Linux Analysis Report
IJB2Ub1KkE.elf

Overview

General Information

Sample Name:	IJB2Ub1KkE.elf
Original Sample Name:	4cb948a32c4ef20b6d74006938218277.elf
Analysis ID:	1303230
MD5:	4cb948a32c4ef20b6d74006938218277
SHA1:	8997b6216a149c550f86df86a8aad5c939594ff0
SHA256:	9ef61be75e7275c7fa42c1e68c533332bb580bcba297097cf230cacd8aa2298b
Tags:	32elfmirairenesas
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: IJB2Ub1KkE.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: IJB2Ub1KkE.elf	ReversingLabs: Detection: 63%
Source: IJB2Ub1KkE.elf	Virustotal: Detection: 63%			Perma Link

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45084
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45106
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45114
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45116
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45128
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38270
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38282
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38288
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38324
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38382
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38388
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38436
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44156
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44164
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44190
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44230
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44286
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44316
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44366
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38920
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38930
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59020
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59038
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59238

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:44500 -> 94.158.247.27:1024
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.28.115.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.26.127.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.1.133.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 165.168.215.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.43.167.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.216.126.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 177.233.182.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.173.97.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.5.46.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.56.238.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 63.3.232.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.224.159.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.195.52.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.113.43.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 146.248.17.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.129.24.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.170.116.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.148.232.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.110.74.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.182.94.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.85.120.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 146.119.124.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 176.225.203.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.1.151.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.188.1.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.68.89.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.141.181.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.162.186.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.0.168.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.30.18.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.92.214.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.144.20.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.75.129.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.166.86.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.165.34.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 178.123.101.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.84.92.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.96.235.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.90.203.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.97.200.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 119.94.225.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.155.116.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.66.165.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 64.51.11.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.167.13.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 186.112.68.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.226.248.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.185.58.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 63.138.62.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 216.108.0.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 79.238.98.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 164.224.233.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.152.228.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.31.217.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.72.68.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.151.251.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.45.42.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.21.196.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.163.88.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 178.42.74.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.47.46.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.52.133.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.96.165.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.50.79.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 196.68.132.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 93.153.97.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 108.52.84.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.252.115.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 64.215.52.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.93.176.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.7.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.190.204.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 183.60.221.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 129.38.54.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.117.29.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 155.55.24.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.58.157.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.185.25.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.33.204.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.8.31.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.230.175.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.176.172.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 58.82.50.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.212.45.181:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.130.231.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.225.197.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.203.113.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.168.76.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.69.226.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.23.1.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 48.53.138.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 153.173.232.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 116.71.62.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.187.134.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.141.115.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 156.121.100.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.100.209.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.61.62.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.47.63.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.192.231.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.186.201.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.59.254.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 113.168.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.154.1.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.6.247.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 12.151.75.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.186.148.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.75.169.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 68.212.85.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.207.164.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.80.233.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 19.8.121.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.206.49.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.236.232.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 165.130.70.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.228.43.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.93.94.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.105.174.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.227.85.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.115.38.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.7.165.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.237.14.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.174.102.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.201.250.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.108.163.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 218.16.83.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 223.62.131.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.215.199.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.35.47.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 157.208.54.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.185.19.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 142.109.198.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 216.229.144.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.18.19.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.63.15.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.120.252.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.187.188.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 74.250.127.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.216.111.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.166.201.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.152.138.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.4.19.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.6.5.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.80.211.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 208.79.230.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.168.126.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 121.201.123.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 209.249.201.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.86.175.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 60.21.156.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 137.180.185.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.247.71.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 147.52.97.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.199.14.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.27.40.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.36.100.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.26.243.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.177.231.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.178.230.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 54.227.172.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.44.127.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.2.106.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.12.170.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.12.220.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 124.31.200.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.57.35.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.150.179.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 132.128.59.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 119.142.141.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.182.107.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.58.90.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 173.230.166.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.62.102.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 123.183.255.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.6.136.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.239.55.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.254.163.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.85.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.211.49.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.187.190.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.90.7.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.204.17.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.210.17.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 31.136.167.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 37.162.133.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.103.112.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.109.156.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.72.194.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.228.67.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.132.148.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.226.204.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 196.45.81.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.71.124.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.118.115.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.230.74.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.30.199.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.41.52.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 110.186.253.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.107.137.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.57.172.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.116.118.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.89.31.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.203.105.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 70.174.94.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.56.184.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.78.103.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.52.249.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.216.91.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 46.89.189.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 57.208.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.217.243.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.3.197.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.222.98.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 53.251.148.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.161.227.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 85.178.41.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 145.210.122.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.32.101.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.101.255.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.71.126.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.35.62.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.184.120.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 161.20.230.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 137.132.151.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.141.209.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 57.231.156.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 58.97.227.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.254.206.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 121.50.204.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 45.153.190.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.243.7.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.26.137.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.126.169.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.96.151.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 124.7.152.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.62.205.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 176.46.167.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.176.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.163.73.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.0.54.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.64.16.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.80.213.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.9.222.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 47.216.110.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 128.38.172.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.129.105.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.21.245.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.235.34.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.69.102.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.243.182.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 177.107.87.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.214.164.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.99.109.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.139.164.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.160.6.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.39.238.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.96.209.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.104.221.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.5.223.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.181.139.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.173.10.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.213.142.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.171.31.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 144.62.205.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.255.9.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.29.48.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 70.167.215.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.118.14.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.17.164.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.76.252.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.214.121.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.11.120.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.87.167.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.216.249.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.122.220.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.105.63.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.30.64.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.239.48.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.180.5.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.154.2.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.125.194.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 190.136.51.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 223.254.180.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.104.135.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.85.0.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.186.242.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.185.202.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.49.72.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 197.204.177.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 45.154.150.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.101.53.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 32.122.5.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 163.18.156.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 190.236.198.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.214.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 144.234.147.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.217.157.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.240.207.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 155.99.100.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 52.132.110.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.108.212.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.55.127.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 19.240.20.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.80.182.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.174.16.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 31.102.253.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.57.222.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.157.29.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.162.226.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.137.95.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.6.110.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.93.104.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 109.118.183.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 129.20.196.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.66.183.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.100.128.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 101.127.192.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.139.87.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.106.230.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 77.170.6.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.213.88.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.16.139.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 46.159.205.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 61.212.238.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.41.174.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.188.255.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.167.134.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 75.32.240.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.92.59.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 171.10.32.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.68.33.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.47.243.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.28.166.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 68.249.17.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.119.249.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 91.141.217.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.93.226.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.130.83.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.61.109.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.180.32.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.153.163.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.53.134.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.196.251.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.125.165.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.212.250.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.85.124.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 161.245.110.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 37.63.62.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.201.128.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 167.245.17.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.163.151.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.62.255.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.182.224.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.64.181.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.150.252.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.83.213.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 186.17.9.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.32.223.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.240.163.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.41.47.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.206.41.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.99.34.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.173.201.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 96.101.175.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.227.153.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.235.239.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 198.213.201.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 105.181.34.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 104.103.190.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 53.28.48.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 203.165.100.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.64.226.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.130.78.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.112.63.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.165.106.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.216.241.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 218.128.64.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.236.139.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.44.90.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.79.122.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.89.231.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.75.146.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.77.233.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 93.235.67.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 73.224.81.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.130.46.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.190.207.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.130.126.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.139.185.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.118.29.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 197.126.137.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.42.203.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.110.248.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.247.250.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.175.130.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 100.229.226.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.158.37.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.238.217.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 34.21.132.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.19.241.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 47.146.1.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 163.46.119.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.84.23.181:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.5.211.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.56.63.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 181.184.4.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.233.16.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.45.74.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.134.61.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.157.139.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.84.180.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.223.113.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.172.151.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 76.233.133.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.209.209.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 132.72.47.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.249.11.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.237.177.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.134.214.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 142.157.28.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.182.134.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.87.71.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 220.1.233.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.6.35.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 48.153.112.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.52.213.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 73.94.119.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 171.115.235.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.157.94.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.39.41.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.51.40.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 95.67.217.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.169.182.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.32.127.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.238.185.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.153.194.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.170.194.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.70.161.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.169.147.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.50.72.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 203.84.116.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.51.161.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.100.199.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.136.84.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.249.240.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 166.68.127.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 167.23.69.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 84.83.151.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 181.86.56.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.154.42.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.73.8.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 156.68.225.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 180.65.28.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.34.70.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.45.137.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.43.148.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 198.182.4.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 91.239.68.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.48.49.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.135.100.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.196.11.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.41.132.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 108.154.66.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.225.114.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.125.129.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 191.76.213.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.174.35.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.27.10.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.16.76.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.37.212.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.119.208.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.190.253.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 116.21.58.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.159.255.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.154.219.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.100.56.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 207.80.233.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.143.216.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.102.43.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.116.24.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 12.7.20.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 85.114.204.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.75.197.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.23.227.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 54.32.112.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.56.53.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.14.163.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 221.228.189.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 32.130.210.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 69.7.11.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.248.30.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 110.133.174.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.147.171.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.116.167.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.37.127.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.202.241.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.221.153.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.125.144.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.26.209.188:2323

Sample listens on a socket

Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)	Socket: 127.0.0.1::38273	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::80	Jump to behavior

Source: unknown

DNS traffic detected: queries for: daisy.ubuntu.com

Source: unknown	TCP traffic detected without corresponding DNS query: 94.158.247.27
Source: unknown	TCP traffic detected without corresponding DNS query: 136.28.115.98
Source: unknown	TCP traffic detected without corresponding DNS query: 13.146.60.238
Source: unknown	TCP traffic detected without corresponding DNS query: 186.61.217.178
Source: unknown	TCP traffic detected without corresponding DNS query: 201.47.209.130
Source: unknown	TCP traffic detected without corresponding DNS query: 136.194.168.219
Source: unknown	TCP traffic detected without corresponding DNS query: 57.70.141.110
Source: unknown	TCP traffic detected without corresponding DNS query: 24.61.130.223
Source: unknown	TCP traffic detected without corresponding DNS query: 4.26.127.105
Source: unknown	TCP traffic detected without corresponding DNS query: 221.113.193.160
Source: unknown	TCP traffic detected without corresponding DNS query: 146.139.20.130
Source: unknown	TCP traffic detected without corresponding DNS query: 24.142.148.220
Source: unknown	TCP traffic detected without corresponding DNS query: 209.123.155.105
Source: unknown	TCP traffic detected without corresponding DNS query: 185.121.49.15
Source: unknown	TCP traffic detected without corresponding DNS query: 182.249.136.190
Source: unknown	TCP traffic detected without corresponding DNS query: 222.173.106.0
Source: unknown	TCP traffic detected without corresponding DNS query: 158.119.111.69
Source: unknown	TCP traffic detected without corresponding DNS query: 149.1.133.36
Source: unknown	TCP traffic detected without corresponding DNS query: 161.90.156.104
Source: unknown	TCP traffic detected without corresponding DNS query: 117.231.202.112
Source: unknown	TCP traffic detected without corresponding DNS query: 2.193.206.61
Source: unknown	TCP traffic detected without corresponding DNS query: 19.229.65.61
Source: unknown	TCP traffic detected without corresponding DNS query: 14.97.67.24
Source: unknown	TCP traffic detected without corresponding DNS query: 59.182.238.175
Source: unknown	TCP traffic detected without corresponding DNS query: 106.111.37.59
Source: unknown	TCP traffic detected without corresponding DNS query: 40.253.27.200
Source: unknown	TCP traffic detected without corresponding DNS query: 126.188.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 62.14.0.34
Source: unknown	TCP traffic detected without corresponding DNS query: 205.69.7.0
Source: unknown	TCP traffic detected without corresponding DNS query: 96.108.102.131
Source: unknown	TCP traffic detected without corresponding DNS query: 179.164.136.72
Source: unknown	TCP traffic detected without corresponding DNS query: 77.72.167.234
Source: unknown	TCP traffic detected without corresponding DNS query: 165.168.215.61
Source: unknown	TCP traffic detected without corresponding DNS query: 141.27.170.247
Source: unknown	TCP traffic detected without corresponding DNS query: 17.212.117.49
Source: unknown	TCP traffic detected without corresponding DNS query: 27.245.216.119
Source: unknown	TCP traffic detected without corresponding DNS query: 19.145.18.49
Source: unknown	TCP traffic detected without corresponding DNS query: 92.26.49.250
Source: unknown	TCP traffic detected without corresponding DNS query: 18.68.118.213
Source: unknown	TCP traffic detected without corresponding DNS query: 102.43.167.103
Source: unknown	TCP traffic detected without corresponding DNS query: 167.254.41.62
Source: unknown	TCP traffic detected without corresponding DNS query: 61.116.15.47
Source: unknown	TCP traffic detected without corresponding DNS query: 62.184.154.196
Source: unknown	TCP traffic detected without corresponding DNS query: 151.200.124.127
Source: unknown	TCP traffic detected without corresponding DNS query: 35.88.69.102
Source: unknown	TCP traffic detected without corresponding DNS query: 211.133.57.72
Source: unknown	TCP traffic detected without corresponding DNS query: 90.126.251.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.251.150.207
Source: unknown	TCP traffic detected without corresponding DNS query: 208.5.195.98
Source: unknown	TCP traffic detected without corresponding DNS query: 196.177.153.104

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	SIGKILL sent: pid: 940, result: successful			Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	SIGKILL sent: pid: 940, result: successful			Jump to behavior

Source: classification engine

Classification label: mal68.troj.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/928/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/928/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45084
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45106
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45114
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45116
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45128
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38270
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38282
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38288
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38324
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38382
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38388
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38436
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44156
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44164
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44190
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44230
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44286
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44316
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44366
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38920
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38930
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59020
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59038
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59238

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)

Queries kernel information via 'uname':

Jump to behavior

Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/IJB2Ub1KkE.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/IJB2Ub1KkE.elf
Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmp	Binary or memory string: 7V5!/etc/qemu-binfmt/sh4

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
176.64.125.18	unknown	Sweden	1257	TELE2EU	false
8.191.184.106	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
95.85.184.203	unknown	Serbia	41897	SAT-TRAKT-ASSerbiaRS	false
134.233.55.94	unknown	United States	531	DNIC-AS-00531US	false
79.94.10.119	unknown	France	15557	LDCOMNETFR	false
84.235.13.218	unknown	Saudi Arabia	39386	STC-IGW-ASSA	false
91.71.90.179	unknown	France	15557	LDCOMNETFR	false
191.59.30.120	unknown	Brazil	53037	NEXTELTELECOMUNICACOESLTDABR	false
146.212.58.107	unknown	Slovenia	21283	A1SI-ASA1SlovenijaSI	false
146.74.246.103	unknown	United States	30051	SCCGOVUS	false
108.195.224.147	unknown	United States	7018	ATT-INTERNET4US	false
82.70.221.167	unknown	United Kingdom	13037	ZEN-ASZenInternet-UKGB	false
182.83.152.20	unknown	China	23771	SXBCTV-APSXBCTVInternetServiceProviderCN	false
179.44.30.144	unknown	Venezuela	22927	TelefonicadeArgentinaAR	false
178.81.153.30	unknown	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
182.159.32.133	unknown	Japan	4725	ODNSoftBankMobileCorpJP	false
181.62.19.186	unknown	Colombia	10620	TelmexColombiaSACO	false
175.133.231.226	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
93.127.226.11	unknown	Germany	8893	ARTFILES-ASZirkusweg1DE	false
86.251.252.159	unknown	France	3215	FranceTelecom-OrangeFR	false
93.236.153.202	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
154.109.4.240	unknown	Tunisia	37693	TUNISIANATN	false
210.45.218.227	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
174.158.74.84	unknown	United States	10507	SPCSUS	false
159.36.214.153	unknown	United States	30449	AZSTATEUS	false
193.38.245.173	unknown	unknown	48095	XTGLOBALRO	false
114.177.133.200	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
32.46.254.208	unknown	United States	7018	ATT-INTERNET4US	false
160.71.58.113	unknown	Finland	12582	TSF-DATANET-NGD-ASTeliaFinlandMPLSVPNServicesFI	false
38.127.94.201	unknown	United States	395657	HOPLITE-ASNUS	false
148.142.187.73	unknown	United States	3246	TDCSONGTele2BusinessTDCSwedenSE	false
182.209.214.210	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
187.134.132.168	unknown	Mexico	8151	UninetSAdeCVMX	false
104.29.0.189	unknown	United States	13335	CLOUDFLARENETUS	false
177.213.50.57	unknown	Brazil	26599	TELEFONICABRASILSABR	false
89.0.8.154	unknown	Germany	8422	NETCOLOGNEDE	false
156.146.251.185	unknown	United States	1448	UNITED-BROADBANDUS	false
221.170.13.52	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
183.44.54.20	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
161.16.211.75	unknown	United States	19512	LYONDELLUS	false
121.98.36.4	unknown	New Zealand	9790	VOCUSGROUPNZVocusGroupNZ	false
133.87.23.174	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
165.251.124.93	unknown	United States	6468	EASYLINK-AS6468US	false
19.82.2.24	unknown	United States	3	MIT-GATEWAYSUS	false
206.9.140.119	unknown	United States	5006	VOYANTUS	false
91.243.156.152	unknown	Spain	12479	UNI2-ASES	false
173.138.55.152	unknown	United States	10507	SPCSUS	false
85.45.125.176	unknown	Italy	3269	ASN-IBSNAZIT	false
94.76.139.152	unknown	Spain	29119	SERVIHOSTING-ASAireNetworksES	false
98.67.105.33	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
158.58.137.188	unknown	Italy	35485	NETWORK-ASIT	false
157.148.253.233	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
159.111.168.101	unknown	United States	33588	BRESNAN-33588US	false
186.180.66.223	unknown	Colombia	27831	ColombiaMovilCO	false
43.196.136.81	unknown	Japan	4249	LILLY-ASUS	false
54.75.118.199	unknown	United States	16509	AMAZON-02US	false
38.198.158.150	unknown	United States	174	COGENT-174US	false
110.7.174.169	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
181.108.163.110	unknown	Argentina	7303	TelecomArgentinaSAAR	false
200.98.219.216	unknown	Brazil	18479	UniversoOnlineSABR	false
154.139.176.182	unknown	Egypt	37069	MOBINILEG	false
72.71.77.95	unknown	United States	701	UUNETUS	false
135.61.120.207	unknown	United States	18676	AVAYAUS	false
152.45.109.45	unknown	United States	81	NCRENUS	false
99.151.3.166	unknown	United States	7018	ATT-INTERNET4US	false
159.21.68.105	unknown	United States	62195	MWH-UK-ASGB	false
48.64.241.78	unknown	United States	2686	ATGS-MMD-ASUS	false
90.228.230.195	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
192.58.117.187	unknown	United States	1970	TAMUS-NETUS	false
62.169.240.190	unknown	Greece	25472	WIND-ASGR	false
46.134.189.11	unknown	Poland	5617	TPNETPL	false
142.38.158.107	unknown	Canada	3633	PROVINCE-OF-BRITISH-COLUMBIACA	false
213.115.153.120	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
90.80.89.71	unknown	France	3215	FranceTelecom-OrangeFR	false
118.50.89.207	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
114.60.150.91	unknown	China	9812	CNNIC-CN-COLNETOrientalCableNetworkCoLtdCN	false
54.189.236.68	unknown	United States	16509	AMAZON-02US	false
27.94.222.135	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
139.65.39.81	unknown	United States	9905	LINKNET-ID-APLinknetASNID	false
97.121.78.118	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
116.224.242.13	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
49.109.141.211	unknown	Japan	9605	DOCOMONTTDOCOMOINCJP	false
35.45.46.4	unknown	United States	36375	UMICH-AS-5US	false
87.234.8.171	unknown	Germany	20676	PLUSNETDE	false
48.92.145.38	unknown	United States	2686	ATGS-MMD-ASUS	false
173.184.189.170	unknown	United States	7029	WINDSTREAMUS	false
180.203.190.167	unknown	China	9814	FIBRLINKBeijingFibrLINKNetworksCoLtdCN	false
203.133.111.90	unknown	Taiwan; Republic of China (ROC)	9416	MULTIMEDIA-AS-APHoshinMultimediaCenterIncTW	false
168.89.166.83	unknown	South Africa	3741	ISZA	false
109.98.17.156	unknown	Romania	9050	RTDBucharestRomaniaRO	false
192.91.253.231	unknown	United States	3356	LEVEL3US	false
160.168.238.214	unknown	Morocco	6713	IAM-ASMA	false
99.183.148.10	unknown	United States	7018	ATT-INTERNET4US	false
32.202.32.156	unknown	United States	2686	ATGS-MMD-ASUS	false
78.69.183.147	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
149.6.31.174	unknown	United States	174	COGENT-174US	false
108.54.61.23	unknown	United States	701	UUNETUS	false
144.220.240.208	unknown	United States	7896	NU-ASUS	false
164.122.183.106	unknown	United States	668	DNIC-AS-00668US	false
223.4.67.243	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	185.125.188.137	true

AV Detection

Antivirus / Scanner detection for submitted sample

Source: IJB2Ub1KkE.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: IJB2Ub1KkE.elf	ReversingLabs: Detection: 63%
Source: IJB2Ub1KkE.elf	Virustotal: Detection: 63%			Perma Link

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45084
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45106
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45114
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45116
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45128
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38270
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38282
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38288
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38324
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38382
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38388
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38436
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44156
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44164
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44190
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44230
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44286
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44316
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44366
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38920
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38930
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59020
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59038
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59238

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:44500 -> 94.158.247.27:1024
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.28.115.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.26.127.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.1.133.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 165.168.215.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.43.167.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.216.126.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 177.233.182.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.173.97.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.5.46.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.56.238.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 63.3.232.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.224.159.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.195.52.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.113.43.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 146.248.17.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.129.24.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.170.116.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.148.232.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.110.74.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.182.94.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.85.120.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 146.119.124.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 176.225.203.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.1.151.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.188.1.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.68.89.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.141.181.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.162.186.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.0.168.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.30.18.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.92.214.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.144.20.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.75.129.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.166.86.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.165.34.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 178.123.101.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.84.92.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.96.235.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.90.203.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.97.200.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 119.94.225.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.155.116.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.66.165.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 64.51.11.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.167.13.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 186.112.68.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.226.248.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.185.58.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 63.138.62.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 216.108.0.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 79.238.98.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 164.224.233.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.152.228.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.31.217.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.72.68.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.151.251.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.45.42.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.21.196.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.163.88.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 178.42.74.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.47.46.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.52.133.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.96.165.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.50.79.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 196.68.132.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 93.153.97.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 108.52.84.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.252.115.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 64.215.52.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.93.176.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.7.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.190.204.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 183.60.221.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 129.38.54.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.117.29.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 155.55.24.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.58.157.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.185.25.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.33.204.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.8.31.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.230.175.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.176.172.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 58.82.50.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.212.45.181:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.130.231.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.225.197.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.203.113.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.168.76.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.69.226.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.23.1.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 48.53.138.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 153.173.232.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 116.71.62.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.187.134.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.141.115.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 156.121.100.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.100.209.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.61.62.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.47.63.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.192.231.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.186.201.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.59.254.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 113.168.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.154.1.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.6.247.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 12.151.75.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.186.148.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.75.169.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 68.212.85.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.207.164.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.80.233.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 19.8.121.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.206.49.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.236.232.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 165.130.70.137:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.228.43.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.93.94.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.105.174.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.227.85.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.115.38.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.7.165.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.237.14.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.174.102.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.201.250.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.108.163.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 218.16.83.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 223.62.131.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.215.199.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.35.47.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 157.208.54.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.185.19.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 142.109.198.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 216.229.144.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.18.19.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 80.63.15.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.120.252.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.187.188.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 74.250.127.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.216.111.107:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.166.201.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.152.138.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.4.19.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.6.5.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.80.211.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 208.79.230.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.168.126.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 121.201.123.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 209.249.201.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.86.175.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 60.21.156.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 137.180.185.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.247.71.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 147.52.97.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.199.14.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.27.40.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.36.100.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.26.243.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.177.231.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.178.230.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 54.227.172.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.44.127.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.2.106.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.12.170.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.12.220.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 124.31.200.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.57.35.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.150.179.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 132.128.59.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 119.142.141.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 120.182.107.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.58.90.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 173.230.166.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.62.102.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 123.183.255.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.6.136.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.239.55.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.254.163.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.85.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.211.49.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.187.190.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.90.7.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.204.17.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.210.17.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 31.136.167.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 37.162.133.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.103.112.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.109.156.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.72.194.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.228.67.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.132.148.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.226.204.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 196.45.81.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.71.124.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.118.115.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.230.74.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.30.199.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.41.52.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 110.186.253.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.107.137.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.57.172.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.116.118.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.89.31.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.203.105.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 70.174.94.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.56.184.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.78.103.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.52.249.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.216.91.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 46.89.189.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 57.208.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.217.243.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.3.197.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.222.98.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 53.251.148.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.161.227.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 85.178.41.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 145.210.122.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.32.101.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 151.101.255.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.71.126.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.35.62.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.184.120.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 161.20.230.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 137.132.151.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.141.209.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 57.231.156.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 58.97.227.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 200.254.206.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 121.50.204.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 45.153.190.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 1.243.7.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.26.137.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.126.169.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.96.151.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 124.7.152.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.62.205.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 176.46.167.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.176.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.163.73.36:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.0.54.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.64.16.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.80.213.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.9.222.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 47.216.110.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 128.38.172.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.129.105.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.21.245.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.235.34.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 87.69.102.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.243.182.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 177.107.87.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 49.214.164.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.99.109.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 199.139.164.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.160.6.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.39.238.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.96.209.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.104.221.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.5.223.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.181.139.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.173.10.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.213.142.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.171.31.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 144.62.205.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.255.9.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 222.29.48.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 70.167.215.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 115.118.14.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.17.164.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.76.252.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.214.121.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.11.120.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 185.87.167.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.216.249.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.122.220.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.105.63.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.30.64.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.239.48.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.180.5.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.154.2.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.125.194.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 190.136.51.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 223.254.180.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.104.135.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.85.0.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.186.242.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.185.202.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.49.72.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 197.204.177.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 45.154.150.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.101.53.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 32.122.5.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 163.18.156.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 190.236.198.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.214.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 144.234.147.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.217.157.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.240.207.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 155.99.100.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 52.132.110.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.108.212.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.55.127.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 19.240.20.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 40.80.182.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.174.16.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 31.102.253.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 212.57.222.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.157.29.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 8.162.226.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 2.137.95.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.6.110.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 160.93.104.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 109.118.183.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 129.20.196.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.66.183.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.100.128.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 101.127.192.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 20.139.87.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.106.230.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 77.170.6.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.213.88.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.16.139.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 46.159.205.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 61.212.238.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 4.41.174.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 39.188.255.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.167.134.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 75.32.240.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 126.92.59.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 171.10.32.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.68.33.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 62.47.243.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.28.166.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 68.249.17.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.119.249.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 91.141.217.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.93.226.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.130.83.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 41.61.109.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 135.180.32.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.153.163.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 24.53.134.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.196.251.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.125.165.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.212.250.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.85.124.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 161.245.110.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 37.63.62.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 71.201.128.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 167.245.17.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.163.151.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.62.255.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 5.182.224.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.64.181.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.150.252.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.83.213.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 186.17.9.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 140.32.223.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 14.240.163.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.41.47.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 141.206.41.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.99.34.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 204.173.201.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 96.101.175.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.227.153.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 158.235.239.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 198.213.201.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 105.181.34.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 104.103.190.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 53.28.48.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 203.165.100.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 17.64.226.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.130.78.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.112.63.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.165.106.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.216.241.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 218.128.64.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.236.139.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.44.90.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 148.79.122.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 51.89.231.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 112.75.146.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 42.77.233.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 93.235.67.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 73.224.81.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 44.130.46.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.190.207.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.130.126.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 98.139.185.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 103.118.29.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 197.126.137.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 99.42.203.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 111.110.248.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.247.250.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 194.175.130.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 100.229.226.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.158.37.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 82.238.217.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 34.21.132.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.19.241.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 47.146.1.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 163.46.119.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 193.84.23.181:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.5.211.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.56.63.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 181.184.4.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 94.233.16.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.45.74.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.134.61.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 138.157.139.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 213.84.180.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.223.113.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 107.172.151.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 76.233.133.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.209.209.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 132.72.47.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 205.249.11.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.237.177.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 43.134.214.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 142.157.28.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.182.134.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 38.87.71.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 220.1.233.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 149.6.35.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 48.153.112.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 188.52.213.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 73.94.119.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 171.115.235.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 50.157.94.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 139.39.41.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.51.40.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 95.67.217.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 211.169.182.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.32.127.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 102.238.185.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.153.194.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.170.194.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 182.70.161.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 143.169.147.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 175.50.72.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 203.84.116.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 92.51.161.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 174.100.199.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 27.136.84.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 134.249.240.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 166.68.127.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 167.23.69.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 84.83.151.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 181.86.56.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.154.42.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 170.73.8.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 156.68.225.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 180.65.28.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 72.34.70.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.45.137.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.43.148.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 198.182.4.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 91.239.68.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 150.48.49.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 187.135.100.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 9.196.11.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 219.41.132.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 108.154.66.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 35.225.114.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 189.125.129.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 191.76.213.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 23.174.35.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 88.27.10.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 201.16.76.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 125.37.212.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 206.119.208.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 66.190.253.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 116.21.58.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 136.159.255.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 67.154.219.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 78.100.56.252:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 207.80.233.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 210.143.216.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.102.43.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 184.116.24.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 12.7.20.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 85.114.204.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 81.75.197.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 97.23.227.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 54.32.112.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 168.56.53.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 131.14.163.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 221.228.189.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 32.130.210.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 69.7.11.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 217.248.30.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 110.133.174.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 130.147.171.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.116.167.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 86.37.127.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 25.202.241.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 118.221.153.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 159.125.144.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:6744 -> 202.26.209.188:2323

Sample listens on a socket

Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)	Socket: 127.0.0.1::38273	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	Socket: 0.0.0.0::80	Jump to behavior

Source: unknown

DNS traffic detected: queries for: daisy.ubuntu.com

Source: unknown	TCP traffic detected without corresponding DNS query: 94.158.247.27
Source: unknown	TCP traffic detected without corresponding DNS query: 136.28.115.98
Source: unknown	TCP traffic detected without corresponding DNS query: 13.146.60.238
Source: unknown	TCP traffic detected without corresponding DNS query: 186.61.217.178
Source: unknown	TCP traffic detected without corresponding DNS query: 201.47.209.130
Source: unknown	TCP traffic detected without corresponding DNS query: 136.194.168.219
Source: unknown	TCP traffic detected without corresponding DNS query: 57.70.141.110
Source: unknown	TCP traffic detected without corresponding DNS query: 24.61.130.223
Source: unknown	TCP traffic detected without corresponding DNS query: 4.26.127.105
Source: unknown	TCP traffic detected without corresponding DNS query: 221.113.193.160
Source: unknown	TCP traffic detected without corresponding DNS query: 146.139.20.130
Source: unknown	TCP traffic detected without corresponding DNS query: 24.142.148.220
Source: unknown	TCP traffic detected without corresponding DNS query: 209.123.155.105
Source: unknown	TCP traffic detected without corresponding DNS query: 185.121.49.15
Source: unknown	TCP traffic detected without corresponding DNS query: 182.249.136.190
Source: unknown	TCP traffic detected without corresponding DNS query: 222.173.106.0
Source: unknown	TCP traffic detected without corresponding DNS query: 158.119.111.69
Source: unknown	TCP traffic detected without corresponding DNS query: 149.1.133.36
Source: unknown	TCP traffic detected without corresponding DNS query: 161.90.156.104
Source: unknown	TCP traffic detected without corresponding DNS query: 117.231.202.112
Source: unknown	TCP traffic detected without corresponding DNS query: 2.193.206.61
Source: unknown	TCP traffic detected without corresponding DNS query: 19.229.65.61
Source: unknown	TCP traffic detected without corresponding DNS query: 14.97.67.24
Source: unknown	TCP traffic detected without corresponding DNS query: 59.182.238.175
Source: unknown	TCP traffic detected without corresponding DNS query: 106.111.37.59
Source: unknown	TCP traffic detected without corresponding DNS query: 40.253.27.200
Source: unknown	TCP traffic detected without corresponding DNS query: 126.188.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 62.14.0.34
Source: unknown	TCP traffic detected without corresponding DNS query: 205.69.7.0
Source: unknown	TCP traffic detected without corresponding DNS query: 96.108.102.131
Source: unknown	TCP traffic detected without corresponding DNS query: 179.164.136.72
Source: unknown	TCP traffic detected without corresponding DNS query: 77.72.167.234
Source: unknown	TCP traffic detected without corresponding DNS query: 165.168.215.61
Source: unknown	TCP traffic detected without corresponding DNS query: 141.27.170.247
Source: unknown	TCP traffic detected without corresponding DNS query: 17.212.117.49
Source: unknown	TCP traffic detected without corresponding DNS query: 27.245.216.119
Source: unknown	TCP traffic detected without corresponding DNS query: 19.145.18.49
Source: unknown	TCP traffic detected without corresponding DNS query: 92.26.49.250
Source: unknown	TCP traffic detected without corresponding DNS query: 18.68.118.213
Source: unknown	TCP traffic detected without corresponding DNS query: 102.43.167.103
Source: unknown	TCP traffic detected without corresponding DNS query: 167.254.41.62
Source: unknown	TCP traffic detected without corresponding DNS query: 61.116.15.47
Source: unknown	TCP traffic detected without corresponding DNS query: 62.184.154.196
Source: unknown	TCP traffic detected without corresponding DNS query: 151.200.124.127
Source: unknown	TCP traffic detected without corresponding DNS query: 35.88.69.102
Source: unknown	TCP traffic detected without corresponding DNS query: 211.133.57.72
Source: unknown	TCP traffic detected without corresponding DNS query: 90.126.251.34
Source: unknown	TCP traffic detected without corresponding DNS query: 217.251.150.207
Source: unknown	TCP traffic detected without corresponding DNS query: 208.5.195.98
Source: unknown	TCP traffic detected without corresponding DNS query: 196.177.153.104

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	SIGKILL sent: pid: 940, result: successful			Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	SIGKILL sent: pid: 940, result: successful			Jump to behavior

Source: classification engine

Classification label: mal68.troj.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)	File opened: /proc/928/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/791/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/794/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/853/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/661/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/782/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/940/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/888/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/725/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/769/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/806/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/807/fd	Jump to behavior
Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)	File opened: /proc/928/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45072
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45076
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45084
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45096
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45106
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45114
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45116
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45128
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45136
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45138
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38268
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38270
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38276
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38282
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38284
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38288
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38300
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38308
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38312
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38320
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38324
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38336
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38344
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38382
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38388
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38436
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38446
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38450
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38462
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38468
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38474
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44126
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44146
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44148
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44154
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44156
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44164
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44188
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44190
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44196
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44216
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44230
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44240
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44286
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44296
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44298
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44302
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44304
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44316
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44330
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44340
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44366
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 44372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38912
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38920
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38924
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 38930
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59020
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59038
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59118
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59130
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59238

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)

Queries kernel information via 'uname':

Jump to behavior

Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/IJB2Ub1KkE.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/IJB2Ub1KkE.elf
Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmp	Binary or memory string: 7V5!/etc/qemu-binfmt/sh4

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	1303230
Product:	CloudBasic
Start time:	05:49:10
Start date:	05.09.2023
Sample:	IJB2Ub1KkE.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	4cb948a32c4ef20b6d74006938218277
SHA1:	8997b6216a149c550f86df86a8aad5c939594ff0
SHA256:	9ef61be75e7275c7fa42c1e68c533332bb580bcba297097cf230cacd8aa2298b
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
IJB2Ub1KkE.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report IJB2Ub1KkE.elf

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
IJB2Ub1KkE.elf

Malware Threat Intel
Provided by