Edit tour
Linux
Analysis Report
ssk7Ah3h5D.elf
Overview
General Information
Sample name: | ssk7Ah3h5D.elfrenamed because original name is a hash value |
Original sample name: | 261d2f20496314ed0d2c0f61fff32168.elf |
Analysis ID: | 1529279 |
MD5: | 261d2f20496314ed0d2c0f61fff32168 |
SHA1: | e950602f9aa98aeee313f1da6667f812173dd981 |
SHA256: | 04142d7f8d6a95f13b4abeca0d6ca747eecc1390d4aa929db0f08310fb596745 |
Tags: | 32armelfmirai |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529279 |
Start date and time: | 2024-10-08 20:22:54 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | ssk7Ah3h5D.elfrenamed because original name is a hash value |
Original Sample Name: | 261d2f20496314ed0d2c0f61fff32168.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/1@5/0 |
- VT rate limit hit for: ssk7Ah3h5D.elf
Command: | /tmp/ssk7Ah3h5D.elf |
PID: | 5811 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- system is lnxubuntu20
- ssk7Ah3h5D.elf New Fork (PID: 5813, Parent: 5811)
- ssk7Ah3h5D.elf New Fork (PID: 5815, Parent: 5811)
- gnome-session-binary New Fork (PID: 5849, Parent: 1498)
- gnome-session-binary New Fork (PID: 5852, Parent: 1498)
- gdm3 New Fork (PID: 5861, Parent: 1333)
- gdm3 New Fork (PID: 5882, Parent: 1333)
- systemd New Fork (PID: 5889, Parent: 1)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false | unknown | |
fortyfivehundred.dyn | unknown | unknown | false | unknown | |
subcarrace.indy. [malformed] | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.243.19.47 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
154.205.144.234 | unknown | Seychelles | 26484 | IKGUL-26484US | true | |
116.203.104.203 | unknown | Germany | 24940 | HETZNER-ASDE | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
162.243.19.47 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
154.205.144.234 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
116.203.104.203 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | MicroClip, Vidar | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
IKGUL-26484US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Quasar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
Process: | /usr/libexec/gsd-sharing |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 5.919366869975419 |
TrID: |
|
File name: | ssk7Ah3h5D.elf |
File size: | 46'488 bytes |
MD5: | 261d2f20496314ed0d2c0f61fff32168 |
SHA1: | e950602f9aa98aeee313f1da6667f812173dd981 |
SHA256: | 04142d7f8d6a95f13b4abeca0d6ca747eecc1390d4aa929db0f08310fb596745 |
SHA512: | bb275d61f4524c6f07e5c1efd855d044bd5ee0b6f24e12a464206c69cfa8b23db59c09a0fc3d1219fd5532ebc499dfd69c6a3d7d41b3f8c72b480f92b7862db4 |
SSDEEP: | 768:dXd2Q45NNn6lQvagWqqyHSXbtCnm/TdJDuwD6JRgRm0+wsOtcfWdKQXLGpb:VNBC6IEfDYS7+YmWdH |
TLSH: | 5A23E791BD819A0BCAD5037BFA1E42CD37267798F2DE3203DE256F5137CA92B096A141 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(.....................................................4....S..........Q.td..................................-...L."...R*..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 46088 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xa980 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x12a30 | 0xaa30 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x12a44 | 0xaa44 | 0x74c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1b194 | 0xb194 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1b19c | 0xb19c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1b1a8 | 0xb1a8 | 0x220 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1b3c8 | 0xb3c8 | 0x515c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xb3c8 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xb190 | 0xb190 | 5.9494 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0xb194 | 0x1b194 | 0x1b194 | 0x234 | 0x5390 | 2.9139 | 0x6 | RW | 0x8000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 20:24:16.709109068 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:24:16.714499950 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:24:16.714550972 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:24:16.716133118 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:24:16.721278906 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:24:31.730575085 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:24:31.735575914 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:24:38.837025881 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:24:38.837088108 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:24:40.372708082 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:24:40.372755051 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:25:50.403090000 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:25:50.403254032 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:26:19.859920979 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:26:19.860030890 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:26:34.863668919 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Oct 8, 2024 20:26:34.868659973 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:26:42.483697891 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:42.488708973 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:42.488775969 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:42.488800049 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:42.488833904 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:42.493899107 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:42.493910074 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:42.943010092 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:42.943119049 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:43.072010040 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:43.072077036 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:44.942897081 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:26:44.943624020 CEST | 55762 | 53 | 192.168.2.15 | 8.8.8.8 |
Oct 8, 2024 20:26:44.948514938 CEST | 53 | 55762 | 8.8.8.8 | 192.168.2.15 |
Oct 8, 2024 20:27:07.424134016 CEST | 61543 | 35102 | 154.205.144.234 | 192.168.2.15 |
Oct 8, 2024 20:27:07.424323082 CEST | 35102 | 61543 | 192.168.2.15 | 154.205.144.234 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 20:24:01.103907108 CEST | 54647 | 5353 | 192.168.2.15 | 130.61.64.122 |
Oct 8, 2024 20:24:06.110235929 CEST | 55007 | 53 | 192.168.2.15 | 63.231.92.27 |
Oct 8, 2024 20:24:11.116127968 CEST | 35819 | 5353 | 192.168.2.15 | 162.243.19.47 |
Oct 8, 2024 20:24:16.121260881 CEST | 38097 | 53 | 192.168.2.15 | 185.84.81.194 |
Oct 8, 2024 20:24:16.131514072 CEST | 53 | 38097 | 185.84.81.194 | 192.168.2.15 |
Oct 8, 2024 20:24:16.132756948 CEST | 52465 | 53 | 192.168.2.15 | 130.61.64.122 |
Oct 8, 2024 20:24:16.139585972 CEST | 53 | 52465 | 130.61.64.122 | 192.168.2.15 |
Oct 8, 2024 20:24:16.140774012 CEST | 36885 | 5353 | 192.168.2.15 | 116.203.104.203 |
Oct 8, 2024 20:24:16.708385944 CEST | 5353 | 36885 | 116.203.104.203 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 20:24:06.110235929 CEST | 192.168.2.15 | 63.231.92.27 | 0x2d70 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 20:24:16.121260881 CEST | 192.168.2.15 | 185.84.81.194 | 0xc63c | Standard query (0) | 256 | 464 | false | |
Oct 8, 2024 20:24:16.132756948 CEST | 192.168.2.15 | 130.61.64.122 | 0x864f | Standard query (0) | 256 | 464 | false | |
Oct 8, 2024 20:26:42.488800049 CEST | 192.168.2.15 | 8.8.8.8 | 0x374b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 20:26:42.488833904 CEST | 192.168.2.15 | 8.8.8.8 | 0x1dd7 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 20:26:43.072010040 CEST | 8.8.8.8 | 192.168.2.15 | 0x374b | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 20:26:43.072010040 CEST | 8.8.8.8 | 192.168.2.15 | 0x374b | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 18:23:57 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/ssk7Ah3h5D.elf |
Arguments: | /tmp/ssk7Ah3h5D.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 18:24:00 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/ssk7Ah3h5D.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 18:24:00 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/ssk7Ah3h5D.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gsd-sharing |
Arguments: | /usr/libexec/gsd-sharing |
File size: | 35424 bytes |
MD5 hash: | e29d9025d98590fbb69f89fdbd4438b3 |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/libexec/gnome-session-binary |
Arguments: | - |
File size: | 334664 bytes |
MD5 hash: | d9b90be4f7db60cb3c2d3da6a1d31bfb |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /bin/sh |
Arguments: | /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 18:24:30 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/gnome-shell |
Arguments: | /usr/bin/gnome-shell |
File size: | 23168 bytes |
MD5 hash: | da7a257239677622fe4b3a65972c9e87 |
Start time (UTC): | 18:24:31 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 18:24:31 |
Start date (UTC): | 08/10/2024 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 18:24:31 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/sbin/gdm3 |
Arguments: | - |
File size: | 453296 bytes |
MD5 hash: | 2492e2d8d34f9377e3e530a61a15674f |
Start time (UTC): | 18:24:31 |
Start date (UTC): | 08/10/2024 |
Path: | /etc/gdm3/PrimeOff/Default |
Arguments: | /etc/gdm3/PrimeOff/Default |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 18:24:41 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 18:24:41 |
Start date (UTC): | 08/10/2024 |
Path: | /lib/systemd/systemd-user-runtime-dir |
Arguments: | /lib/systemd/systemd-user-runtime-dir stop 127 |
File size: | 22672 bytes |
MD5 hash: | d55f4b0847f88131dbcfb07435178e54 |