1.indy. [malformed]	unknown	unknown	true		unknown
75cents.libre. [malformed]	unknown	unknown	true		unknown
2joints.libre. [malformed]	unknown	unknown	true		unknown
subcarrace.indy. [malformed]	unknown	unknown	true		unknown
kr2ddnsnet.dyn. [malformed]	unknown	unknown	true		unknown
r3racegame.indy. [malformed]	unknown	unknown	true		unknown
krddnsnet.dyn. [malformed]	unknown	unknown	true		unknown
21savage.dyn. [malformed]	unknown	unknown	true		unknown
ru.coziest.lol. [malformed]	unknown	unknown	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
38.54.57.248	f.codingdrunk.cc	United States	174	COGENT-174US	true
156.244.16.207	75cents.libre	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	true
154.205.144.234	imaverygoodbadboy.libre	Seychelles	26484	IKGUL-26484US	true
154.90.62.142	krddnsnet.dyn	Seychelles	40065	CNSERVERSUS	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
156.244.7.75	2joints.libre	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	true
154.223.21.228	r3racegame.indy	Seychelles	134705	ITACE-AS-APItaceInternationalLimitedHK	true
38.60.249.66	nineteen.libre	United States	174	COGENT-174US	true
38.60.198.180	ru.coziest.lol	United States	174	COGENT-174US	true
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
38.54.57.248	na.elf	Get hash	malicious	Unknown	Browse
156.244.16.207	na.elf	Get hash	malicious	Unknown	Browse
156.244.16.207	na.elf	Get hash	malicious	Unknown	Browse
154.205.144.234	na.elf	Get hash	malicious	Unknown	Browse
154.90.62.142	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
156.244.7.75	na.elf	Get hash	malicious	Unknown	Browse
154.223.21.228	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
nineteen.libre	na.elf	Get hash	malicious	Unknown	Browse	38.60.249.66
nineteen.libre	na.elf	Get hash	malicious	Unknown	Browse	38.60.249.66
ru.coziest.lol	na.elf	Get hash	malicious	Unknown	Browse	38.60.198.180
ru.coziest.lol	na.elf	Get hash	malicious	Unknown	Browse	38.60.198.180
f.codingdrunk.cc	na.elf	Get hash	malicious	Unknown	Browse	38.54.57.248
	SecuriteInfo.com.Linux.Mirai.5074.27008.26400.elf	Get hash	malicious	Unknown	Browse	154.205.156.206
	80p5rcl9PM.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
	B9fPTF97fR.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
	iCyH8dSeOS.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
	0InxE6zIkC.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
	RhJ9TYHxna.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
	9rb33j8DJd.elf	Get hash	malicious	Unknown	Browse	199.247.30.209
75cents.libre	na.elf	Get hash	malicious	Unknown	Browse	156.244.16.207
75cents.libre	la.bot.arm7-20241006-1050.elf	Get hash	malicious	Unknown	Browse	156.244.16.207

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	na.elf	Get hash	malicious	Unknown	Browse	38.60.249.66
	na.elf	Get hash	malicious	Unknown	Browse	38.60.249.66
	na.elf	Get hash	malicious	Unknown	Browse	38.60.198.180
	na.elf	Get hash	malicious	Mirai	Browse	38.238.250.249
	na.elf	Get hash	malicious	Mirai	Browse	149.108.33.235
	na.elf	Get hash	malicious	Mirai	Browse	38.51.219.148
	na.elf	Get hash	malicious	Mirai	Browse	38.187.208.217
	na.elf	Get hash	malicious	Mirai	Browse	69.80.237.119
	na.elf	Get hash	malicious	Unknown	Browse	38.234.213.232
	na.elf	Get hash	malicious	Unknown	Browse	206.62.82.46
IKGUL-26484US	na.elf	Get hash	malicious	Unknown	Browse	154.205.144.234
	na.elf	Get hash	malicious	Mirai	Browse	156.252.161.152
	SOA SEPT 2024.exe	Get hash	malicious	FormBook	Browse	198.44.251.203
	na.elf	Get hash	malicious	Mirai	Browse	154.219.20.183
	na.elf	Get hash	malicious	Mirai	Browse	156.249.231.145
	na.elf	Get hash	malicious	Mirai	Browse	156.249.132.19
	na.elf	Get hash	malicious	Mirai	Browse	156.249.231.136
	gmpsl.elf	Get hash	malicious	Mirai	Browse	156.238.135.134
	mips.elf	Get hash	malicious	Mirai	Browse	156.231.181.90
	x86_64.elf	Get hash	malicious	Mirai	Browse	156.249.231.175
POWERLINE-AS-APPOWERLINEDATACENTERHK	na.elf	Get hash	malicious	Unknown	Browse	156.244.7.75
	na.elf	Get hash	malicious	Unknown	Browse	156.244.16.207
	na.elf	Get hash	malicious	Unknown	Browse	156.244.16.207
	na.elf	Get hash	malicious	Gafgyt	Browse	103.57.228.99
	na.elf	Get hash	malicious	Gafgyt	Browse	103.57.228.88
	sora.arm.elf	Get hash	malicious	Mirai	Browse	154.195.194.109
	na.elf	Get hash	malicious	Mirai	Browse	154.213.121.8
	http://www.nesianlife.com/	Get hash	malicious	Unknown	Browse	154.89.236.198
	Skype_translate6.3.1.msi	Get hash	malicious	Unknown	Browse	45.115.127.166
	novo.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	156.253.238.101

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.375392243846051
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	na.elf
File size:	69'436 bytes
MD5:	81dafff4206f8f940591421cd512c2cf
SHA1:	f9888dd9a7e868b967ff5a0db9195d3726325478
SHA256:	f820461189e55ac4b14ff3f7f47fea1c55458b3cb63c292c38ff2d3f6576380f
SHA512:	45c7e955f8b7833e339ac6ea42645520766fd5bd2ddd5fdd384a63ffa0680f9485116ac05e86130f61e60cd4aa5fb2c466cc8e5d31da03b78024f1ad02a8f464
SSDEEP:	1536:NtJrf/DEFznz4NZTidfviMhMIwaMYZrCkFo:NtdbEFznz4HTYaaMY
TLSH:	A863A40AFF550EBBEC6FDD3705A81B0534CCA52A21E97B367574C928FA1A10B46E3C64
File Content Preview:	.ELF....................`.@.4...4.......4. ...(...............@...@.P...P...............T...T.E.T.E......K..........Q.td...............................<l..'!......'.......................<H..'!... .........9'.. ........................<...'!.............9

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	68916
Section Header Size:	40
Number of Section Headers:	13
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0xf960	0x0	0x6	AX	16
.fini	PROGBITS	0x40fa80	0xfa80	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x40fae0	0xfae0	0x970	0x0	0x2	A	16
.ctors	PROGBITS	0x450454	0x10454	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45045c	0x1045c	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x450468	0x10468	0x5c	0x0	0x3	WA	4
.data	PROGBITS	0x4504d0	0x104d0	0x340	0x0	0x3	WA	16
.got	PROGBITS	0x450810	0x10810	0x4cc	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x450cdc	0x10cdc	0x3c	0x0	0x10000003	WAp	4
.bss	NOBITS	0x450d20	0x10cdc	0x42b8	0x0	0x3	WA	16
.shstrtab	STRTAB	0x0	0x10cdc	0x56	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x10450	0x10450	5.3939	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x10454	0x450454	0x450454	0x888	0x4b84	3.9681	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 11:01:03.142446041 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 8, 2024 11:01:05.927041054 CEST	32798	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:05.931812048 CEST	46852	32798	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:05.931874990 CEST	32798	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:05.932262897 CEST	32798	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:05.936969995 CEST	46852	32798	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:05.937043905 CEST	46852	32798	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:08.517584085 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 8, 2024 11:01:23.107640028 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 8, 2024 11:01:27.135430098 CEST	49732	54123	192.168.2.23	154.205.144.234
Oct 8, 2024 11:01:27.140360117 CEST	54123	49732	154.205.144.234	192.168.2.23
Oct 8, 2024 11:01:27.140429974 CEST	49732	54123	192.168.2.23	154.205.144.234
Oct 8, 2024 11:01:27.140465021 CEST	49732	54123	192.168.2.23	154.205.144.234
Oct 8, 2024 11:01:27.145396948 CEST	54123	49732	154.205.144.234	192.168.2.23
Oct 8, 2024 11:01:27.145755053 CEST	54123	49732	154.205.144.234	192.168.2.23
Oct 8, 2024 11:01:29.251000881 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 8, 2024 11:01:35.394315958 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 8, 2024 11:01:48.410660982 CEST	40526	61543	192.168.2.23	154.90.62.142
Oct 8, 2024 11:01:48.416976929 CEST	61543	40526	154.90.62.142	192.168.2.23
Oct 8, 2024 11:01:48.417088032 CEST	40526	61543	192.168.2.23	154.90.62.142
Oct 8, 2024 11:01:48.417105913 CEST	40526	61543	192.168.2.23	154.90.62.142
Oct 8, 2024 11:01:48.421958923 CEST	61543	40526	154.90.62.142	192.168.2.23
Oct 8, 2024 11:01:48.422259092 CEST	61543	40526	154.90.62.142	192.168.2.23
Oct 8, 2024 11:01:54.441003084 CEST	35542	61543	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:54.446636915 CEST	61543	35542	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:54.446718931 CEST	35542	61543	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:54.446784019 CEST	35542	61543	192.168.2.23	154.223.21.228
Oct 8, 2024 11:01:54.451613903 CEST	61543	35542	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:54.452061892 CEST	61543	35542	154.223.21.228	192.168.2.23
Oct 8, 2024 11:01:55.563035011 CEST	57654	27651	192.168.2.23	38.60.249.66
Oct 8, 2024 11:01:55.567838907 CEST	27651	57654	38.60.249.66	192.168.2.23
Oct 8, 2024 11:01:55.567929983 CEST	57654	27651	192.168.2.23	38.60.249.66
Oct 8, 2024 11:01:55.567977905 CEST	57654	27651	192.168.2.23	38.60.249.66
Oct 8, 2024 11:01:55.572845936 CEST	27651	57654	38.60.249.66	192.168.2.23
Oct 8, 2024 11:01:55.573132992 CEST	27651	57654	38.60.249.66	192.168.2.23
Oct 8, 2024 11:02:04.062433958 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 8, 2024 11:02:26.899391890 CEST	53700	49376	192.168.2.23	38.54.57.248
Oct 8, 2024 11:02:26.904275894 CEST	49376	53700	38.54.57.248	192.168.2.23
Oct 8, 2024 11:02:26.904412985 CEST	53700	49376	192.168.2.23	38.54.57.248
Oct 8, 2024 11:02:26.904412985 CEST	53700	49376	192.168.2.23	38.54.57.248
Oct 8, 2024 11:02:26.909276962 CEST	49376	53700	38.54.57.248	192.168.2.23
Oct 8, 2024 11:02:26.909512043 CEST	49376	53700	38.54.57.248	192.168.2.23
Oct 8, 2024 11:02:27.932563066 CEST	59510	23789	192.168.2.23	154.90.62.142
Oct 8, 2024 11:02:27.937475920 CEST	23789	59510	154.90.62.142	192.168.2.23
Oct 8, 2024 11:02:27.937566042 CEST	59510	23789	192.168.2.23	154.90.62.142
Oct 8, 2024 11:02:27.937602043 CEST	59510	23789	192.168.2.23	154.90.62.142
Oct 8, 2024 11:02:27.942450047 CEST	23789	59510	154.90.62.142	192.168.2.23
Oct 8, 2024 11:02:27.942739964 CEST	23789	59510	154.90.62.142	192.168.2.23
Oct 8, 2024 11:02:28.962681055 CEST	35878	32876	192.168.2.23	156.244.7.75
Oct 8, 2024 11:02:28.967510939 CEST	32876	35878	156.244.7.75	192.168.2.23
Oct 8, 2024 11:02:28.967572927 CEST	35878	32876	192.168.2.23	156.244.7.75
Oct 8, 2024 11:02:28.967572927 CEST	35878	32876	192.168.2.23	156.244.7.75
Oct 8, 2024 11:02:28.972801924 CEST	32876	35878	156.244.7.75	192.168.2.23
Oct 8, 2024 11:02:28.972908974 CEST	32876	35878	156.244.7.75	192.168.2.23
Oct 8, 2024 11:02:29.986850977 CEST	49890	15987	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:29.991703033 CEST	15987	49890	154.223.21.228	192.168.2.23
Oct 8, 2024 11:02:29.991772890 CEST	49890	15987	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:29.991841078 CEST	49890	15987	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:29.996898890 CEST	15987	49890	154.223.21.228	192.168.2.23
Oct 8, 2024 11:02:29.997169971 CEST	15987	49890	154.223.21.228	192.168.2.23
Oct 8, 2024 11:02:41.025686979 CEST	36042	15987	192.168.2.23	38.60.249.66
Oct 8, 2024 11:02:41.030502081 CEST	15987	36042	38.60.249.66	192.168.2.23
Oct 8, 2024 11:02:41.030612946 CEST	36042	15987	192.168.2.23	38.60.249.66
Oct 8, 2024 11:02:41.030664921 CEST	36042	15987	192.168.2.23	38.60.249.66
Oct 8, 2024 11:02:41.035480976 CEST	15987	36042	38.60.249.66	192.168.2.23
Oct 8, 2024 11:02:41.035830975 CEST	15987	36042	38.60.249.66	192.168.2.23
Oct 8, 2024 11:02:52.149877071 CEST	39286	32876	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:52.154792070 CEST	32876	39286	154.223.21.228	192.168.2.23
Oct 8, 2024 11:02:52.154901028 CEST	39286	32876	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:52.154934883 CEST	39286	32876	192.168.2.23	154.223.21.228
Oct 8, 2024 11:02:52.159749031 CEST	32876	39286	154.223.21.228	192.168.2.23
Oct 8, 2024 11:02:52.160113096 CEST	32876	39286	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:33.470607996 CEST	60714	15987	192.168.2.23	38.54.57.248
Oct 8, 2024 11:03:33.477035046 CEST	15987	60714	38.54.57.248	192.168.2.23
Oct 8, 2024 11:03:33.477118969 CEST	60714	15987	192.168.2.23	38.54.57.248
Oct 8, 2024 11:03:33.477209091 CEST	60714	15987	192.168.2.23	38.54.57.248
Oct 8, 2024 11:03:33.483824968 CEST	15987	60714	38.54.57.248	192.168.2.23
Oct 8, 2024 11:03:33.484138012 CEST	15987	60714	38.54.57.248	192.168.2.23
Oct 8, 2024 11:03:39.502420902 CEST	59998	42061	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:39.507313013 CEST	42061	59998	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:39.507462025 CEST	59998	42061	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:39.507654905 CEST	59998	42061	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:39.512572050 CEST	42061	59998	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:39.512634993 CEST	42061	59998	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:40.524008989 CEST	32824	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:40.528887033 CEST	46852	32824	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:40.529001951 CEST	32824	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:40.529045105 CEST	32824	46852	192.168.2.23	154.223.21.228
Oct 8, 2024 11:03:40.534039021 CEST	46852	32824	154.223.21.228	192.168.2.23
Oct 8, 2024 11:03:40.534133911 CEST	46852	32824	154.223.21.228	192.168.2.23
Oct 8, 2024 11:04:16.933171988 CEST	43772	42061	192.168.2.23	38.60.198.180
Oct 8, 2024 11:04:16.938113928 CEST	42061	43772	38.60.198.180	192.168.2.23
Oct 8, 2024 11:04:16.938210011 CEST	43772	42061	192.168.2.23	38.60.198.180
Oct 8, 2024 11:04:16.938235998 CEST	43772	42061	192.168.2.23	38.60.198.180
Oct 8, 2024 11:04:16.943169117 CEST	42061	43772	38.60.198.180	192.168.2.23
Oct 8, 2024 11:04:16.943464994 CEST	42061	43772	38.60.198.180	192.168.2.23
Oct 8, 2024 11:04:18.031352997 CEST	52962	38429	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:18.036432981 CEST	38429	52962	38.60.249.66	192.168.2.23
Oct 8, 2024 11:04:18.036545992 CEST	52962	38429	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:18.036619902 CEST	52962	38429	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:18.041522026 CEST	38429	52962	38.60.249.66	192.168.2.23
Oct 8, 2024 11:04:18.041901112 CEST	38429	52962	38.60.249.66	192.168.2.23
Oct 8, 2024 11:04:34.487234116 CEST	56852	23789	192.168.2.23	156.244.16.207
Oct 8, 2024 11:04:34.492119074 CEST	23789	56852	156.244.16.207	192.168.2.23
Oct 8, 2024 11:04:34.492214918 CEST	56852	23789	192.168.2.23	156.244.16.207
Oct 8, 2024 11:04:34.492532969 CEST	56852	23789	192.168.2.23	156.244.16.207
Oct 8, 2024 11:04:34.497489929 CEST	23789	56852	156.244.16.207	192.168.2.23
Oct 8, 2024 11:04:34.497558117 CEST	23789	56852	156.244.16.207	192.168.2.23
Oct 8, 2024 11:04:34.497622967 CEST	56852	23789	192.168.2.23	156.244.16.207
Oct 8, 2024 11:04:34.502589941 CEST	23789	56852	156.244.16.207	192.168.2.23
Oct 8, 2024 11:04:35.596141100 CEST	40170	23789	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:35.601365089 CEST	23789	40170	38.60.249.66	192.168.2.23
Oct 8, 2024 11:04:35.601473093 CEST	40170	23789	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:35.601519108 CEST	40170	23789	192.168.2.23	38.60.249.66
Oct 8, 2024 11:04:35.607525110 CEST	23789	40170	38.60.249.66	192.168.2.23
Oct 8, 2024 11:04:35.607878923 CEST	23789	40170	38.60.249.66	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 11:01:05.738975048 CEST	37405	53	192.168.2.23	161.97.219.84
Oct 8, 2024 11:01:05.925651073 CEST	53	37405	161.97.219.84	192.168.2.23
Oct 8, 2024 11:01:06.943274975 CEST	47087	5353	192.168.2.23	130.61.64.122
Oct 8, 2024 11:01:11.948762894 CEST	57471	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:01:11.955295086 CEST	53	57471	130.61.69.123	192.168.2.23
Oct 8, 2024 11:01:11.956130028 CEST	54996	53	192.168.2.23	63.231.92.27
Oct 8, 2024 11:01:12.102416992 CEST	53	54996	63.231.92.27	192.168.2.23
Oct 8, 2024 11:01:12.103518009 CEST	45031	53	192.168.2.23	54.36.111.116
Oct 8, 2024 11:01:12.110040903 CEST	53034	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:01:17.115206003 CEST	49171	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:22.120064020 CEST	60959	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:27.124494076 CEST	50003	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:27.134696960 CEST	53	50003	116.203.104.203	192.168.2.23
Oct 8, 2024 11:01:28.147731066 CEST	47325	5353	192.168.2.23	162.243.19.47
Oct 8, 2024 11:01:33.153616905 CEST	36896	5353	192.168.2.23	130.61.64.122
Oct 8, 2024 11:01:38.159241915 CEST	58393	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:01:38.166377068 CEST	53	58393	130.61.64.122	192.168.2.23
Oct 8, 2024 11:01:38.167795897 CEST	39341	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:38.177345991 CEST	53	39341	116.203.104.203	192.168.2.23
Oct 8, 2024 11:01:38.178896904 CEST	60262	5353	192.168.2.23	54.36.111.116
Oct 8, 2024 11:01:43.185472012 CEST	58965	53	192.168.2.23	54.36.111.116
Oct 8, 2024 11:01:43.278824091 CEST	50604	5353	192.168.2.23	192.3.165.37
Oct 8, 2024 11:01:48.281976938 CEST	51817	53	192.168.2.23	185.84.81.194
Oct 8, 2024 11:01:48.293905020 CEST	53	51817	185.84.81.194	192.168.2.23
Oct 8, 2024 11:01:48.295727968 CEST	52155	53	192.168.2.23	192.3.165.37
Oct 8, 2024 11:01:48.399024010 CEST	53	52155	192.3.165.37	192.168.2.23
Oct 8, 2024 11:01:48.400312901 CEST	48422	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:48.410012960 CEST	53	48422	116.203.104.203	192.168.2.23
Oct 8, 2024 11:01:49.425518036 CEST	59776	5353	192.168.2.23	54.36.111.116
Oct 8, 2024 11:01:54.430006027 CEST	39253	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:54.440057993 CEST	53	39253	116.203.104.203	192.168.2.23
Oct 8, 2024 11:01:55.455424070 CEST	49653	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:01:55.542242050 CEST	53	49653	162.243.19.47	192.168.2.23
Oct 8, 2024 11:01:55.544251919 CEST	34348	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:01:55.551184893 CEST	53	34348	130.61.69.123	192.168.2.23
Oct 8, 2024 11:01:55.552427053 CEST	33145	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:01:55.562288046 CEST	53	33145	116.203.104.203	192.168.2.23
Oct 8, 2024 11:01:56.576555014 CEST	48677	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:01:56.583578110 CEST	53	48677	130.61.64.122	192.168.2.23
Oct 8, 2024 11:01:56.585143089 CEST	49579	53	192.168.2.23	192.3.165.37
Oct 8, 2024 11:01:56.695166111 CEST	53	49579	192.3.165.37	192.168.2.23
Oct 8, 2024 11:01:56.697149038 CEST	53936	5353	192.168.2.23	54.36.111.116
Oct 8, 2024 11:02:01.701195955 CEST	36154	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:02:01.711755037 CEST	53	36154	116.203.104.203	192.168.2.23
Oct 8, 2024 11:02:01.712821960 CEST	58395	5353	192.168.2.23	130.61.69.123
Oct 8, 2024 11:02:06.717525005 CEST	38309	53	192.168.2.23	185.84.81.194
Oct 8, 2024 11:02:06.728151083 CEST	53	38309	185.84.81.194	192.168.2.23
Oct 8, 2024 11:02:06.729666948 CEST	53778	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:02:11.735593081 CEST	47983	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:02:11.742528915 CEST	53	47983	130.61.69.123	192.168.2.23
Oct 8, 2024 11:02:11.744090080 CEST	38523	5353	192.168.2.23	63.231.92.27
Oct 8, 2024 11:02:16.750394106 CEST	36405	5353	192.168.2.23	130.61.69.123
Oct 8, 2024 11:02:21.756813049 CEST	58694	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:02:26.763432980 CEST	40656	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:02:26.848135948 CEST	53	40656	162.243.19.47	192.168.2.23
Oct 8, 2024 11:02:26.850771904 CEST	59061	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.856960058 CEST	53	59061	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:26.858952999 CEST	53993	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.865508080 CEST	53	53993	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:26.867170095 CEST	56620	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.873485088 CEST	53	56620	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:26.875118017 CEST	52294	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.881329060 CEST	53	52294	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:26.882858992 CEST	32819	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.889133930 CEST	53	32819	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:26.891033888 CEST	55696	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:02:26.897993088 CEST	53	55696	8.8.8.8	192.168.2.23
Oct 8, 2024 11:02:27.913369894 CEST	39189	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:02:27.920150995 CEST	53	39189	130.61.64.122	192.168.2.23
Oct 8, 2024 11:02:27.921686888 CEST	51772	53	192.168.2.23	185.84.81.194
Oct 8, 2024 11:02:27.931766033 CEST	53	51772	185.84.81.194	192.168.2.23
Oct 8, 2024 11:02:28.945657969 CEST	40058	53	192.168.2.23	54.36.111.116
Oct 8, 2024 11:02:28.952208042 CEST	53943	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:02:28.962075949 CEST	53	53943	116.203.104.203	192.168.2.23
Oct 8, 2024 11:02:29.976536989 CEST	49057	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:02:29.986088991 CEST	53	49057	116.203.104.203	192.168.2.23
Oct 8, 2024 11:02:31.000555038 CEST	46286	5353	192.168.2.23	130.61.64.122
Oct 8, 2024 11:02:36.006278992 CEST	47560	5353	192.168.2.23	54.36.111.116
Oct 8, 2024 11:02:41.011585951 CEST	58528	53	192.168.2.23	54.36.111.116
Oct 8, 2024 11:02:41.018003941 CEST	34538	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:02:41.024861097 CEST	53	34538	130.61.64.122	192.168.2.23
Oct 8, 2024 11:02:42.044276953 CEST	52086	5353	192.168.2.23	185.84.81.194
Oct 8, 2024 11:02:47.049700975 CEST	55081	5353	192.168.2.23	162.243.19.47
Oct 8, 2024 11:02:52.053828001 CEST	60722	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:02:52.148870945 CEST	53	60722	162.243.19.47	192.168.2.23
Oct 8, 2024 11:02:53.162844896 CEST	46060	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:02:58.164772034 CEST	53787	5353	192.168.2.23	185.84.81.194
Oct 8, 2024 11:03:03.170840979 CEST	59116	5353	192.168.2.23	130.61.69.123
Oct 8, 2024 11:03:08.175924063 CEST	45418	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:03:13.182250023 CEST	40116	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:03:13.192487955 CEST	53	40116	116.203.104.203	192.168.2.23
Oct 8, 2024 11:03:13.194075108 CEST	35585	5353	192.168.2.23	185.84.81.194
Oct 8, 2024 11:03:18.199417114 CEST	37982	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:03:18.210062027 CEST	53	37982	116.203.104.203	192.168.2.23
Oct 8, 2024 11:03:18.212199926 CEST	58980	5353	192.168.2.23	63.231.92.27
Oct 8, 2024 11:03:23.218266010 CEST	49694	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:03:28.220546961 CEST	40955	53	192.168.2.23	161.97.219.84
Oct 8, 2024 11:03:28.408674002 CEST	53	40955	161.97.219.84	192.168.2.23
Oct 8, 2024 11:03:28.409786940 CEST	58763	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:03:28.416410923 CEST	53	58763	130.61.69.123	192.168.2.23
Oct 8, 2024 11:03:28.417404890 CEST	58081	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:03:33.420615911 CEST	54812	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.426996946 CEST	53	54812	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:33.428730965 CEST	57347	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.435659885 CEST	53	57347	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:33.436913013 CEST	39922	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.443753004 CEST	53	39922	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:33.445228100 CEST	60896	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.451497078 CEST	53	60896	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:33.452792883 CEST	35529	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.459444046 CEST	53	35529	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:33.460803986 CEST	49394	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:03:33.469750881 CEST	53	49394	8.8.8.8	192.168.2.23
Oct 8, 2024 11:03:34.487554073 CEST	47067	5353	192.168.2.23	130.61.69.123
Oct 8, 2024 11:03:39.494273901 CEST	50624	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:03:39.501312017 CEST	53	50624	130.61.69.123	192.168.2.23
Oct 8, 2024 11:03:40.516504049 CEST	34627	53	192.168.2.23	130.61.69.123
Oct 8, 2024 11:03:40.523235083 CEST	53	34627	130.61.69.123	192.168.2.23
Oct 8, 2024 11:03:41.536839962 CEST	48175	5353	192.168.2.23	161.97.219.84
Oct 8, 2024 11:03:46.542068958 CEST	49042	5353	192.168.2.23	192.3.165.37
Oct 8, 2024 11:03:51.547976971 CEST	52114	5353	192.168.2.23	185.84.81.194
Oct 8, 2024 11:03:56.553391933 CEST	39411	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:03:56.639435053 CEST	53	39411	162.243.19.47	192.168.2.23
Oct 8, 2024 11:03:56.641313076 CEST	51911	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:03:56.647876024 CEST	53	51911	130.61.64.122	192.168.2.23
Oct 8, 2024 11:03:56.649188042 CEST	40533	53	192.168.2.23	63.231.92.27
Oct 8, 2024 11:03:56.793694973 CEST	53	40533	63.231.92.27	192.168.2.23
Oct 8, 2024 11:03:56.794920921 CEST	54922	53	192.168.2.23	54.36.111.116
Oct 8, 2024 11:03:56.801896095 CEST	47106	5353	192.168.2.23	192.3.165.37
Oct 8, 2024 11:04:01.806258917 CEST	43030	5353	192.168.2.23	192.3.165.37
Oct 8, 2024 11:04:06.811744928 CEST	47194	5353	192.168.2.23	162.243.19.47
Oct 8, 2024 11:04:11.817732096 CEST	60922	53	192.168.2.23	192.3.165.37
Oct 8, 2024 11:04:11.917929888 CEST	53	60922	192.3.165.37	192.168.2.23
Oct 8, 2024 11:04:11.923407078 CEST	57001	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:04:16.926266909 CEST	39391	53	192.168.2.23	8.8.8.8
Oct 8, 2024 11:04:16.932566881 CEST	53	39391	8.8.8.8	192.168.2.23
Oct 8, 2024 11:04:17.946382046 CEST	51767	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:04:18.030390978 CEST	53	51767	162.243.19.47	192.168.2.23
Oct 8, 2024 11:04:19.045326948 CEST	60658	5353	192.168.2.23	54.36.111.116
Oct 8, 2024 11:04:24.051445007 CEST	40982	53	192.168.2.23	162.243.19.47
Oct 8, 2024 11:04:24.348311901 CEST	53	40982	162.243.19.47	192.168.2.23
Oct 8, 2024 11:04:24.350339890 CEST	50639	5353	192.168.2.23	185.84.81.194
Oct 8, 2024 11:04:29.356062889 CEST	42175	53	192.168.2.23	192.3.165.37
Oct 8, 2024 11:04:29.455981970 CEST	53	42175	192.3.165.37	192.168.2.23
Oct 8, 2024 11:04:29.457436085 CEST	42044	5353	192.168.2.23	116.203.104.203
Oct 8, 2024 11:04:34.463402987 CEST	36559	53	192.168.2.23	116.203.104.203
Oct 8, 2024 11:04:34.475567102 CEST	53	36559	116.203.104.203	192.168.2.23
Oct 8, 2024 11:04:34.479007006 CEST	58103	53	192.168.2.23	130.61.64.122
Oct 8, 2024 11:04:34.486387968 CEST	53	58103	130.61.64.122	192.168.2.23
Oct 8, 2024 11:04:35.501393080 CEST	33756	53	192.168.2.23	192.3.165.37
Oct 8, 2024 11:04:35.594825029 CEST	53	33756	192.3.165.37	192.168.2.23
Oct 8, 2024 11:04:36.611671925 CEST	49221	5353	192.168.2.23	116.203.104.203

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 8, 2024 11:01:12.108676910 CEST	54.36.111.116	192.168.2.23	658f	(Port unreachable)	Destination Unreachable
Oct 8, 2024 11:01:43.276998043 CEST	54.36.111.116	192.168.2.23	658e	(Port unreachable)	Destination Unreachable
Oct 8, 2024 11:02:28.951090097 CEST	54.36.111.116	192.168.2.23	658d	(Port unreachable)	Destination Unreachable
Oct 8, 2024 11:02:41.016500950 CEST	54.36.111.116	192.168.2.23	658f	(Port unreachable)	Destination Unreachable
Oct 8, 2024 11:03:56.800931931 CEST	54.36.111.116	192.168.2.23	6591	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 11:01:05.738975048 CEST	192.168.2.23	161.97.219.84	0x1857	Standard query (0)	r3racegame.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:11.948762894 CEST	192.168.2.23	130.61.69.123	0x4fe1	Standard query (0)	kr3ddnsnet1.indy. [malformed]	256	471	false
Oct 8, 2024 11:01:11.956130028 CEST	192.168.2.23	63.231.92.27	0x25a9	Standard query (0)	r3racegame.indy. [malformed]	256	472	false
Oct 8, 2024 11:01:12.103518009 CEST	192.168.2.23	54.36.111.116	0x8b95	Standard query (0)	nineteen.libre. [malformed]	256	472	false
Oct 8, 2024 11:01:27.124494076 CEST	192.168.2.23	116.203.104.203	0x697d	Standard query (0)	imaverygoodbadboy.libre	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:38.159241915 CEST	192.168.2.23	130.61.64.122	0xe90	Standard query (0)	subcarrace.indy. [malformed]	256	498	false
Oct 8, 2024 11:01:38.167795897 CEST	192.168.2.23	116.203.104.203	0xcdd	Standard query (0)	21savage.dyn. [malformed]	256	498	false
Oct 8, 2024 11:01:43.185472012 CEST	192.168.2.23	54.36.111.116	0xe796	Standard query (0)	krddnsnet.dyn. [malformed]	256	503	false
Oct 8, 2024 11:01:48.281976938 CEST	192.168.2.23	185.84.81.194	0xe487	Standard query (0)	75cents.libre. [malformed]	256	508	false
Oct 8, 2024 11:01:48.295727968 CEST	192.168.2.23	192.3.165.37	0x1ccc	Standard query (0)	krddnsnet.dyn. [malformed]	256	508	false
Oct 8, 2024 11:01:48.400312901 CEST	192.168.2.23	116.203.104.203	0xba90	Standard query (0)	kr2ddnsnet.dyn	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:54.430006027 CEST	192.168.2.23	116.203.104.203	0xaa76	Standard query (0)	r3racegame.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:55.455424070 CEST	192.168.2.23	162.243.19.47	0xec3c	Standard query (0)	kr2ddnsnet.dyn. [malformed]	256	259	false
Oct 8, 2024 11:01:55.544251919 CEST	192.168.2.23	130.61.69.123	0x97d5	Standard query (0)	krddnsnet.dyn. [malformed]	256	259	false
Oct 8, 2024 11:01:55.552427053 CEST	192.168.2.23	116.203.104.203	0xfeab	Standard query (0)	eighteen.pirate	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:56.576555014 CEST	192.168.2.23	130.61.64.122	0x44f7	Standard query (0)	krddnsnet.dyn. [malformed]	256	260	false
Oct 8, 2024 11:01:56.585143089 CEST	192.168.2.23	192.3.165.37	0x80d8	Standard query (0)	fortyfivehundred.dyn. [malformed]	256	260	false
Oct 8, 2024 11:02:01.701195955 CEST	192.168.2.23	116.203.104.203	0x2a8b	Standard query (0)	subcarrace.indy. [malformed]	256	265	false
Oct 8, 2024 11:02:06.717525005 CEST	192.168.2.23	185.84.81.194	0xb0da	Standard query (0)	krddnsnet.dyn. [malformed]	256	270	false
Oct 8, 2024 11:02:11.735593081 CEST	192.168.2.23	130.61.69.123	0x726a	Standard query (0)	subcarrace.indy. [malformed]	256	275	false
Oct 8, 2024 11:02:26.763432980 CEST	192.168.2.23	162.243.19.47	0x7258	Standard query (0)	kr3ddnsnet1.indy. [malformed]	256	290	false
Oct 8, 2024 11:02:26.850771904 CEST	192.168.2.23	8.8.8.8	0xfd92	Standard query (0)	ru.coziest.lol. [malformed]	256	290	false
Oct 8, 2024 11:02:26.858952999 CEST	192.168.2.23	8.8.8.8	0xfd92	Standard query (0)	ru.coziest.lol. [malformed]	256	290	false
Oct 8, 2024 11:02:26.867170095 CEST	192.168.2.23	8.8.8.8	0xfd92	Standard query (0)	ru.coziest.lol. [malformed]	256	290	false
Oct 8, 2024 11:02:26.875118017 CEST	192.168.2.23	8.8.8.8	0xfd92	Standard query (0)	ru.coziest.lol. [malformed]	256	290	false
Oct 8, 2024 11:02:26.882858992 CEST	192.168.2.23	8.8.8.8	0xfd92	Standard query (0)	ru.coziest.lol. [malformed]	256	290	false
Oct 8, 2024 11:02:26.891033888 CEST	192.168.2.23	8.8.8.8	0x6f8	Standard query (0)	f.codingdrunk.cc	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:27.913369894 CEST	192.168.2.23	130.61.64.122	0x70b	Standard query (0)	21savage.dyn. [malformed]	256	291	false
Oct 8, 2024 11:02:27.921686888 CEST	192.168.2.23	185.84.81.194	0xc58a	Standard query (0)	krddnsnet.dyn	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:28.945657969 CEST	192.168.2.23	54.36.111.116	0xee4	Standard query (0)	2joints.libre	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:28.952208042 CEST	192.168.2.23	116.203.104.203	0xd8af	Standard query (0)	2joints.libre	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:29.976536989 CEST	192.168.2.23	116.203.104.203	0x4489	Standard query (0)	kr3ddnsnet1.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:41.011585951 CEST	192.168.2.23	54.36.111.116	0x9fc0	Standard query (0)	nineteen.libre. [malformed]	256	305	false
Oct 8, 2024 11:02:41.018003941 CEST	192.168.2.23	130.61.64.122	0x5baa	Standard query (0)	eighteen.pirate	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:52.053828001 CEST	192.168.2.23	162.243.19.47	0x5d7a	Standard query (0)	kr3ddnsnet1.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:13.182250023 CEST	192.168.2.23	116.203.104.203	0x7e09	Standard query (0)	21savage.dyn. [malformed]	256	337	false
Oct 8, 2024 11:03:18.199417114 CEST	192.168.2.23	116.203.104.203	0xf649	Standard query (0)	21savage.dyn. [malformed]	256	342	false
Oct 8, 2024 11:03:28.220546961 CEST	192.168.2.23	161.97.219.84	0x7589	Standard query (0)	subcarrace.indy. [malformed]	256	352	false
Oct 8, 2024 11:03:28.409786940 CEST	192.168.2.23	130.61.69.123	0x496b	Standard query (0)	kr2ddnsnet.dyn. [malformed]	256	352	false
Oct 8, 2024 11:03:33.420615911 CEST	192.168.2.23	8.8.8.8	0x9e4b	Standard query (0)	ru.coziest.lol. [malformed]	256	357	false
Oct 8, 2024 11:03:33.428730965 CEST	192.168.2.23	8.8.8.8	0x9e4b	Standard query (0)	ru.coziest.lol. [malformed]	256	357	false
Oct 8, 2024 11:03:33.436913013 CEST	192.168.2.23	8.8.8.8	0x9e4b	Standard query (0)	ru.coziest.lol. [malformed]	256	357	false
Oct 8, 2024 11:03:33.445228100 CEST	192.168.2.23	8.8.8.8	0x9e4b	Standard query (0)	ru.coziest.lol. [malformed]	256	357	false
Oct 8, 2024 11:03:33.452792883 CEST	192.168.2.23	8.8.8.8	0x9e4b	Standard query (0)	ru.coziest.lol. [malformed]	256	357	false
Oct 8, 2024 11:03:33.460803986 CEST	192.168.2.23	8.8.8.8	0x378e	Standard query (0)	f.codingdrunk.cc	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:39.494273901 CEST	192.168.2.23	130.61.69.123	0xc018	Standard query (0)	subcarrace.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:40.516504049 CEST	192.168.2.23	130.61.69.123	0x6470	Standard query (0)	subcarrace.indy	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:56.553391933 CEST	192.168.2.23	162.243.19.47	0x1b33	Standard query (0)	r3racegame.indy. [malformed]	256	380	false
Oct 8, 2024 11:03:56.641313076 CEST	192.168.2.23	130.61.64.122	0xbec1	Standard query (0)	75cents.libre. [malformed]	256	380	false
Oct 8, 2024 11:03:56.649188042 CEST	192.168.2.23	63.231.92.27	0x67d2	Standard query (0)	fortyfivehundred.dyn. [malformed]	256	380	false
Oct 8, 2024 11:03:56.794920921 CEST	192.168.2.23	54.36.111.116	0x10f2	Standard query (0)	kr3ddnsnet1.indy. [malformed]	256	380	false
Oct 8, 2024 11:04:11.817732096 CEST	192.168.2.23	192.3.165.37	0xd27c	Standard query (0)	krddnsnet.dyn. [malformed]	256	395	false
Oct 8, 2024 11:04:16.926266909 CEST	192.168.2.23	8.8.8.8	0x3938	Standard query (0)	ru.coziest.lol	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:17.946382046 CEST	192.168.2.23	162.243.19.47	0xb295	Standard query (0)	nineteen.libre	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:24.051445007 CEST	192.168.2.23	162.243.19.47	0x38eb	Standard query (0)	2joints.libre. [malformed]	256	408	false
Oct 8, 2024 11:04:29.356062889 CEST	192.168.2.23	192.3.165.37	0xc91f	Standard query (0)	75cents.libre. [malformed]	256	413	false
Oct 8, 2024 11:04:34.463402987 CEST	192.168.2.23	116.203.104.203	0x3ddb	Standard query (0)	21savage.dyn. [malformed]	256	418	false
Oct 8, 2024 11:04:34.479007006 CEST	192.168.2.23	130.61.64.122	0x6aca	Standard query (0)	75cents.libre	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:35.501393080 CEST	192.168.2.23	192.3.165.37	0x912d	Standard query (0)	nineteen.libre	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 11:01:05.925651073 CEST	161.97.219.84	192.168.2.23	0x1857	No error (0)	r3racegame.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:27.134696960 CEST	116.203.104.203	192.168.2.23	0x697d	No error (0)	imaverygoodbadboy.libre	154.205.144.234	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:48.410012960 CEST	116.203.104.203	192.168.2.23	0xba90	No error (0)	kr2ddnsnet.dyn	154.90.62.142	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:54.440057993 CEST	116.203.104.203	192.168.2.23	0xaa76	No error (0)	r3racegame.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:01:55.562288046 CEST	116.203.104.203	192.168.2.23	0xfeab	No error (0)	eighteen.pirate	38.60.249.66	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:26.897993088 CEST	8.8.8.8	192.168.2.23	0x6f8	No error (0)	f.codingdrunk.cc	38.54.57.248	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:27.931766033 CEST	185.84.81.194	192.168.2.23	0xc58a	No error (0)	krddnsnet.dyn	154.90.62.142	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:28.962075949 CEST	116.203.104.203	192.168.2.23	0xd8af	No error (0)	2joints.libre	156.244.7.75	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:29.986088991 CEST	116.203.104.203	192.168.2.23	0x4489	No error (0)	kr3ddnsnet1.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:41.024861097 CEST	130.61.64.122	192.168.2.23	0x5baa	No error (0)	eighteen.pirate	38.60.249.66	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:02:52.148870945 CEST	162.243.19.47	192.168.2.23	0x5d7a	No error (0)	kr3ddnsnet1.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:33.469750881 CEST	8.8.8.8	192.168.2.23	0x378e	No error (0)	f.codingdrunk.cc	38.54.57.248	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:39.501312017 CEST	130.61.69.123	192.168.2.23	0xc018	No error (0)	subcarrace.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:03:40.523235083 CEST	130.61.69.123	192.168.2.23	0x6470	No error (0)	subcarrace.indy	154.223.21.228	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:16.932566881 CEST	8.8.8.8	192.168.2.23	0x3938	No error (0)	ru.coziest.lol	38.60.198.180	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:18.030390978 CEST	162.243.19.47	192.168.2.23	0xb295	No error (0)	nineteen.libre	38.60.249.66	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:34.486387968 CEST	130.61.64.122	192.168.2.23	0x6aca	No error (0)	75cents.libre	156.244.16.207	A (IP address)	IN (0x0001)	false
Oct 8, 2024 11:04:35.594825029 CEST	192.3.165.37	192.168.2.23	0x912d	No error (0)	nineteen.libre	38.60.249.66	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: na.elf PID: 6283, Parent PID: 6205

General

Start time (UTC):	09:01:04
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	/tmp/na.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: na.elf PID: 6285, Parent PID: 6283

General

Start time (UTC):	09:01:05
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: na.elf PID: 6287, Parent PID: 6283

General

Start time (UTC):	09:01:05
Start date (UTC):	08/10/2024
Path:	/tmp/na.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: na.elf PID: 6283, Parent PID: 6205

General

Chronological Activities

Analysis Process: na.elf PID: 6285, Parent PID: 6283

General

Chronological Activities

Analysis Process: na.elf PID: 6287, Parent PID: 6283

General

Chronological Activities

Linux Analysis Report
na.elf