Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
IJB2Ub1KkE.elf

Overview

General Information

Sample Name:IJB2Ub1KkE.elf
Original Sample Name:4cb948a32c4ef20b6d74006938218277.elf
Analysis ID:1303230
MD5:4cb948a32c4ef20b6d74006938218277
SHA1:8997b6216a149c550f86df86a8aad5c939594ff0
SHA256:9ef61be75e7275c7fa42c1e68c533332bb580bcba297097cf230cacd8aa2298b
Tags:32elfmirairenesas
Infos:

Detection

Mirai
Score:68
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1303230
Start date and time:2023-09-05 05:49:10 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 9m 48s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:IJB2Ub1KkE.elf
Original Sample Name:4cb948a32c4ef20b6d74006938218277.elf
Detection:MAL
Classification:mal68.troj.linELF@0/0@2/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100

Runtime Messages

Command:/tmp/IJB2Ub1KkE.elf
PID:5493
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Follow twitter.com/1337Wicked
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: IJB2Ub1KkE.elfAvira: detected
    Multi AV Scanner detection for submitted file
    Source: IJB2Ub1KkE.elfReversingLabs: Detection: 63%
    Source: IJB2Ub1KkE.elfVirustotal: Detection: 63%Perma Link

    Networking

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45066
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45070
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45072
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45076
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45078
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45080
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45084
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45086
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45088
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45090
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45094
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45100
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45096
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45106
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45108
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45112
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45114
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45116
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45124
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45126
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45128
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45132
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45136
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45138
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45142
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45148
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45154
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38268
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38270
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38276
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38282
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38284
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38288
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38300
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38308
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38312
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38320
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38324
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38336
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38344
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38382
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38400
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38406
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38436
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38442
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38446
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38450
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38454
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38462
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38466
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38468
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38472
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38468
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38474
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44126
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44134
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44140
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44148
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44154
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44156
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44164
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44170
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44188
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44196
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44202
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44206
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44216
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44224
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44230
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44240
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44286
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44298
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44316
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44330
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44340
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44366
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38904
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38924
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38930
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59038
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59048
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59068
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59130
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59238
    Source: global trafficTCP traffic: 192.168.2.14:44500 -> 94.158.247.27:1024
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 136.28.115.98:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 4.26.127.105:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 149.1.133.36:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 165.168.215.61:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 102.43.167.103:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.216.126.186:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 177.233.182.165:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 130.173.97.5:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.5.46.77:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 205.56.238.91:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 63.3.232.70:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 41.224.159.159:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 44.195.52.93:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 222.113.43.21:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 146.248.17.48:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 200.129.24.5:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 51.170.116.12:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 210.148.232.90:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 185.110.74.189:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 135.182.94.12:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 140.85.120.40:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 146.119.124.175:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 176.225.203.229:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.1.151.83:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.188.1.47:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 14.68.89.228:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 125.141.181.224:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 222.162.186.7:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 87.0.168.129:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 141.30.18.219:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 120.92.214.127:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 88.144.20.77:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 92.75.129.186:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.166.86.152:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 38.165.34.120:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 178.123.101.137:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.84.92.51:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 81.96.235.131:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 131.90.203.62:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.97.200.165:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 119.94.225.106:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 4.155.116.99:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 43.66.165.60:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 64.51.11.97:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 170.167.13.128:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 186.112.68.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 40.226.248.49:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 188.185.58.167:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 63.138.62.123:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 216.108.0.164:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 79.238.98.154:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 164.224.233.29:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 86.152.228.10:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 17.31.217.65:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.72.68.227:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 35.151.251.4:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 51.45.42.70:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 210.21.196.231:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 92.163.88.72:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 178.42.74.81:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 200.47.46.236:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 168.52.133.157:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 174.96.165.13:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 201.50.79.99:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 196.68.132.230:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 93.153.97.236:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 108.52.84.239:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 17.252.115.210:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 64.215.52.16:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 160.93.176.145:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.7.241.39:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 40.190.204.219:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 183.60.221.193:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 129.38.54.106:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 205.117.29.164:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 155.55.24.33:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 118.58.157.144:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 175.185.25.237:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 120.33.204.92:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 14.8.31.218:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 80.230.175.160:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 5.176.172.61:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 58.82.50.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 212.212.45.181:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 193.130.231.74:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 103.225.197.40:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.203.113.80:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 14.168.76.33:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 80.69.226.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.23.1.176:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 48.53.138.23:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 153.173.232.77:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 116.71.62.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 20.187.134.216:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.141.115.13:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 156.121.100.200:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 49.100.209.84:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 174.61.62.123:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 111.47.63.224:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 5.192.231.166:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 80.186.201.31:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 199.59.254.105:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 113.168.63.156:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 24.154.1.255:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 71.6.247.65:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 12.151.75.159:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 107.186.148.155:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 200.75.169.103:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 68.212.85.93:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.207.164.115:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 126.80.233.201:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 19.8.121.177:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 49.206.49.126:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 24.236.232.102:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 165.130.70.137:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 194.228.43.15:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 97.93.94.202:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 193.105.174.39:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 8.227.85.238:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 211.115.38.88:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 217.7.165.213:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 211.237.14.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 99.174.102.229:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 201.201.250.180:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 20.108.163.148:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 218.16.83.121:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 223.62.131.207:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 219.215.199.201:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 1.35.47.173:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 157.208.54.70:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.185.19.240:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 142.109.198.238:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 216.229.144.109:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 188.18.19.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 80.63.15.206:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.120.252.84:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 94.187.188.123:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 74.250.127.254:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.216.111.107:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 149.166.201.246:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.152.138.150:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.4.19.157:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 170.6.5.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 71.80.211.110:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 208.79.230.182:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 23.168.126.194:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 121.201.123.75:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 209.249.201.121:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 38.86.175.29:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 60.21.156.19:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 137.180.185.58:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 126.247.71.82:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 147.52.97.100:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 66.199.14.61:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 99.27.40.255:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 136.36.100.226:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 118.26.243.142:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 1.177.231.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 50.178.230.140:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 54.227.172.94:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.44.127.215:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 202.2.106.166:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 107.12.170.210:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 148.12.220.206:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 124.31.200.182:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 23.57.35.229:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 2.150.179.116:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 132.128.59.217:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 119.142.141.31:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 120.182.107.187:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 213.58.90.157:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 173.230.166.6:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.62.102.178:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 123.183.255.46:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 27.6.136.255:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 189.239.55.128:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 151.254.163.67:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.85.49.243:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 98.211.49.182:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 150.187.190.76:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 62.90.7.208:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 99.204.17.15:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 1.210.17.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 31.136.167.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 37.162.133.99:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 143.103.112.136:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 175.109.156.136:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 102.72.194.133:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 8.228.67.41:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 115.132.148.57:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 27.226.204.5:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 196.45.81.178:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 222.71.124.0:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 151.118.115.246:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 213.230.74.218:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 8.30.199.242:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 62.41.52.193:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 110.186.253.15:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.107.137.61:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 222.57.172.154:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 66.116.118.230:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 115.89.31.185:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 1.203.105.105:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 70.174.94.128:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 201.56.184.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 150.78.103.64:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 42.52.249.16:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 97.216.91.218:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 46.89.189.73:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 57.208.172.4:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 185.217.243.242:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 199.3.197.167:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 130.222.98.169:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 53.251.148.90:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 39.161.227.253:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 85.178.41.253:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 145.210.122.199:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 25.32.101.50:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 151.101.255.206:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 111.71.126.122:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 141.35.62.252:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 99.184.120.167:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 161.20.230.122:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 137.132.151.13:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 212.141.209.86:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 57.231.156.166:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 58.97.227.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 200.254.206.169:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 121.50.204.65:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 45.153.190.83:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 1.243.7.157:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 188.26.137.213:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 206.126.169.128:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.96.151.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 124.7.152.149:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 103.62.205.42:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 176.46.167.191:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.176.89.35:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 87.163.73.36:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 94.0.54.177:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 219.64.16.109:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 107.80.213.134:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.9.222.210:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 47.216.110.245:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 128.38.172.223:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 212.129.105.240:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 138.21.245.6:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 51.235.34.178:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 87.69.102.162:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 202.243.182.75:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 177.107.87.245:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 49.214.164.216:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 204.99.109.48:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 199.139.164.154:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 2.160.6.115:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 41.39.238.47:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 81.96.209.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 219.104.221.76:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 143.5.223.201:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.181.139.68:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 72.173.10.11:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 138.213.142.79:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 217.171.31.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 144.62.205.80:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 175.255.9.239:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 222.29.48.178:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 70.167.215.32:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 115.118.14.253:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 102.17.164.65:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.76.252.98:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 194.214.121.108:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.11.120.152:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 185.87.167.52:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 24.216.249.177:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 140.122.220.103:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 118.105.63.170:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.30.64.163:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 51.239.48.55:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 139.180.5.18:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 134.154.2.27:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 2.125.194.254:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 190.136.51.249:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 223.254.180.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.104.135.98:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 44.85.0.6:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.186.242.122:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 81.185.202.119:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 72.49.72.167:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 197.204.177.95:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 45.154.150.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.101.53.209:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 32.122.5.147:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 163.18.156.189:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 190.236.198.221:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 160.214.224.234:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 144.234.147.76:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 204.217.157.210:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 98.240.207.195:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 155.99.100.133:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 52.132.110.231:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 189.108.212.116:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 86.55.127.145:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 19.240.20.49:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 40.80.182.251:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 103.174.16.61:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 31.102.253.74:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 212.57.222.124:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 102.157.29.161:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 8.162.226.0:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 2.137.95.20:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 158.6.110.219:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 160.93.104.135:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 109.118.183.178:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 129.20.196.248:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 50.66.183.126:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 107.100.128.150:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 101.127.192.44:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 20.139.87.152:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 135.106.230.90:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 77.170.6.48:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 39.213.88.168:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.16.139.121:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 46.159.205.88:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 61.212.238.1:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 4.41.174.48:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 39.188.255.254:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 24.167.134.179:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 75.32.240.204:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 126.92.59.251:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 171.10.32.194:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 38.68.33.239:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 62.47.243.146:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 148.28.166.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 68.249.17.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 150.119.249.26:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 91.141.217.44:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 42.93.226.163:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 134.130.83.243:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 41.61.109.138:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 135.180.32.56:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.153.163.235:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 24.53.134.60:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 138.196.251.80:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 43.125.165.64:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 35.212.250.145:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 219.85.124.194:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 161.245.110.15:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 37.63.62.143:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 71.201.128.160:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 167.245.17.111:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 211.163.151.164:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 213.62.255.211:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 5.182.224.205:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 17.64.181.169:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 210.150.252.164:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 158.83.213.21:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 186.17.9.57:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 140.32.223.82:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 14.240.163.130:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 38.41.47.254:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 141.206.41.57:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 187.99.34.143:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 204.173.201.217:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 96.101.175.135:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.227.153.255:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 158.235.239.235:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 198.213.201.228:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 105.181.34.103:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 104.103.190.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 53.28.48.162:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 203.165.100.159:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 17.64.226.24:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 25.130.78.231:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.112.63.73:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 193.165.106.66:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 206.216.241.115:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 218.128.64.35:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 139.236.139.132:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 35.44.90.193:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 148.79.122.46:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 51.89.231.196:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 112.75.146.135:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 42.77.233.126:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 93.235.67.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 73.224.81.152:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 44.130.46.209:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 170.190.207.29:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 210.130.126.106:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 98.139.185.102:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 103.118.29.31:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 197.126.137.34:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 99.42.203.165:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 111.110.248.224:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 88.247.250.20:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 194.175.130.149:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 100.229.226.25:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 149.158.37.168:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 82.238.217.205:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 34.21.132.9:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 168.19.241.193:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 47.146.1.186:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 163.46.119.143:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 193.84.23.181:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.5.211.2:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 174.56.63.212:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 181.184.4.223:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 94.233.16.6:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 130.45.74.237:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 131.134.61.186:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 138.157.139.22:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 213.84.180.146:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.223.113.177:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 107.172.151.151:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 76.233.133.186:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.209.209.133:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 132.72.47.138:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 205.249.11.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 187.237.177.158:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 43.134.214.234:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 142.157.28.251:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 88.182.134.29:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 38.87.71.80:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 220.1.233.245:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 149.6.35.245:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 48.153.112.52:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 188.52.213.25:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 73.94.119.109:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 171.115.235.59:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 50.157.94.168:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 139.39.41.125:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 125.51.40.69:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 95.67.217.16:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 211.169.182.73:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 88.32.127.216:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 102.238.185.53:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 27.153.194.0:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.170.194.158:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 182.70.161.183:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 143.169.147.250:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 175.50.72.132:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 203.84.116.88:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 92.51.161.95:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 174.100.199.175:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 27.136.84.132:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 134.249.240.230:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 166.68.127.13:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 167.23.69.70:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 84.83.151.43:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 181.86.56.242:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 35.154.42.135:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 170.73.8.9:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 156.68.225.199:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 180.65.28.103:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 72.34.70.50:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.45.137.185:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.43.148.222:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 198.182.4.166:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 91.239.68.188:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 150.48.49.93:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 187.135.100.162:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 9.196.11.132:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 219.41.132.242:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 108.154.66.225:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 35.225.114.160:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 189.125.129.132:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 191.76.213.63:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 23.174.35.254:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 88.27.10.253:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 201.16.76.44:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 125.37.212.106:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 206.119.208.122:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 66.190.253.41:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 116.21.58.245:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 136.159.255.3:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 67.154.219.244:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 78.100.56.252:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 207.80.233.217:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 210.143.216.229:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 131.102.43.67:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 184.116.24.213:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 12.7.20.12:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 85.114.204.139:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 81.75.197.35:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 97.23.227.219:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 54.32.112.151:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 168.56.53.213:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 131.14.163.67:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 221.228.189.194:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 32.130.210.41:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 69.7.11.80:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 217.248.30.193:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 110.133.174.134:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 130.147.171.174:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.116.167.231:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 86.37.127.95:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 25.202.241.233:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 118.221.153.206:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 159.125.144.237:2323
    Source: global trafficTCP traffic: 192.168.2.14:6744 -> 202.26.209.188:2323
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)Socket: 127.0.0.1::38273
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)Socket: 0.0.0.0::0
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)Socket: 0.0.0.0::0
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)Socket: 0.0.0.0::53413
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)Socket: 0.0.0.0::80
    Source: unknownDNS traffic detected: queries for: daisy.ubuntu.com
    Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.27
    Source: unknownTCP traffic detected without corresponding DNS query: 136.28.115.98
    Source: unknownTCP traffic detected without corresponding DNS query: 13.146.60.238
    Source: unknownTCP traffic detected without corresponding DNS query: 186.61.217.178
    Source: unknownTCP traffic detected without corresponding DNS query: 201.47.209.130
    Source: unknownTCP traffic detected without corresponding DNS query: 136.194.168.219
    Source: unknownTCP traffic detected without corresponding DNS query: 57.70.141.110
    Source: unknownTCP traffic detected without corresponding DNS query: 24.61.130.223
    Source: unknownTCP traffic detected without corresponding DNS query: 4.26.127.105
    Source: unknownTCP traffic detected without corresponding DNS query: 221.113.193.160
    Source: unknownTCP traffic detected without corresponding DNS query: 146.139.20.130
    Source: unknownTCP traffic detected without corresponding DNS query: 24.142.148.220
    Source: unknownTCP traffic detected without corresponding DNS query: 209.123.155.105
    Source: unknownTCP traffic detected without corresponding DNS query: 185.121.49.15
    Source: unknownTCP traffic detected without corresponding DNS query: 182.249.136.190
    Source: unknownTCP traffic detected without corresponding DNS query: 222.173.106.0
    Source: unknownTCP traffic detected without corresponding DNS query: 158.119.111.69
    Source: unknownTCP traffic detected without corresponding DNS query: 149.1.133.36
    Source: unknownTCP traffic detected without corresponding DNS query: 161.90.156.104
    Source: unknownTCP traffic detected without corresponding DNS query: 117.231.202.112
    Source: unknownTCP traffic detected without corresponding DNS query: 2.193.206.61
    Source: unknownTCP traffic detected without corresponding DNS query: 19.229.65.61
    Source: unknownTCP traffic detected without corresponding DNS query: 14.97.67.24
    Source: unknownTCP traffic detected without corresponding DNS query: 59.182.238.175
    Source: unknownTCP traffic detected without corresponding DNS query: 106.111.37.59
    Source: unknownTCP traffic detected without corresponding DNS query: 40.253.27.200
    Source: unknownTCP traffic detected without corresponding DNS query: 126.188.18.99
    Source: unknownTCP traffic detected without corresponding DNS query: 62.14.0.34
    Source: unknownTCP traffic detected without corresponding DNS query: 205.69.7.0
    Source: unknownTCP traffic detected without corresponding DNS query: 96.108.102.131
    Source: unknownTCP traffic detected without corresponding DNS query: 179.164.136.72
    Source: unknownTCP traffic detected without corresponding DNS query: 77.72.167.234
    Source: unknownTCP traffic detected without corresponding DNS query: 165.168.215.61
    Source: unknownTCP traffic detected without corresponding DNS query: 141.27.170.247
    Source: unknownTCP traffic detected without corresponding DNS query: 17.212.117.49
    Source: unknownTCP traffic detected without corresponding DNS query: 27.245.216.119
    Source: unknownTCP traffic detected without corresponding DNS query: 19.145.18.49
    Source: unknownTCP traffic detected without corresponding DNS query: 92.26.49.250
    Source: unknownTCP traffic detected without corresponding DNS query: 18.68.118.213
    Source: unknownTCP traffic detected without corresponding DNS query: 102.43.167.103
    Source: unknownTCP traffic detected without corresponding DNS query: 167.254.41.62
    Source: unknownTCP traffic detected without corresponding DNS query: 61.116.15.47
    Source: unknownTCP traffic detected without corresponding DNS query: 62.184.154.196
    Source: unknownTCP traffic detected without corresponding DNS query: 151.200.124.127
    Source: unknownTCP traffic detected without corresponding DNS query: 35.88.69.102
    Source: unknownTCP traffic detected without corresponding DNS query: 211.133.57.72
    Source: unknownTCP traffic detected without corresponding DNS query: 90.126.251.34
    Source: unknownTCP traffic detected without corresponding DNS query: 217.251.150.207
    Source: unknownTCP traffic detected without corresponding DNS query: 208.5.195.98
    Source: unknownTCP traffic detected without corresponding DNS query: 196.177.153.104
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)SIGKILL sent: pid: 940, result: successful
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)SIGKILL sent: pid: 940, result: successful
    Source: classification engineClassification label: mal68.troj.linELF@0/0@2/0
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/490/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/791/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/794/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/795/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/797/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/853/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/917/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/780/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/1/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/661/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/782/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/785/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/940/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/767/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/800/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/888/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/801/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/725/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/769/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/726/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/803/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/806/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/807/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5495)File opened: /proc/928/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/490/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/791/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/794/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/795/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/797/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/853/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/917/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/780/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/1/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/661/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/782/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/785/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/940/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/767/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/800/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/888/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/801/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/725/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/769/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/726/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/803/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/806/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/807/fd
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5501)File opened: /proc/928/fd

    Hooking and other Techniques for Hiding and Protection

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45066
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45070
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45072
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45076
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45078
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45080
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45084
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45086
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45088
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45090
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45094
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45100
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45096
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45106
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45108
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45112
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45114
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45116
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45124
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45126
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45128
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45132
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45136
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45138
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45142
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45148
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45154
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38268
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38270
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38276
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38282
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38284
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38288
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38300
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38308
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38312
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38320
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38324
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38336
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38344
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38382
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38388
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38400
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38406
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38436
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38442
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38446
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38450
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38454
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38462
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38466
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38468
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38472
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38468
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38474
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44126
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44134
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44140
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44146
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44148
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44154
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44156
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44164
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44170
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44188
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44190
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44192
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44196
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44202
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44206
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44216
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44224
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44230
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44240
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44286
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44296
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44298
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44302
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44304
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44316
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44330
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44340
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44366
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 44372
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38904
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38908
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38924
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 38930
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59020
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59038
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59048
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59060
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59068
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59130
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59214
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59238
    Source: /tmp/IJB2Ub1KkE.elf (PID: 5493)Queries kernel information via 'uname':
    Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
    Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
    Source: IJB2Ub1KkE.elf, 5493.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00007fff00c18000.00007fff00c39000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00007fff00c18000.00007fff00c39000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/IJB2Ub1KkE.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/IJB2Ub1KkE.elf
    Source: IJB2Ub1KkE.elf, 5493.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5495.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5599.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5615.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5608.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5496.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5598.1.00005637dd9d0000.00005637dda33000.rw-.sdmp, IJB2Ub1KkE.elf, 5502.1.00005637dd9d0000.00005637dda33000.rw-.sdmpBinary or memory string: 7V5!/etc/qemu-binfmt/sh4

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume Access1
    OS Credential Dumping    		11
    Security Software Discovery    		Remote ServicesData from Local SystemExfiltration Over Other Network Medium11
    Non-Standard Port    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
    Non-Application Layer Protocol    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1303230 Sample: IJB2Ub1KkE.elf Startdate: 05/09/2023 Architecture: LINUX Score: 68 42 82.70.221.167 ZEN-ASZenInternet-UKGB United Kingdom 2->42 44 193.38.245.173 XTGLOBALRO unknown 2->44 46 99 other IPs or domains 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected Mirai 2->52 54 Uses known network protocols on non-standard ports 2->54 10 IJB2Ub1KkE.elf 2->10         started        signatures3 process4 process5 12 IJB2Ub1KkE.elf 10->12         started        14 IJB2Ub1KkE.elf 10->14         started        16 IJB2Ub1KkE.elf 10->16         started        process6 18 IJB2Ub1KkE.elf 12->18         started        20 IJB2Ub1KkE.elf 12->20         started        22 IJB2Ub1KkE.elf 14->22         started        24 IJB2Ub1KkE.elf 14->24         started        26 IJB2Ub1KkE.elf 14->26         started        process7 28 IJB2Ub1KkE.elf 18->28         started        30 IJB2Ub1KkE.elf 18->30         started        32 IJB2Ub1KkE.elf 18->32         started        34 IJB2Ub1KkE.elf 22->34         started        36 IJB2Ub1KkE.elf 22->36         started        process8 38 IJB2Ub1KkE.elf 28->38         started        40 IJB2Ub1KkE.elf 28->40         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    IJB2Ub1KkE.elf63%ReversingLabsLinux.Trojan.Mirai
    IJB2Ub1KkE.elf64%VirustotalBrowse
    IJB2Ub1KkE.elf100%AviraEXP/ELF.Mirai.Bootnet.Gen.o

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    daisy.ubuntu.com
    		185.125.188.137
    		truefalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      176.64.125.18
      		unknownSweden
      		1257TELE2EUfalse
      8.191.184.106
      		unknownSingapore
      		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
      95.85.184.203
      		unknownSerbia
      		41897SAT-TRAKT-ASSerbiaRSfalse
      134.233.55.94
      		unknownUnited States
      		531DNIC-AS-00531USfalse
      79.94.10.119
      		unknownFrance
      		15557LDCOMNETFRfalse
      84.235.13.218
      		unknownSaudi Arabia
      		39386STC-IGW-ASSAfalse
      91.71.90.179
      		unknownFrance
      		15557LDCOMNETFRfalse
      191.59.30.120
      		unknownBrazil
      		53037NEXTELTELECOMUNICACOESLTDABRfalse
      146.212.58.107
      		unknownSlovenia
      		21283A1SI-ASA1SlovenijaSIfalse
      146.74.246.103
      		unknownUnited States
      		30051SCCGOVUSfalse
      108.195.224.147
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      82.70.221.167
      		unknownUnited Kingdom
      		13037ZEN-ASZenInternet-UKGBfalse
      182.83.152.20
      		unknownChina
      		23771SXBCTV-APSXBCTVInternetServiceProviderCNfalse
      179.44.30.144
      		unknownVenezuela
      		22927TelefonicadeArgentinaARfalse
      178.81.153.30
      		unknownSaudi Arabia
      		35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
      182.159.32.133
      		unknownJapan4725ODNSoftBankMobileCorpJPfalse
      181.62.19.186
      		unknownColombia
      		10620TelmexColombiaSACOfalse
      175.133.231.226
      		unknownJapan2516KDDIKDDICORPORATIONJPfalse
      93.127.226.11
      		unknownGermany
      		8893ARTFILES-ASZirkusweg1DEfalse
      86.251.252.159
      		unknownFrance
      		3215FranceTelecom-OrangeFRfalse
      93.236.153.202
      		unknownGermany
      		3320DTAGInternetserviceprovideroperationsDEfalse
      154.109.4.240
      		unknownTunisia
      		37693TUNISIANATNfalse
      210.45.218.227
      		unknownChina
      		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
      174.158.74.84
      		unknownUnited States
      		10507SPCSUSfalse
      159.36.214.153
      		unknownUnited States
      		30449AZSTATEUSfalse
      193.38.245.173
      		unknownunknown
      		48095XTGLOBALROfalse
      114.177.133.200
      		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      32.46.254.208
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      160.71.58.113
      		unknownFinland
      		12582TSF-DATANET-NGD-ASTeliaFinlandMPLSVPNServicesFIfalse
      38.127.94.201
      		unknownUnited States
      		395657HOPLITE-ASNUSfalse
      148.142.187.73
      		unknownUnited States
      		3246TDCSONGTele2BusinessTDCSwedenSEfalse
      182.209.214.210
      		unknownKorea Republic of
      		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
      187.134.132.168
      		unknownMexico
      		8151UninetSAdeCVMXfalse
      104.29.0.189
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse
      177.213.50.57
      		unknownBrazil
      		26599TELEFONICABRASILSABRfalse
      89.0.8.154
      		unknownGermany
      		8422NETCOLOGNEDEfalse
      156.146.251.185
      		unknownUnited States
      		1448UNITED-BROADBANDUSfalse
      221.170.13.52
      		unknownJapan2518BIGLOBEBIGLOBEIncJPfalse
      183.44.54.20
      		unknownChina
      		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      161.16.211.75
      		unknownUnited States
      		19512LYONDELLUSfalse
      121.98.36.4
      		unknownNew Zealand
      		9790VOCUSGROUPNZVocusGroupNZfalse
      133.87.23.174
      		unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
      165.251.124.93
      		unknownUnited States
      		6468EASYLINK-AS6468USfalse
      19.82.2.24
      		unknownUnited States
      		3MIT-GATEWAYSUSfalse
      206.9.140.119
      		unknownUnited States
      		5006VOYANTUSfalse
      91.243.156.152
      		unknownSpain
      		12479UNI2-ASESfalse
      173.138.55.152
      		unknownUnited States
      		10507SPCSUSfalse
      85.45.125.176
      		unknownItaly
      		3269ASN-IBSNAZITfalse
      94.76.139.152
      		unknownSpain
      		29119SERVIHOSTING-ASAireNetworksESfalse
      98.67.105.33
      		unknownUnited States
      		11351TWC-11351-NORTHEASTUSfalse
      158.58.137.188
      		unknownItaly
      		35485NETWORK-ASITfalse
      157.148.253.233
      		unknownChina
      		17816CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovifalse
      159.111.168.101
      		unknownUnited States
      		33588BRESNAN-33588USfalse
      186.180.66.223
      		unknownColombia
      		27831ColombiaMovilCOfalse
      43.196.136.81
      		unknownJapan4249LILLY-ASUSfalse
      54.75.118.199
      		unknownUnited States
      		16509AMAZON-02USfalse
      38.198.158.150
      		unknownUnited States
      		174COGENT-174USfalse
      110.7.174.169
      		unknownChina
      		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      181.108.163.110
      		unknownArgentina
      		7303TelecomArgentinaSAARfalse
      200.98.219.216
      		unknownBrazil
      		18479UniversoOnlineSABRfalse
      154.139.176.182
      		unknownEgypt
      		37069MOBINILEGfalse
      72.71.77.95
      		unknownUnited States
      		701UUNETUSfalse
      135.61.120.207
      		unknownUnited States
      		18676AVAYAUSfalse
      152.45.109.45
      		unknownUnited States
      		81NCRENUSfalse
      99.151.3.166
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      159.21.68.105
      		unknownUnited States
      		62195MWH-UK-ASGBfalse
      48.64.241.78
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      90.228.230.195
      		unknownSweden
      		3301TELIANET-SWEDENTeliaCompanySEfalse
      192.58.117.187
      		unknownUnited States
      		1970TAMUS-NETUSfalse
      62.169.240.190
      		unknownGreece
      		25472WIND-ASGRfalse
      46.134.189.11
      		unknownPoland
      		5617TPNETPLfalse
      142.38.158.107
      		unknownCanada
      		3633PROVINCE-OF-BRITISH-COLUMBIACAfalse
      213.115.153.120
      		unknownSweden
      		2119TELENOR-NEXTELTelenorNorgeASNOfalse
      90.80.89.71
      		unknownFrance
      		3215FranceTelecom-OrangeFRfalse
      118.50.89.207
      		unknownKorea Republic of
      		4766KIXS-AS-KRKoreaTelecomKRfalse
      114.60.150.91
      		unknownChina
      		9812CNNIC-CN-COLNETOrientalCableNetworkCoLtdCNfalse
      54.189.236.68
      		unknownUnited States
      		16509AMAZON-02USfalse
      27.94.222.135
      		unknownJapan2516KDDIKDDICORPORATIONJPfalse
      139.65.39.81
      		unknownUnited States
      		9905LINKNET-ID-APLinknetASNIDfalse
      97.121.78.118
      		unknownUnited States
      		209CENTURYLINK-US-LEGACY-QWESTUSfalse
      116.224.242.13
      		unknownChina
      		4812CHINANET-SH-APChinaTelecomGroupCNfalse
      49.109.141.211
      		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
      35.45.46.4
      		unknownUnited States
      		36375UMICH-AS-5USfalse
      87.234.8.171
      		unknownGermany
      		20676PLUSNETDEfalse
      48.92.145.38
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      173.184.189.170
      		unknownUnited States
      		7029WINDSTREAMUSfalse
      180.203.190.167
      		unknownChina
      		9814FIBRLINKBeijingFibrLINKNetworksCoLtdCNfalse
      203.133.111.90
      		unknownTaiwan; Republic of China (ROC)
      		9416MULTIMEDIA-AS-APHoshinMultimediaCenterIncTWfalse
      168.89.166.83
      		unknownSouth Africa
      		3741ISZAfalse
      109.98.17.156
      		unknownRomania
      		9050RTDBucharestRomaniaROfalse
      192.91.253.231
      		unknownUnited States
      		3356LEVEL3USfalse
      160.168.238.214
      		unknownMorocco
      		6713IAM-ASMAfalse
      99.183.148.10
      		unknownUnited States
      		7018ATT-INTERNET4USfalse
      32.202.32.156
      		unknownUnited States
      		2686ATGS-MMD-ASUSfalse
      78.69.183.147
      		unknownSweden
      		3301TELIANET-SWEDENTeliaCompanySEfalse
      149.6.31.174
      		unknownUnited States
      		174COGENT-174USfalse
      108.54.61.23
      		unknownUnited States
      		701UUNETUSfalse
      144.220.240.208
      		unknownUnited States
      		7896NU-ASUSfalse
      164.122.183.106
      		unknownUnited States
      		668DNIC-AS-00668USfalse
      223.4.67.243
      		unknownChina
      		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.853233537919337
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:IJB2Ub1KkE.elf
      File size:56'000 bytes
      MD5:4cb948a32c4ef20b6d74006938218277
      SHA1:8997b6216a149c550f86df86a8aad5c939594ff0
      SHA256:9ef61be75e7275c7fa42c1e68c533332bb580bcba297097cf230cacd8aa2298b
      SHA512:916e598f5a3a05da53b63796649d749c3a1970315b5c6835a155a6f1750bc86086bc4aa16181826bb1938878a199c286ae399d06b7290c892db2f8362aa400e4
      SSDEEP:768:XZame9eieaqteKc/ziVjwtGzdn048K86UwyFN36UVfvrC4CkoHuLC8v+79yfX:JamM33wa2VwtGGwyFN36UVHfQOLC8vl
      TLSH:00438E26C8299D94E10DC634BD784E741B23F00C9626AEF69E8786924053F7CFB993F1
      File Content Preview:.ELF..............*.......@.4...0.......4. ...(...............@...@.x...x...............|...|.A.|.A.t...d...........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:<unknown>
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x4001a0
      Flags:0x9
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:55600
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x4000940x940x300x00x6AX004
      .textPROGBITS0x4000e00xe00xc7000x00x6AX0032
      .finiPROGBITS0x40c7e00xc7e00x240x00x6AX004
      .rodataPROGBITS0x40c8040xc8040xf740x00x2A004
      .ctorsPROGBITS0x41d77c0xd77c0x80x00x3WA004
      .dtorsPROGBITS0x41d7840xd7840x80x00x3WA004
      .dataPROGBITS0x41d7900xd7900x1600x00x3WA004
      .bssNOBITS0x41d8f00xd8f00x2f00x00x3WA004
      .shstrtabSTRTAB0x00xd8f00x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x4000000x4000000xd7780xd7786.89570x5R E0x10000.init .text .fini .rodata
      LOAD0xd77c0x41d77c0x41d77c0x1740x4640.88090x6RW 0x10000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Sep 5, 2023 05:49:57.229567051 CEST445001024192.168.2.1494.158.247.27
      Sep 5, 2023 05:49:57.235985041 CEST67442323192.168.2.14136.28.115.98
      Sep 5, 2023 05:49:57.236079931 CEST674423192.168.2.1479.78.10.41
      Sep 5, 2023 05:49:57.236089945 CEST674423192.168.2.1413.146.60.238
      Sep 5, 2023 05:49:57.236089945 CEST674423192.168.2.14186.61.217.178
      Sep 5, 2023 05:49:57.236135960 CEST674423192.168.2.14201.47.209.130
      Sep 5, 2023 05:49:57.236135960 CEST674423192.168.2.14136.194.168.219
      Sep 5, 2023 05:49:57.236136913 CEST674423192.168.2.14158.210.9.227
      Sep 5, 2023 05:49:57.236140013 CEST674423192.168.2.1457.70.141.110
      Sep 5, 2023 05:49:57.236155987 CEST674423192.168.2.1424.61.130.223
      Sep 5, 2023 05:49:57.236155987 CEST67442323192.168.2.144.26.127.105
      Sep 5, 2023 05:49:57.236183882 CEST674423192.168.2.14221.113.193.160
      Sep 5, 2023 05:49:57.236188889 CEST674423192.168.2.14146.139.20.130
      Sep 5, 2023 05:49:57.236188889 CEST674423192.168.2.1424.142.148.220
      Sep 5, 2023 05:49:57.236191988 CEST674423192.168.2.14209.123.155.105
      Sep 5, 2023 05:49:57.236193895 CEST674423192.168.2.14185.121.49.15
      Sep 5, 2023 05:49:57.236222982 CEST674423192.168.2.14182.249.136.190
      Sep 5, 2023 05:49:57.236226082 CEST674423192.168.2.14222.173.106.0
      Sep 5, 2023 05:49:57.236231089 CEST674423192.168.2.14158.119.111.69
      Sep 5, 2023 05:49:57.236248016 CEST67442323192.168.2.14149.1.133.36
      Sep 5, 2023 05:49:57.236253023 CEST674423192.168.2.14161.90.156.104
      Sep 5, 2023 05:49:57.236262083 CEST674423192.168.2.14117.231.202.112
      Sep 5, 2023 05:49:57.236268044 CEST674423192.168.2.142.193.206.61
      Sep 5, 2023 05:49:57.236289024 CEST674423192.168.2.1419.229.65.61
      Sep 5, 2023 05:49:57.236288071 CEST674423192.168.2.1414.97.67.24
      Sep 5, 2023 05:49:57.236306906 CEST674423192.168.2.1459.182.238.175
      Sep 5, 2023 05:49:57.236306906 CEST674423192.168.2.14106.111.37.59
      Sep 5, 2023 05:49:57.236306906 CEST674423192.168.2.1440.253.27.200
      Sep 5, 2023 05:49:57.236664057 CEST674423192.168.2.14126.188.18.99
      Sep 5, 2023 05:49:57.236661911 CEST674423192.168.2.1462.14.0.34
      Sep 5, 2023 05:49:57.236674070 CEST674423192.168.2.14205.69.7.0
      Sep 5, 2023 05:49:57.236689091 CEST674423192.168.2.1496.108.102.131
      Sep 5, 2023 05:49:57.236699104 CEST674423192.168.2.14179.164.136.72
      Sep 5, 2023 05:49:57.236705065 CEST674423192.168.2.1477.72.167.234
      Sep 5, 2023 05:49:57.236730099 CEST67442323192.168.2.14165.168.215.61
      Sep 5, 2023 05:49:57.236731052 CEST674423192.168.2.14141.27.170.247
      Sep 5, 2023 05:49:57.236737013 CEST674423192.168.2.1417.212.117.49
      Sep 5, 2023 05:49:57.236737013 CEST674423192.168.2.1427.245.216.119
      Sep 5, 2023 05:49:57.236752987 CEST674423192.168.2.1419.145.18.49
      Sep 5, 2023 05:49:57.236752987 CEST674423192.168.2.1492.26.49.250
      Sep 5, 2023 05:49:57.236771107 CEST674423192.168.2.1418.68.118.213
      Sep 5, 2023 05:49:57.236803055 CEST67442323192.168.2.14102.43.167.103
      Sep 5, 2023 05:49:57.236803055 CEST674423192.168.2.14167.254.41.62
      Sep 5, 2023 05:49:57.236803055 CEST674423192.168.2.1461.116.15.47
      Sep 5, 2023 05:49:57.236807108 CEST674423192.168.2.1462.184.154.196
      Sep 5, 2023 05:49:57.236818075 CEST674423192.168.2.14151.200.124.127
      Sep 5, 2023 05:49:57.236819029 CEST674423192.168.2.1435.88.69.102
      Sep 5, 2023 05:49:57.236840963 CEST674423192.168.2.14211.133.57.72
      Sep 5, 2023 05:49:57.236852884 CEST674423192.168.2.1490.126.251.34
      Sep 5, 2023 05:49:57.236859083 CEST674423192.168.2.14217.251.150.207
      Sep 5, 2023 05:49:57.236860037 CEST674423192.168.2.14208.5.195.98
      Sep 5, 2023 05:49:57.236886978 CEST674423192.168.2.14196.177.153.104
      Sep 5, 2023 05:49:57.236886978 CEST67442323192.168.2.14184.216.126.186
      Sep 5, 2023 05:49:57.236916065 CEST674423192.168.2.1491.189.251.154
      Sep 5, 2023 05:49:57.236936092 CEST674423192.168.2.14182.173.97.122
      Sep 5, 2023 05:49:57.236949921 CEST674423192.168.2.14192.225.246.105
      Sep 5, 2023 05:49:57.236953020 CEST674423192.168.2.1472.83.152.88
      Sep 5, 2023 05:49:57.236974001 CEST674423192.168.2.14194.174.181.172
      Sep 5, 2023 05:49:57.236982107 CEST674423192.168.2.14142.210.176.237
      Sep 5, 2023 05:49:57.236989975 CEST674423192.168.2.14132.221.195.3
      Sep 5, 2023 05:49:57.236999989 CEST674423192.168.2.14128.211.97.183
      Sep 5, 2023 05:49:57.237014055 CEST674423192.168.2.14133.187.54.46
      Sep 5, 2023 05:49:57.237016916 CEST674423192.168.2.14216.12.145.57
      Sep 5, 2023 05:49:57.237034082 CEST674423192.168.2.14216.121.168.161
      Sep 5, 2023 05:49:57.237051964 CEST674423192.168.2.1439.66.245.13
      Sep 5, 2023 05:49:57.237098932 CEST674423192.168.2.14126.76.21.178
      Sep 5, 2023 05:49:57.237118006 CEST67442323192.168.2.14177.233.182.165
      Sep 5, 2023 05:49:57.237118006 CEST674423192.168.2.1479.224.98.200
      Sep 5, 2023 05:49:57.237123966 CEST674423192.168.2.14108.150.92.172
      Sep 5, 2023 05:49:57.237124920 CEST674423192.168.2.1470.153.146.110
      Sep 5, 2023 05:49:57.237147093 CEST674423192.168.2.14197.199.106.27
      Sep 5, 2023 05:49:57.237149000 CEST67442323192.168.2.14130.173.97.5
      Sep 5, 2023 05:49:57.237164021 CEST674423192.168.2.1491.160.81.253
      Sep 5, 2023 05:49:57.237214088 CEST674423192.168.2.1470.4.183.61
      Sep 5, 2023 05:49:57.237219095 CEST674423192.168.2.14169.70.74.140
      Sep 5, 2023 05:49:57.237232924 CEST674423192.168.2.14157.63.217.95
      Sep 5, 2023 05:49:57.237253904 CEST674423192.168.2.14213.155.61.175
      Sep 5, 2023 05:49:57.237257004 CEST674423192.168.2.14155.151.96.93
      Sep 5, 2023 05:49:57.237270117 CEST674423192.168.2.1482.221.57.49
      Sep 5, 2023 05:49:57.237278938 CEST674423192.168.2.1417.215.24.160
      Sep 5, 2023 05:49:57.237279892 CEST674423192.168.2.1482.225.40.56
      Sep 5, 2023 05:49:57.237286091 CEST67442323192.168.2.1482.5.46.77
      Sep 5, 2023 05:49:57.237286091 CEST674423192.168.2.144.183.251.174
      Sep 5, 2023 05:49:57.237307072 CEST674423192.168.2.144.46.173.183
      Sep 5, 2023 05:49:57.237332106 CEST674423192.168.2.14163.55.15.41
      Sep 5, 2023 05:49:57.237337112 CEST674423192.168.2.1470.230.196.28
      Sep 5, 2023 05:49:57.237344027 CEST674423192.168.2.1449.13.104.220
      Sep 5, 2023 05:49:57.237344980 CEST674423192.168.2.1461.125.212.117
      Sep 5, 2023 05:49:57.237377882 CEST674423192.168.2.14195.224.93.241
      Sep 5, 2023 05:49:57.237399101 CEST674423192.168.2.14144.141.32.232
      Sep 5, 2023 05:49:57.237410069 CEST67442323192.168.2.14205.56.238.91
      Sep 5, 2023 05:49:57.237435102 CEST674423192.168.2.1443.173.18.7
      Sep 5, 2023 05:49:57.237436056 CEST674423192.168.2.14150.147.191.122
      Sep 5, 2023 05:49:57.237457991 CEST674423192.168.2.1494.65.46.163
      Sep 5, 2023 05:49:57.237481117 CEST674423192.168.2.14110.214.246.243
      Sep 5, 2023 05:49:57.237481117 CEST674423192.168.2.14191.157.76.135
      Sep 5, 2023 05:49:57.237533092 CEST674423192.168.2.14181.12.25.52
      Sep 5, 2023 05:49:57.237526894 CEST674423192.168.2.14104.119.203.13
      Sep 5, 2023 05:49:57.237526894 CEST674423192.168.2.14163.53.169.125
      Sep 5, 2023 05:49:57.237545967 CEST674423192.168.2.1469.36.19.7

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Sep 5, 2023 05:52:38.867073059 CEST192.168.2.141.1.1.10x4e0eStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
      Sep 5, 2023 05:52:38.867162943 CEST192.168.2.141.1.1.10xc038Standard query (0)daisy.ubuntu.com28IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Sep 5, 2023 05:52:38.886113882 CEST1.1.1.1192.168.2.140x4e0eNo error (0)daisy.ubuntu.com185.125.188.137A (IP address)IN (0x0001)false
      Sep 5, 2023 05:52:38.886113882 CEST1.1.1.1192.168.2.140x4e0eNo error (0)daisy.ubuntu.com185.125.188.136A (IP address)IN (0x0001)false

      System Behavior

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:/tmp/IJB2Ub1KkE.elf
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:48
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:48
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:44
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:52:43
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

      General

      Start time:03:49:56
      Start date:05/09/2023
      Path:/tmp/IJB2Ub1KkE.elf
      Arguments:-
      File size:4139976 bytes
      MD5 hash:8943e5f8f8c280467b4472c15ae93ba9