Linux
Analysis Report
na.elf
Overview
General Information
Sample name: | na.elf |
Analysis ID: | 1528819 |
MD5: | 5ea3839ef4effebf0c57e18742d1d284 |
SHA1: | a8a3949d509f75217c347dda38c42f1ab53156fc |
SHA256: | 64d671e954c370655d61855ba22381f9bbd929ac713322765686619cebeac480 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528819 |
Start date and time: | 2024-10-08 11:22:38 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal72.spre.evad.linELF@0/2@58/0 |
- Excluded IPs from analysis (whitelisted): 94.130.35.4, 51.75.67.47, 116.203.96.227, 5.189.151.39
- Excluded domains from analysis (whitelisted): pool.ntp.org
Command: | /tmp/na.elf |
PID: | 5551 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directory Try `iptables -h' or 'iptables --help' for more information. iptables: No chain/target/match by that name. |
- system is lnxubuntu20
- na.elf New Fork (PID: 5553, Parent: 5551)
- na.elf New Fork (PID: 5555, Parent: 5553)
- na.elf New Fork (PID: 5559, Parent: 5555)
- sh New Fork (PID: 5565, Parent: 5559)
- na.elf New Fork (PID: 5571, Parent: 5555)
- sh New Fork (PID: 5576, Parent: 5571)
- na.elf New Fork (PID: 5577, Parent: 5555)
- sh New Fork (PID: 5582, Parent: 5577)
- na.elf New Fork (PID: 5583, Parent: 5555)
- sh New Fork (PID: 5588, Parent: 5583)
- na.elf New Fork (PID: 5589, Parent: 5555)
- sh New Fork (PID: 5594, Parent: 5589)
- na.elf New Fork (PID: 5595, Parent: 5555)
- sh New Fork (PID: 5600, Parent: 5595)
- na.elf New Fork (PID: 5601, Parent: 5555)
- sh New Fork (PID: 5603, Parent: 5601)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Spreading |
---|
Source: | Opens: | Jump to behavior |
Networking |
---|
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior |
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior |
Source: | Reads hosts file: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Program segment: |
Source: | Classification label: |
Persistence and Installation Behavior |
---|
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior |
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior |
Source: | Stderr: iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directoryTry `iptables -h' or 'iptables --help' for more information.iptables: No chain/target/match by that name.: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Process with PPID: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Masquerading | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Hidden Files and Directories | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
63% | ReversingLabs | Linux.Infostealer.Berbew | ||
64% | Virustotal | Browse | ||
100% | Avira | LINUX/Hajime.svrdw |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false |
| unknown |
router.bittorrent.com | unknown | unknown | false |
| unknown |
router.utorrent.com | unknown | unknown | false |
| unknown |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | /tmp/na.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 12 |
Entropy (8bit): | 3.418295834054489 |
Encrypted: | false |
SSDEEP: | 3:TgBDln:TgB5 |
MD5: | 951B267BD5360B4C3CA7BACED8A2634A |
SHA1: | 6BAC6446FDB84BF0060C4DA5ECB10F2C264B1F03 |
SHA-256: | 8DD8E1A24B09832D24EDEC43CEF017CE5AAD2CB185367A22AE07A1055C70C6F8 |
SHA-512: | 21F810040E835A5A8BE3614E8252009D92CDA9FAA2D22A34DFDDA15B07CF82171AA4B815BB6F023B2160071727CECF4FCDC09C6E3E6A5333CE11D22A010BEB10 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /tmp/na.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 230 |
Entropy (8bit): | 3.709552666863289 |
Encrypted: | false |
SSDEEP: | 6:iekrEcvwAsE5KlwSd4pzKaV6Lpms/a/1VCxGF:ur+m5MwSdIKaV6L1adVRF |
MD5: | 2E667F43AE18CD1FE3C108641708A82C |
SHA1: | 12B90DE2DA0FBCFE66F3D6130905E56C8D6A68D3 |
SHA-256: | 6F721492E7A337C5B498A8F55F5EB7AC745AFF716D0B5B08EFF2C1B6B250F983 |
SHA-512: | D2A0EE2509154EC1098994F38BE172F98F4150399C534A04D5C675D7C05630802225019F19344CC9070C576BC465A4FEB382AC7712DE6BF25E9244B54A9DB830 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.979526539050004 |
TrID: |
|
File name: | na.elf |
File size: | 83'984 bytes |
MD5: | 5ea3839ef4effebf0c57e18742d1d284 |
SHA1: | a8a3949d509f75217c347dda38c42f1ab53156fc |
SHA256: | 64d671e954c370655d61855ba22381f9bbd929ac713322765686619cebeac480 |
SHA512: | 6e21abd1eec9d3c153546d8e68ddc81cefd7b185c2bcb7aa548954ce91d0256569254efb35e7aa88406ab30b651b1f67053cc15992da8cd6e3ff1036320059ec |
SSDEEP: | 1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+uo:yYI0ARqw1qAEv7UIFM8oJorFquyjkRke |
TLSH: | 5A831229135414EAD62681F1D3FD1F84AD591F69CEE2EC157C12BC99EE333AD2CC2618 |
File Content Preview: | .ELF....................../....4.........4. ...(......................Bd..Bd.................G...G.................................................^.......?.E.h4...@b..) ..]..0...a.t<..mc.zy/..>..!c...gM\<j..W`xD'..}...\..].j.L.u...S..i...../..F...@`..'k. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 2 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x14264 | 0x14264 | 7.9794 | 0x5 | R E | 0x10000 | ||
LOAD | 0xa6c0 | 0x47a6c0 | 0x47a6c0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 11:23:38.828138113 CEST | 54230 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:23:43.991765976 CEST | 50579 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:23:49.241743088 CEST | 38783 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:23:54.491446018 CEST | 32846 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:23:59.741436958 CEST | 41983 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:04.991317034 CEST | 37752 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:08.861870050 CEST | 43620 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:10.241137981 CEST | 45337 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:13.868655920 CEST | 45736 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:15.491317987 CEST | 45250 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:18.887039900 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:20.740890026 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:23.990811110 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:25.990632057 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:29.240794897 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:31.240616083 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:34.490413904 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:36.490391016 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:39.740542889 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:41.740411043 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:44.990243912 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:46.990386009 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:48.917187929 CEST | 36752 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:50.240217924 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:52.240191936 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:24:53.926182985 CEST | 44551 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:55.490214109 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:24:57.489949942 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:00.740176916 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:02.739928961 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:05.989665031 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:07.989825010 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:11.239953041 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:13.239840031 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:16.489664078 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:18.489455938 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:21.739552021 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:23.739525080 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:26.989463091 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:28.989213943 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:28.991971016 CEST | 36940 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:32.239280939 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:33.998302937 CEST | 32935 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:34.239187002 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:37.489151955 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:39.488899946 CEST | 47366 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:42.738763094 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:47.988614082 CEST | 41157 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:25:53.238717079 CEST | 51918 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:25:58.488454103 CEST | 58903 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:26:03.738445997 CEST | 56823 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:26:08.988173962 CEST | 57435 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 11:26:09.044315100 CEST | 54022 | 53 | 192.168.2.15 | 127.0.0.1 |
Oct 8, 2024 11:26:14.051148891 CEST | 43004 | 53 | 192.168.2.15 | 127.0.0.1 |
Oct 8, 2024 11:26:14.237967014 CEST | 59153 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:26:15.820024014 CEST | 57326 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:26:15.820024014 CEST | 46189 | 53 | 192.168.2.15 | 1.1.1.1 |
Oct 8, 2024 11:26:15.921658993 CEST | 53 | 46189 | 1.1.1.1 | 192.168.2.15 |
Oct 8, 2024 11:26:15.921813965 CEST | 53 | 57326 | 1.1.1.1 | 192.168.2.15 |
Oct 8, 2024 11:26:19.487674952 CEST | 41379 | 53 | 192.168.2.15 | 8.8.8.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 11:23:38.828138113 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:23:43.991765976 CEST | 192.168.2.15 | 8.8.8.8 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:23:49.241743088 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:23:54.491446018 CEST | 192.168.2.15 | 8.8.8.8 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:23:59.741436958 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:04.991317034 CEST | 192.168.2.15 | 8.8.8.8 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:08.861870050 CEST | 192.168.2.15 | 8.8.8.8 | 0xd32b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:10.241137981 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:13.868655920 CEST | 192.168.2.15 | 8.8.8.8 | 0xd32b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:15.491317987 CEST | 192.168.2.15 | 8.8.8.8 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:18.887039900 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:20.740890026 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:23.990811110 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:25.990632057 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:29.240794897 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:31.240616083 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:34.490413904 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:36.490391016 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:39.740542889 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:41.740411043 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:44.990243912 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:46.990386009 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:48.917187929 CEST | 192.168.2.15 | 8.8.8.8 | 0xaa84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:50.240217924 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:52.240191936 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:53.926182985 CEST | 192.168.2.15 | 8.8.8.8 | 0xaa84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:55.490214109 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:24:57.489949942 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:00.740176916 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:02.739928961 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:05.989665031 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:07.989825010 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:11.239953041 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:13.239840031 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:16.489664078 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:18.489455938 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:21.739552021 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:23.739525080 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:26.989463091 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:28.989213943 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:28.991971016 CEST | 192.168.2.15 | 8.8.8.8 | 0xdacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:32.239280939 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:33.998302937 CEST | 192.168.2.15 | 8.8.8.8 | 0xdacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:34.239187002 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:37.489151955 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:39.488899946 CEST | 192.168.2.15 | 1.1.1.1 | 0x4fff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:42.738763094 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:47.988614082 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:53.238717079 CEST | 192.168.2.15 | 1.1.1.1 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:25:58.488454103 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:03.738445997 CEST | 192.168.2.15 | 1.1.1.1 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:08.988173962 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:09.044315100 CEST | 192.168.2.15 | 127.0.0.1 | 0x5da9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:14.051148891 CEST | 192.168.2.15 | 127.0.0.1 | 0x5da9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:14.237967014 CEST | 192.168.2.15 | 1.1.1.1 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:15.820024014 CEST | 192.168.2.15 | 1.1.1.1 | 0x8081 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:26:15.820024014 CEST | 192.168.2.15 | 1.1.1.1 | 0x18ec | Standard query (0) | 28 | IN (0x0001) | false | |
Oct 8, 2024 11:26:19.487674952 CEST | 192.168.2.15 | 8.8.8.8 | 0xa237 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 11:26:15.921813965 CEST | 1.1.1.1 | 192.168.2.15 | 0x8081 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:26:15.921813965 CEST | 1.1.1.1 | 192.168.2.15 | 0x8081 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 09:23:30 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:30 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:31 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 23 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:36 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 7547 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 5555 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 5358 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -D INPUT -j CWMP_CR" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -D INPUT -j CWMP_CR |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -X CWMP_CR" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -X CWMP_CR |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -I INPUT -p udp --dport 21170 -j ACCEPT" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 09:23:37 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -I INPUT -p udp --dport 21170 -j ACCEPT |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |