Linux
Analysis Report
na.elf
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532542 |
Start date and time: | 2024-10-13 16:11:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 4s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal68.spre.evad.linELF@0/2@58/0 |
- Excluded IPs from analysis (whitelisted): 89.58.43.2, 168.119.183.207, 129.70.132.34, 185.233.107.180
- Excluded domains from analysis (whitelisted): pool.ntp.org
Command: | /tmp/na.elf |
PID: | 5489 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directory Try `iptables -h' or 'iptables --help' for more information. iptables: No chain/target/match by that name. |
- system is lnxubuntu20
- na.elf New Fork (PID: 5491, Parent: 5489)
- na.elf New Fork (PID: 5495, Parent: 5491)
- na.elf New Fork (PID: 5503, Parent: 5495)
- sh New Fork (PID: 5509, Parent: 5503)
- na.elf New Fork (PID: 5515, Parent: 5495)
- sh New Fork (PID: 5520, Parent: 5515)
- na.elf New Fork (PID: 5521, Parent: 5495)
- sh New Fork (PID: 5526, Parent: 5521)
- na.elf New Fork (PID: 5527, Parent: 5495)
- sh New Fork (PID: 5532, Parent: 5527)
- na.elf New Fork (PID: 5535, Parent: 5495)
- sh New Fork (PID: 5540, Parent: 5535)
- na.elf New Fork (PID: 5541, Parent: 5495)
- sh New Fork (PID: 5546, Parent: 5541)
- na.elf New Fork (PID: 5547, Parent: 5495)
- sh New Fork (PID: 5552, Parent: 5547)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Spreading |
---|
Source: | Opens: | Jump to behavior |
Networking |
---|
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior |
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior |
Source: | Reads hosts file: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Program segment: |
Source: | Classification label: |
Persistence and Installation Behavior |
---|
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior |
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior | ||
Source: | Iptables executable: | Jump to behavior |
Source: | Stderr: iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directoryTry `iptables -h' or 'iptables --help' for more information.iptables: No chain/target/match by that name.: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Linux.Backdoor.Hajime | ||
57% | Virustotal | Browse | ||
100% | Avira | LINUX/Hajime.wkfyd |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false |
| unknown |
router.bittorrent.com | unknown | unknown | false |
| unknown |
router.utorrent.com | unknown | unknown | false |
| unknown |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | /tmp/na.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 12 |
Entropy (8bit): | 3.418295834054489 |
Encrypted: | false |
SSDEEP: | 3:TgBDln:TgB5 |
MD5: | 951B267BD5360B4C3CA7BACED8A2634A |
SHA1: | 6BAC6446FDB84BF0060C4DA5ECB10F2C264B1F03 |
SHA-256: | 8DD8E1A24B09832D24EDEC43CEF017CE5AAD2CB185367A22AE07A1055C70C6F8 |
SHA-512: | 21F810040E835A5A8BE3614E8252009D92CDA9FAA2D22A34DFDDA15B07CF82171AA4B815BB6F023B2160071727CECF4FCDC09C6E3E6A5333CE11D22A010BEB10 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /tmp/na.elf |
File Type: | |
Category: | dropped |
Size (bytes): | 230 |
Entropy (8bit): | 3.709552666863289 |
Encrypted: | false |
SSDEEP: | 6:iekrEcvwAsE5KlwSd4pzKaV6Lpms/a/1VCxGF:ur+m5MwSdIKaV6L1adVRF |
MD5: | 2E667F43AE18CD1FE3C108641708A82C |
SHA1: | 12B90DE2DA0FBCFE66F3D6130905E56C8D6A68D3 |
SHA-256: | 6F721492E7A337C5B498A8F55F5EB7AC745AFF716D0B5B08EFF2C1B6B250F983 |
SHA-512: | D2A0EE2509154EC1098994F38BE172F98F4150399C534A04D5C675D7C05630802225019F19344CC9070C576BC465A4FEB382AC7712DE6BF25E9244B54A9DB830 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.979215609150252 |
TrID: |
|
File name: | na.elf |
File size: | 82'824 bytes |
MD5: | 0d4707ea533f1129a391e353f65c553c |
SHA1: | 0cb976511225978ba12625d93be05bf809ad5a41 |
SHA256: | 9019f250f305830e4e9f743ccf75669dffc10e37aa797613f17f2793fa8713cc |
SHA512: | c2776a677202995c4d492ec0baa47decb42d50306ace215a880e9317a158725af3ea406a812a2b8706b6a1c5b23050439294a911c35b5ad8766189e97bfb5cff |
SSDEEP: | 1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+ui:yYI0ARqw1qAEv7UIFM8oJorFquyjkRkg |
TLSH: | 69831229235524E5D62281F0E7FD1B84AD591F69CEE2EC15BC12BC89EE333AD3CC2518 |
File Content Preview: | .ELF....................../....4.........4. ...(......................Bd..Bd.................G...G.................................................^.......?.E.h4...@b..) ..]..0...a.t<..mc.zy/..>..!c...gM\<j..W`xD'..}...\..].j.L.u...S..i...../..F...@`..'k. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 2 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x14264 | 0x14264 | 7.9794 | 0x5 | R E | 0x10000 | ||
LOAD | 0xa6c0 | 0x47a6c0 | 0x47a6c0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2024 16:12:05.213000059 CEST | 39455 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:10.437211990 CEST | 35105 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:15.686763048 CEST | 54171 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:20.936783075 CEST | 34065 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:26.186693907 CEST | 47908 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:31.436752081 CEST | 46226 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:35.231314898 CEST | 40422 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:36.686367035 CEST | 60159 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:40.239984035 CEST | 59161 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:41.936266899 CEST | 50967 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:45.250591040 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:47.185930014 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:50.435867071 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:52.435688019 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:12:55.685878992 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:12:57.685532093 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:00.935431004 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:02.935270071 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:06.185445070 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:08.185233116 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:11.435251951 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:13.435209990 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:15.286797047 CEST | 43644 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:16.685148001 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:18.684883118 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:20.294708014 CEST | 39552 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:21.934963942 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:23.934783936 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:27.184868097 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:29.184705019 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:32.434655905 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:34.434567928 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:37.684501886 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:39.684272051 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:42.934226990 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:44.934081078 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:48.184128046 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:50.184200048 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:53.433978081 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:13:55.370587111 CEST | 42914 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:55.433759928 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:13:58.683943033 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:00.379705906 CEST | 50651 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:00.683634996 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:03.933582067 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:05.933440924 CEST | 33845 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:09.183470011 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:14.433507919 CEST | 52170 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:19.683213949 CEST | 43485 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:24.933197021 CEST | 54716 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:30.183006048 CEST | 56694 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:35.427941084 CEST | 58146 | 53 | 192.168.2.14 | 127.0.0.1 |
Oct 13, 2024 16:14:35.432512999 CEST | 48601 | 53 | 192.168.2.14 | 1.1.1.1 |
Oct 13, 2024 16:14:40.432743073 CEST | 52607 | 53 | 192.168.2.14 | 127.0.0.1 |
Oct 13, 2024 16:14:40.682413101 CEST | 51648 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:43.529710054 CEST | 55630 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:43.529783010 CEST | 60772 | 53 | 192.168.2.14 | 8.8.8.8 |
Oct 13, 2024 16:14:43.536883116 CEST | 53 | 55630 | 8.8.8.8 | 192.168.2.14 |
Oct 13, 2024 16:14:43.536930084 CEST | 53 | 60772 | 8.8.8.8 | 192.168.2.14 |
Oct 13, 2024 16:14:45.932102919 CEST | 45717 | 53 | 192.168.2.14 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 13, 2024 16:12:05.213000059 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:10.437211990 CEST | 192.168.2.14 | 1.1.1.1 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:15.686763048 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:20.936783075 CEST | 192.168.2.14 | 1.1.1.1 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:26.186693907 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:31.436752081 CEST | 192.168.2.14 | 1.1.1.1 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:35.231314898 CEST | 192.168.2.14 | 8.8.8.8 | 0xcdd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:36.686367035 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:40.239984035 CEST | 192.168.2.14 | 8.8.8.8 | 0xcdd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:41.936266899 CEST | 192.168.2.14 | 1.1.1.1 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:45.250591040 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:47.185930014 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:50.435867071 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:52.435688019 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:55.685878992 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:12:57.685532093 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:00.935431004 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:02.935270071 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:06.185445070 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:08.185233116 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:11.435251951 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:13.435209990 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:15.286797047 CEST | 192.168.2.14 | 8.8.8.8 | 0xa5d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:16.685148001 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:18.684883118 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:20.294708014 CEST | 192.168.2.14 | 8.8.8.8 | 0xa5d5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:21.934963942 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:23.934783936 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:27.184868097 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:29.184705019 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:32.434655905 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:34.434567928 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:37.684501886 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:39.684272051 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:42.934226990 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:44.934081078 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:48.184128046 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:50.184200048 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:53.433978081 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:55.370587111 CEST | 192.168.2.14 | 8.8.8.8 | 0xdded | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:55.433759928 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:13:58.683943033 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:00.379705906 CEST | 192.168.2.14 | 8.8.8.8 | 0xdded | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:00.683634996 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:03.933582067 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:05.933440924 CEST | 192.168.2.14 | 8.8.8.8 | 0x597e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:09.183470011 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:14.433507919 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:19.683213949 CEST | 192.168.2.14 | 8.8.8.8 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:24.933197021 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:30.183006048 CEST | 192.168.2.14 | 8.8.8.8 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:35.427941084 CEST | 192.168.2.14 | 127.0.0.1 | 0x8ff4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:35.432512999 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:40.432743073 CEST | 192.168.2.14 | 127.0.0.1 | 0x8ff4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:40.682413101 CEST | 192.168.2.14 | 8.8.8.8 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:43.529710054 CEST | 192.168.2.14 | 8.8.8.8 | 0x6821 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 16:14:43.529783010 CEST | 192.168.2.14 | 8.8.8.8 | 0xc920 | Standard query (0) | 28 | IN (0x0001) | false | |
Oct 13, 2024 16:14:45.932102919 CEST | 192.168.2.14 | 1.1.1.1 | 0xf319 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 13, 2024 16:14:43.536883116 CEST | 8.8.8.8 | 192.168.2.14 | 0x6821 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 16:14:43.536883116 CEST | 8.8.8.8 | 192.168.2.14 | 0x6821 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 14:11:58 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:11:58 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:11:58 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 23 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 7547 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 5555 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -A INPUT -p tcp --destination-port 5358 -j DROP |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -D INPUT -j CWMP_CR" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -D INPUT -j CWMP_CR |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -X CWMP_CR" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -X CWMP_CR |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 5777432 bytes |
MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT" |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /bin/sh |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 14:12:03 |
Start date (UTC): | 13/10/2024 |
Path: | /usr/sbin/iptables |
Arguments: | iptables -I INPUT -p udp --dport 53681 -j ACCEPT |
File size: | 99296 bytes |
MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |