Edit tour

Linux Analysis Report
wsskM49eA3.elf

Overview

General Information

Sample name:	wsskM49eA3.elf renamed because original name is a hash value
Original sample name:	59ccf2f294605b86339ca5d4015c0016.elf
Analysis ID:	1429578
MD5:	59ccf2f294605b86339ca5d4015c0016
SHA1:	0be2e5dddcc1f3e4b28a723e816c1a48abe74970
SHA256:	96adadcb024a8a4e1a6d26d5d61b596ac07fcfff9217eea1b5d8bc61ac137e48
Tags:	32elfintelmirai
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Machine Learning detection for sample

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample tries to kill a process (SIGKILL)

Yara signature match

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1429578
Start date and time:	2024-04-22 12:15:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	wsskM49eA3.elf renamed because original name is a hash value
Original Sample Name:	59ccf2f294605b86339ca5d4015c0016.elf
Detection:	MAL
Classification:	mal64.troj.linELF@0/0@2/0

Runtime Messages

Command:	/tmp/wsskM49eA3.elf
PID:	5603
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	done.
Standard Error:

Process Tree

system is lnxubuntu20

wsskM49eA3.elf (PID: 5603, Parent: 5519, MD5: 59ccf2f294605b86339ca5d4015c0016) Arguments: /tmp/wsskM49eA3.elf

wsskM49eA3.elf New Fork (PID: 5604, Parent: 5603)

wsskM49eA3.elf New Fork (PID: 5605, Parent: 5603)

wsskM49eA3.elf New Fork (PID: 5606, Parent: 5603)

wsskM49eA3.elf New Fork (PID: 5607, Parent: 5603)

wsskM49eA3.elf New Fork (PID: 5608, Parent: 5607)

wsskM49eA3.elf New Fork (PID: 5609, Parent: 5607)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
wsskM49eA3.elf	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
wsskM49eA3.elf	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
wsskM49eA3.elf	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
wsskM49eA3.elf	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
wsskM49eA3.elf	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
wsskM49eA3.elf	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5606.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5607.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5608.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5604.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5603.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_b14f4c5d	unknown	unknown	0x4810:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_0bce98a2	unknown	unknown	0x1041b:$a: 4B 52 41 00 46 47 44 43 57 4E 56 00 48 57 43 4C 56 47 41 4A
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_95e0056c	unknown	unknown	0x1044b:$a: 50 46 00 13 10 11 16 17 00 57 51 47 50 00 52 43 51 51 00 43
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_389ee3e9	unknown	unknown	0xc11c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_cc93863b	unknown	unknown	0xa856:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
5609.1.0000000008048000.000000000805a000.r-x.sdmp	Linux_Trojan_Mirai_8aa7b5d3	unknown	unknown	0x8912:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88
Click to see the 31 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: wsskM49eA3.elf	Virustotal: Detection: 35%			Perma Link
Source: wsskM49eA3.elf	ReversingLabs: Detection: 42%

Machine Learning detection for sample

Source: wsskM49eA3.elf

Joe Sandbox ML: detected

Source: wsskM49eA3.elf

String: 2surf2/proc/self/exebash /proc/%s/exe/wget/tftp/curlsocket/bin/busybox/usr/lib/systemd/systemd/opt/app/monitorusr/mnt/sys/boot/run/media/srv/etc/dev/telnetsshsshdbashhttpdtelnetddropbearencodersystem/z/secom//usr/sbin//usr/lib//var/tmp/wlanconthyd.archyd.x86_64hyd.x86hyd.i686hyd.mpslhyd.mipshyd.armhyd.arm4hyd.arm5hyd.arm6hyd.arm7hyd.ppchyd.spchyd.m68khyd.sh4hyd.xtensahyd.nios2hyd.aarch64hyd.microblazeel/usr/libexec/openssh/sftp-server/proc/proc/%d/cmdlinenetstat/proc/%s/cmdline.//proc//proc/%d/mapssystemd /var/run/mnt/root/var/tmp/boot/.(deleted)/home/proc/net/tcp%*s %08X127.0.0.1Killing process %d

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 91.228.147.116 ports 0,3,5,6,7,56730

Source: global traffic

TCP traffic: 192.168.2.15:36252 -> 91.228.147.116:56730

Source: unknown	TCP traffic detected without corresponding DNS query: 97.251.9.249
Source: unknown	TCP traffic detected without corresponding DNS query: 103.135.76.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.217.245.248
Source: unknown	TCP traffic detected without corresponding DNS query: 179.117.82.71
Source: unknown	TCP traffic detected without corresponding DNS query: 159.220.251.45
Source: unknown	TCP traffic detected without corresponding DNS query: 162.191.236.117
Source: unknown	TCP traffic detected without corresponding DNS query: 107.205.226.241
Source: unknown	TCP traffic detected without corresponding DNS query: 166.221.27.101
Source: unknown	TCP traffic detected without corresponding DNS query: 183.173.5.20
Source: unknown	TCP traffic detected without corresponding DNS query: 73.84.183.160
Source: unknown	TCP traffic detected without corresponding DNS query: 61.162.171.15
Source: unknown	TCP traffic detected without corresponding DNS query: 126.63.63.238
Source: unknown	TCP traffic detected without corresponding DNS query: 222.14.143.131
Source: unknown	TCP traffic detected without corresponding DNS query: 178.50.246.233
Source: unknown	TCP traffic detected without corresponding DNS query: 17.124.138.124
Source: unknown	TCP traffic detected without corresponding DNS query: 178.226.2.38
Source: unknown	TCP traffic detected without corresponding DNS query: 60.223.118.87
Source: unknown	TCP traffic detected without corresponding DNS query: 109.89.63.123
Source: unknown	TCP traffic detected without corresponding DNS query: 34.122.151.145
Source: unknown	TCP traffic detected without corresponding DNS query: 167.121.200.224
Source: unknown	TCP traffic detected without corresponding DNS query: 52.212.0.193
Source: unknown	TCP traffic detected without corresponding DNS query: 141.93.205.36
Source: unknown	TCP traffic detected without corresponding DNS query: 170.20.88.207
Source: unknown	TCP traffic detected without corresponding DNS query: 184.39.22.82
Source: unknown	TCP traffic detected without corresponding DNS query: 161.224.18.189
Source: unknown	TCP traffic detected without corresponding DNS query: 183.45.75.132
Source: unknown	TCP traffic detected without corresponding DNS query: 70.237.113.142
Source: unknown	TCP traffic detected without corresponding DNS query: 85.161.194.88
Source: unknown	TCP traffic detected without corresponding DNS query: 186.234.142.202
Source: unknown	TCP traffic detected without corresponding DNS query: 147.230.111.243
Source: unknown	TCP traffic detected without corresponding DNS query: 217.199.83.165
Source: unknown	TCP traffic detected without corresponding DNS query: 159.138.131.51
Source: unknown	TCP traffic detected without corresponding DNS query: 183.247.58.60
Source: unknown	TCP traffic detected without corresponding DNS query: 93.77.43.78
Source: unknown	TCP traffic detected without corresponding DNS query: 95.118.106.84
Source: unknown	TCP traffic detected without corresponding DNS query: 120.30.90.211
Source: unknown	TCP traffic detected without corresponding DNS query: 66.235.160.232
Source: unknown	TCP traffic detected without corresponding DNS query: 142.177.79.17
Source: unknown	TCP traffic detected without corresponding DNS query: 108.137.148.239
Source: unknown	TCP traffic detected without corresponding DNS query: 182.43.70.114
Source: unknown	TCP traffic detected without corresponding DNS query: 221.82.155.108
Source: unknown	TCP traffic detected without corresponding DNS query: 60.123.132.147
Source: unknown	TCP traffic detected without corresponding DNS query: 139.150.227.124
Source: unknown	TCP traffic detected without corresponding DNS query: 79.252.4.99
Source: unknown	TCP traffic detected without corresponding DNS query: 84.11.52.65
Source: unknown	TCP traffic detected without corresponding DNS query: 111.65.61.217
Source: unknown	TCP traffic detected without corresponding DNS query: 63.232.218.248
Source: unknown	TCP traffic detected without corresponding DNS query: 160.228.106.42
Source: unknown	TCP traffic detected without corresponding DNS query: 132.157.234.252
Source: unknown	TCP traffic detected without corresponding DNS query: 139.239.81.62

Source: unknown

DNS traffic detected: queries for: daisy.ubuntu.com

System Summary

Malicious sample detected (through community Yara rule)

Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: 2surf2/proc/self/exebash /proc/%s/exe/wget/tftp/curlsocket/bin/busybox/usr/lib/systemd/systemd/opt/app/monitorusr/mnt/sys/boot/run/media/srv/etc/dev/telnetsshsshdbashhttpdtelnetddropbearencodersystem/z/secom//usr/sbin//usr/lib//var/tmp/wlanconthyd.archyd.x86_64hyd.x86hyd.i686hyd.mpslhyd.mipshyd.armhyd.arm4hyd.arm5hyd.arm6hyd.arm7hyd.ppchyd.spchyd.m68khyd.sh4hyd.xtensahyd.nios2hyd.aarch64hyd.microblazeel/usr/libexec/openssh/sftp-server/proc/proc/%d/cmdlinenetstat/proc/%s/cmdline.//proc//proc/%d/mapssystemd /var/run/mnt/root/var/tmp/boot/.(deleted)/home/proc/net/tcp%*s %08X127.0.0.1Killing process %d

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/wsskM49eA3.elf (PID: 5605)	SIGKILL sent: pid: 5604, result: successful	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	SIGKILL sent: pid: 5606, result: successful	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	SIGKILL sent: pid: 5607, result: successful	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	SIGKILL sent: pid: 5608, result: successful	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	SIGKILL sent: pid: 5609, result: successful	Jump to behavior

Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: wsskM49eA3.elf, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5606.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5607.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5608.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5604.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5603.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_95e0056c reference_sample = 45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a2550fdd2625f85050cfe53159858207a79e8337412872aaa7b4627b13cb6c94, id = 95e0056c-bc07-42cf-89ab-6c0cde3ccc8a, last_modified = 2021-09-16
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5609.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26

Source: classification engine

Classification label: mal64.troj.linELF@0/0@2/0

Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/110/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/110/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/231/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/231/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/111/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/111/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/112/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/112/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/233/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/233/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/113/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/113/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/114/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/114/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/235/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/235/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/115/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/115/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1333/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1333/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/116/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/116/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1695/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1695/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/117/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/117/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/118/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/118/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/119/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/119/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/911/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/911/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/914/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/10/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/10/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/917/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/11/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/11/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/12/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/12/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/13/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/13/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/14/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/14/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/15/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/15/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/16/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/16/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/17/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/17/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/18/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/18/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/19/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/19/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1591/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1591/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/120/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/120/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/121/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/121/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/122/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/122/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/243/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/243/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/2/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/2/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/123/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/123/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/3/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/3/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/124/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/124/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1588/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/125/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/125/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/4/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/4/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/246/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/246/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/126/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/126/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/5/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/5/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/127/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/127/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/6/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/6/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1585/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/1585/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/128/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/128/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/7/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/7/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/129/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/129/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/8/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/8/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/9/maps	Jump to behavior
Source: /tmp/wsskM49eA3.elf (PID: 5605)	File opened: /proc/9/cmdline	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	Path Interception	Direct Volume Access	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
wsskM49eA3.elf	35%	Virustotal		Browse
wsskM49eA3.elf	42%	ReversingLabs	Linux.Trojan.Mirai
wsskM49eA3.elf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
42.156.254.168	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
81.49.108.252	unknown	France	3215	FranceTelecom-OrangeFR	false
108.156.143.196	unknown	United States	16509	AMAZON-02US	false
186.234.142.202	unknown	Brazil	7162	UniversoOnlineSABR	false
178.109.130.69	unknown	United Kingdom	12576	EELtdGB	false
131.242.51.136	unknown	Australia	9650	CITEC-AU-APQLDGovernmentBusinessITAU	false
109.98.66.195	unknown	Romania	9050	RTDBucharestRomaniaRO	false
139.91.2.111	unknown	Greece	8522	FORTH-ASGR	false
160.146.176.129	unknown	United States	5953	DNIC-ASBLK-05800-06055US	false
48.54.243.157	unknown	United States	2686	ATGS-MMD-ASUS	false
93.86.41.53	unknown	Serbia	8400	TELEKOM-ASRS	false
32.205.243.218	unknown	United States	2686	ATGS-MMD-ASUS	false
142.177.79.17	unknown	Canada	855	CANET-ASN-4CA	false
27.187.152.126	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
113.129.36.183	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
219.153.98.147	unknown	China	134420	CHINATELECOM-CHONGQING-IDCChongqingTelecomCN	false
80.236.252.137	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
139.239.81.62	unknown	United States	1462	DNIC-ASBLK-01462-01463US	false
72.176.112.170	unknown	United States	11427	TWC-11427-TEXASUS	false
39.218.57.253	unknown	Indonesia	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
217.155.142.63	unknown	United Kingdom	13037	ZEN-ASZenInternet-UKGB	false
141.33.226.28	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
141.6.47.136	unknown	Germany	15495	BASF-IT-SERVICESDE	false
124.105.19.108	unknown	Philippines	9299	IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH	false
20.192.103.239	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
39.26.17.88	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
59.227.21.250	unknown	China	2516	KDDIKDDICORPORATIONJP	false
221.82.155.108	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
36.245.218.102	unknown	Japan	37903	EMOBILEYmobileCorporationJP	false
80.120.237.129	unknown	Austria	8447	TELEKOM-ATA1TelekomAustriaAGAT	false
130.199.62.88	unknown	United States	43	BNL-ASUS	false
63.57.185.160	unknown	United States	701	UUNETUS	false
164.244.193.242	unknown	United States	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
81.135.64.218	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
114.63.212.66	unknown	China	9812	CNNIC-CN-COLNETOrientalCableNetworkCoLtdCN	false
140.134.200.162	unknown	Taiwan; Republic of China (ROC)	1659	ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC	false
161.31.161.4	unknown	United States	40581	AREON-ASUS	false
1.104.79.246	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
51.204.64.235	unknown	United States	2686	ATGS-MMD-ASUS	false
2.18.165.112	unknown	European Union	16625	AKAMAI-ASUS	false
24.215.239.188	unknown	United States	12271	TWC-12271-NYCUS	false
132.157.234.252	unknown	Peru	21575	ENTELPERUSAPE	false
57.109.192.81	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
131.150.52.165	unknown	United States	7843	TWC-7843-BBUS	false
202.125.69.20	unknown	Bangladesh	17471	CYBERNET-BD-ASGrameenCybernetLtdBangladeshASforloca	false
186.112.246.251	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
192.106.110.86	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
196.119.39.156	unknown	Morocco	36925	ASMediMA	false
83.135.94.213	unknown	Germany	8881	VERSATELDE	false
168.9.90.3	unknown	United States	18838	DCSSGAUS	false
193.160.133.72	unknown	Norway	202120	COMSAVE-ASNL	false
185.6.69.47	unknown	Germany	44700	HAENDLEKORTE-ASDE	false
210.90.15.43	unknown	Korea Republic of	17841	NCIA-AS-KRNATIONALINFORMATIONRESOURCESSERVICEKR	false
86.157.114.162	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
222.24.48.4	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
222.14.143.131	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
102.7.212.114	unknown	unknown	36926	CKL1-ASNKE	false
193.180.134.170	unknown	Sweden	25176	AC-NETSE	false
69.68.135.62	unknown	United States	4282	CENTURYLINK-TSDS-FLFTMYUS	false
47.169.39.191	unknown	United States	5650	FRONTIER-FRTRUS	false
104.45.127.220	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
8.30.32.42	unknown	United States	32308	8X8-ASUS	false
25.119.72.90	unknown	United Kingdom	7922	COMCAST-7922US	false
45.224.97.84	unknown	Ecuador	264668	NEDETELSAEC	false
118.116.207.128	unknown	China	139220	CHINANET-SICHUAN-CHUANXI-IDCSichuanChuanxnIDCCN	false
91.228.147.116	unknown	Ukraine	28907	MIROHOSTWebhostingdatacenteranddomainnamesregistrati	true
17.203.144.208	unknown	United States	714	APPLE-ENGINEERINGUS	false
195.133.89.28	unknown	Russian Federation	41082	URALTRANSCOM-ASUA	false
142.29.206.162	unknown	Canada	3633	PROVINCE-OF-BRITISH-COLUMBIACA	false
41.179.49.187	unknown	Egypt	24863	LINKdotNET-ASEG	false
195.52.206.232	unknown	Germany	12312	ECOTELDE	false
135.60.228.60	unknown	United States	18676	AVAYAUS	false
43.142.103.144	unknown	Japan	4249	LILLY-ASUS	false
223.237.30.44	unknown	India	45609	BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService	false
182.55.164.152	unknown	Singapore	55430	STARHUB-NGNBNStarhubLtdSG	false
104.164.219.14	unknown	United States	18779	EGIHOSTINGUS	false
52.38.55.159	unknown	United States	16509	AMAZON-02US	false
149.115.106.189	unknown	United States	13693	NTS-ONLINEUS	false
212.101.125.9	unknown	Turkey	199484	BETAINTERNATIONALTR	false
70.237.113.142	unknown	United States	7018	ATT-INTERNET4US	false
185.216.201.241	unknown	Germany	46261	QUICKPACKETUS	false
171.247.84.13	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
52.174.40.233	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
155.201.186.85	unknown	United States	20426	PWC-ASUS	false
102.161.163.158	unknown	Mauritius	30999	EMTEL-AS-APMU	false
34.72.179.158	unknown	United States	15169	GOOGLEUS	false
57.40.209.60	unknown	Belgium	2686	ATGS-MMD-ASUS	false
122.223.42.54	unknown	Japan	2519	VECTANTARTERIANetworksCorporationJP	false
154.25.118.144	unknown	United States	174	COGENT-174US	false
73.84.183.160	unknown	United States	7922	COMCAST-7922US	false
89.80.244.147	unknown	France	5410	BOUYGTEL-ISPFR	false
218.148.126.50	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
139.190.162.212	unknown	United Kingdom	38547	WITRIBE-AS-APWITRIBEPAKISTANLIMITEDPK	false
75.173.17.50	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
91.125.185.26	unknown	United Kingdom	6871	PLUSNETUKInternetServiceProviderGB	false
169.93.81.200	unknown	United States	37611	AfrihostZA	false
162.37.90.189	unknown	United States	35893	ACPCA	false
120.34.124.233	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
79.141.197.160	unknown	France	8362	20rueDenisPapinFR	false
196.144.133.60	unknown	Egypt	36935	Vodafone-EG	false

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	jPLqxoxi1w.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	dI3tFWyJ6d.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	OO1vDl4L4r.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	tB42BIvqlr.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	kFpCQq6szE.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	Caa2tySjUN.elf	Get hash	malicious	Gafgyt	Browse	162.213.35.25
	tajma.mpsl-20240422-0539.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	tajma.x86_64-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	tajma.mips-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	tajma.arm-20240422-0536.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	jPLqxoxi1w.elf	Get hash	malicious	Mirai	Browse	139.240.157.240
	aQvU3QHA3N.elf	Get hash	malicious	Unknown	Browse	101.134.43.250
	42EYULJ8y1.elf	Get hash	malicious	Mirai	Browse	121.41.202.249
	tajma.x86-20240422-0535.elf	Get hash	malicious	Mirai, Okiru	Browse	39.102.175.240
	SecuriteInfo.com.FileRepMalware.6915.17186.exe	Get hash	malicious	Unknown	Browse	106.14.81.150
	SecuriteInfo.com.FileRepMalware.6915.17186.exe	Get hash	malicious	Unknown	Browse	106.14.81.150
	Y98pGn3FUt.elf	Get hash	malicious	Mirai	Browse	101.135.57.228
	WCcNzb83Y3.exe	Get hash	malicious	CobaltStrike	Browse	47.120.39.182
	mCS7AR9pKm.elf	Get hash	malicious	Mirai, Okiru	Browse	8.156.94.142
	http://www.sushi-idea.com	Get hash	malicious	Unknown	Browse	59.82.121.97
UniversoOnlineSABR	http://www.indeks.pt/	Get hash	malicious	Unknown	Browse	200.147.4.47
	E0sl4ONdra.elf	Get hash	malicious	Mirai	Browse	200.98.219.211
	la.bot.arm7.elf	Get hash	malicious	Mirai	Browse	200.98.180.36
	xQwEu422am.elf	Get hash	malicious	Mirai	Browse	200.98.179.20
	huhu.mpsl.elf	Get hash	malicious	Mirai, Okiru	Browse	200.98.220.157
	SecuriteInfo.com.Win32.Evo-gen.23836.28931.exe	Get hash	malicious	Unknown	Browse	200.147.35.207
	SecuriteInfo.com.Win32.Evo-gen.23836.28931.exe	Get hash	malicious	Unknown	Browse	200.147.35.207
	3rOSHAZ6SC.elf	Get hash	malicious	Mirai	Browse	200.221.105.223
	ngZVdu9k3p.elf	Get hash	malicious	Mirai	Browse	200.147.241.218
	1208819601.exe	Get hash	malicious	Unknown	Browse	200.98.94.238
FranceTelecom-OrangeFR	tajma.arm7-20240422-0539.elf	Get hash	malicious	Mirai, Okiru	Browse	83.194.238.219
	EgLiYySziA.elf	Get hash	malicious	Mirai, Okiru	Browse	92.149.191.112
	b3astmode.x86.elf	Get hash	malicious	Unknown	Browse	109.218.10.129
	sZyq3DvYmc.elf	Get hash	malicious	Mirai	Browse	129.182.162.130
	tajma.arm7-20240421-1029.elf	Get hash	malicious	Mirai, Okiru	Browse	90.119.151.28
	YKTNuK117e.exe	Get hash	malicious	Njrat	Browse	83.196.78.85
	JdnjRc1VGX.elf	Get hash	malicious	Mirai	Browse	86.199.95.91
	H6ccnU1094.elf	Get hash	malicious	Mirai, Okiru	Browse	83.115.239.3
	9IseFevRH6.elf	Get hash	malicious	Mirai	Browse	109.211.102.134
	BzmhHwFpCV.elf	Get hash	malicious	Mirai	Browse	90.13.203.111
AMAZON-02US	jPLqxoxi1w.elf	Get hash	malicious	Mirai	Browse	52.222.196.118
	dI3tFWyJ6d.elf	Get hash	malicious	Mirai	Browse	108.150.4.174
	aQvU3QHA3N.elf	Get hash	malicious	Unknown	Browse	18.236.14.150
	SecuriteInfo.com.Win64.Evo-gen.21575.16188.exe	Get hash	malicious	Python Stealer, Monster Stealer	Browse	18.230.76.116
	http://www.blindgifthate.sa.com/ykihrabu/jbfcdwmhs3663abhjj/TI9CoAbsa45o4OGHN76mykzGVOmjjmAqisj5bnGXtxk/QsrceDcgb2PLDfYqvtVO8PWEvzs-rzaZd0h8Kd799UCOgPZmzKrZcJ8a7B4swzsjaoRhIr2uYEImfmwVp4h4VA	Get hash	malicious	Unknown	Browse	13.226.225.8
	https://www.sigtn.com/utils/emt.cfm?client_id=9195153&campaign_id=73466&link=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s/dXBuPXUwMDEucklvcWRaR1R1SGJzNzQ0S21jWTQzbm9GN25FNXlXdTZFcUlEQ1JQVW5LVlRsVDF5N0p0RTVORGVVSmxOU254Uk82V2lWVzB6akF4aVNnRXQ4S0dzZUdDb3N4OE9CV0tIQ1VyMmlaRXQ0LTJCM2EtMkZuWXhLOHNYNW1IZ0ZPZFd1VHpnUmNyMHdMYk52c0NadXktMkZiSXRoVDI4bi0yRjdCUy0yQmVINGxDRVExVTQxQU5xSS0zRFhBa0FfdWpTUjJaZ1VvcFZ3R0Y1eWNMcm5nS0Y1andZVnZoMHVzbGExV2Z5ZUs2QXJvYzFDOXFaY3NKZHlBVHNhVnFnZmxkNjlSOE1FQ3J6dHdtVUw5QkliUXRiM1VjUEwxanplbGNyNG1jZGFhdlZNZFE0ejA0ZHFqRC0yRkR4RVlVV1lLM3BjNTBsREpndVd5Z0NZMEZ2LTJGdG9kUkpjSzNjRlYwcDdMYS0yQlh1NjRveEtqVkpFUkV3WGJSekN0dTlZazJBSmgwQVVNeUxiOTVXWlBiTmxOQjlmTXRhbm41aDY2eDByMm5nR2k5QmJkLTJCdWd1Ync2Z092blJheXlKLTJGYXB3eHBSSHpxZHZER21pREhpR09kemxvQVRJQWkxMWR5ZWhpazY3NDRzQ2E3dzl0MWZqU2JvTWpXd1dvdXlVaDJPd0VyLTJCOHJDZTB1VjF6clJDTi0yQjh6Z2R4Y1JibkZ1a3JtNGVJbU5WQUJnSFMtMkZ1S2RrUDdrZkUxUm9PWlVGdWU3bzZkLTJGY3FpMUx2VXVpbW9VbmxzMjRseXRVQzNQdUpiOVlDZ0Zoc29LRlZOMUxvZXloOFFGTERUaEN4VjE5UC0yRmxCWTRpZURUI2NzaGVwcGFyZEBtb29nLmNvbQ==	Get hash	malicious	Unknown	Browse	3.163.115.58
	P84GQvkQhC.elf	Get hash	malicious	Unknown	Browse	34.243.160.129
	HfcQmQis2J.elf	Get hash	malicious	Unknown	Browse	34.243.160.129
	vXahA76yEa.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	42EYULJ8y1.elf	Get hash	malicious	Mirai	Browse	130.177.187.239

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.460571467241214
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	wsskM49eA3.elf
File size:	75'664 bytes
MD5:	59ccf2f294605b86339ca5d4015c0016
SHA1:	0be2e5dddcc1f3e4b28a723e816c1a48abe74970
SHA256:	96adadcb024a8a4e1a6d26d5d61b596ac07fcfff9217eea1b5d8bc61ac137e48
SHA512:	a92d3c6935a007fae9c1d04e45834981c4679f9c55ef5fcb3a9ca5d388ad7ac20e0f74fe14563eca6cf03eb3e293ea31c1fa6c5152257c02aa848bc6dfa8fcec
SSDEEP:	1536:lSo+gSRUuVcYOn+h6WRu+V7XPEd3Y6mhD0cEqbCk9m17w1Sls8:lSo+gSRnmNurTIPmhDtEquWmPs8
TLSH:	72735BC0D683D8F6E8460AB1617BAB374637F9351129EA87D769EA32FC52700E60735C
File Content Preview:	.ELF....................d...4....&......4. ...(.......................................... ...............+..........Q.td............................U..S.......w....h....C...[]...$.............U......=.....t..5....$......$.......u........t....h............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	75264
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0xf266	0x0	0x6	AX	16
.fini	PROGBITS	0x8057316	0xf316	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x8057340	0xf340	0x28a0	0x0	0x2	A	32
.ctors	PROGBITS	0x805a000	0x12000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805a008	0x12008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805a020	0x12020	0x5a0	0x0	0x3	WA	32
.bss	NOBITS	0x805a5c0	0x125c0	0x25c0	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x125c0	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x11be0	0x11be0	6.5430	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x12000	0x805a000	0x805a000	0x5c0	0x2b80	4.3636	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2024 12:16:02.100656986 CEST	57041	23	192.168.2.15	97.251.9.249
Apr 22, 2024 12:16:02.100661993 CEST	57041	23	192.168.2.15	103.135.76.58
Apr 22, 2024 12:16:02.100704908 CEST	57041	23	192.168.2.15	159.217.245.248
Apr 22, 2024 12:16:02.100704908 CEST	57041	23	192.168.2.15	179.117.82.71
Apr 22, 2024 12:16:02.100754023 CEST	57041	23	192.168.2.15	159.220.251.45
Apr 22, 2024 12:16:02.100754976 CEST	57041	23	192.168.2.15	162.191.236.117
Apr 22, 2024 12:16:02.100754976 CEST	57041	23	192.168.2.15	107.205.226.241
Apr 22, 2024 12:16:02.100754023 CEST	57041	23	192.168.2.15	166.221.27.101
Apr 22, 2024 12:16:02.100754976 CEST	57041	23	192.168.2.15	183.173.5.20
Apr 22, 2024 12:16:02.100754976 CEST	57041	23	192.168.2.15	73.84.183.160
Apr 22, 2024 12:16:02.100773096 CEST	57041	23	192.168.2.15	61.162.171.15
Apr 22, 2024 12:16:02.100783110 CEST	57041	23	192.168.2.15	126.63.63.238
Apr 22, 2024 12:16:02.100773096 CEST	57041	23	192.168.2.15	222.14.143.131
Apr 22, 2024 12:16:02.100794077 CEST	57041	23	192.168.2.15	178.50.246.233
Apr 22, 2024 12:16:02.100795031 CEST	57041	23	192.168.2.15	17.124.138.124
Apr 22, 2024 12:16:02.100795031 CEST	57041	23	192.168.2.15	178.226.2.38
Apr 22, 2024 12:16:02.100795031 CEST	57041	23	192.168.2.15	60.223.118.87
Apr 22, 2024 12:16:02.100795031 CEST	57041	23	192.168.2.15	109.89.63.123
Apr 22, 2024 12:16:02.100809097 CEST	57041	23	192.168.2.15	34.122.151.145
Apr 22, 2024 12:16:02.100824118 CEST	57041	23	192.168.2.15	167.121.200.224
Apr 22, 2024 12:16:02.100847006 CEST	57041	23	192.168.2.15	52.212.0.193
Apr 22, 2024 12:16:02.100850105 CEST	57041	23	192.168.2.15	141.93.205.36
Apr 22, 2024 12:16:02.100850105 CEST	57041	23	192.168.2.15	170.20.88.207
Apr 22, 2024 12:16:02.100850105 CEST	57041	23	192.168.2.15	184.39.22.82
Apr 22, 2024 12:16:02.100853920 CEST	57041	23	192.168.2.15	161.224.18.189
Apr 22, 2024 12:16:02.100853920 CEST	57041	23	192.168.2.15	183.45.75.132
Apr 22, 2024 12:16:02.100872040 CEST	57041	23	192.168.2.15	70.237.113.142
Apr 22, 2024 12:16:02.100872040 CEST	57041	23	192.168.2.15	85.161.194.88
Apr 22, 2024 12:16:02.100882053 CEST	57041	23	192.168.2.15	186.234.142.202
Apr 22, 2024 12:16:02.100882053 CEST	57041	23	192.168.2.15	147.230.111.243
Apr 22, 2024 12:16:02.100882053 CEST	57041	23	192.168.2.15	217.199.83.165
Apr 22, 2024 12:16:02.100918055 CEST	57041	23	192.168.2.15	159.138.131.51
Apr 22, 2024 12:16:02.100930929 CEST	57041	23	192.168.2.15	183.247.58.60
Apr 22, 2024 12:16:02.100943089 CEST	57041	23	192.168.2.15	93.77.43.78
Apr 22, 2024 12:16:02.100946903 CEST	57041	23	192.168.2.15	95.118.106.84
Apr 22, 2024 12:16:02.100946903 CEST	57041	23	192.168.2.15	120.30.90.211
Apr 22, 2024 12:16:02.100955963 CEST	57041	23	192.168.2.15	66.235.160.232
Apr 22, 2024 12:16:02.100965977 CEST	57041	23	192.168.2.15	142.177.79.17
Apr 22, 2024 12:16:02.100966930 CEST	57041	23	192.168.2.15	108.137.148.239
Apr 22, 2024 12:16:02.100974083 CEST	57041	23	192.168.2.15	182.43.70.114
Apr 22, 2024 12:16:02.100982904 CEST	57041	23	192.168.2.15	221.82.155.108
Apr 22, 2024 12:16:02.101003885 CEST	57041	23	192.168.2.15	60.123.132.147
Apr 22, 2024 12:16:02.101002932 CEST	57041	23	192.168.2.15	139.150.227.124
Apr 22, 2024 12:16:02.101005077 CEST	57041	23	192.168.2.15	79.252.4.99
Apr 22, 2024 12:16:02.101013899 CEST	57041	23	192.168.2.15	84.11.52.65
Apr 22, 2024 12:16:02.101013899 CEST	57041	23	192.168.2.15	111.65.61.217
Apr 22, 2024 12:16:02.101013899 CEST	57041	23	192.168.2.15	63.232.218.248
Apr 22, 2024 12:16:02.101013899 CEST	57041	23	192.168.2.15	160.228.106.42
Apr 22, 2024 12:16:02.101022005 CEST	57041	23	192.168.2.15	132.157.234.252
Apr 22, 2024 12:16:02.101030111 CEST	57041	23	192.168.2.15	139.239.81.62
Apr 22, 2024 12:16:02.101037979 CEST	57041	23	192.168.2.15	175.37.253.10
Apr 22, 2024 12:16:02.101042032 CEST	57041	23	192.168.2.15	197.90.46.12
Apr 22, 2024 12:16:02.101042032 CEST	57041	23	192.168.2.15	31.83.132.210
Apr 22, 2024 12:16:02.101069927 CEST	57041	23	192.168.2.15	41.26.32.7
Apr 22, 2024 12:16:02.101070881 CEST	57041	23	192.168.2.15	77.116.143.25
Apr 22, 2024 12:16:02.101073027 CEST	57041	23	192.168.2.15	50.145.7.239
Apr 22, 2024 12:16:02.101075888 CEST	57041	23	192.168.2.15	217.95.175.253
Apr 22, 2024 12:16:02.101098061 CEST	57041	23	192.168.2.15	54.110.45.131
Apr 22, 2024 12:16:02.101100922 CEST	57041	23	192.168.2.15	105.81.79.98
Apr 22, 2024 12:16:02.101104975 CEST	57041	23	192.168.2.15	80.238.129.79
Apr 22, 2024 12:16:02.101119041 CEST	57041	23	192.168.2.15	86.157.114.162
Apr 22, 2024 12:16:02.101119041 CEST	57041	23	192.168.2.15	202.219.6.154
Apr 22, 2024 12:16:02.101155043 CEST	57041	23	192.168.2.15	139.91.2.111
Apr 22, 2024 12:16:02.101161003 CEST	57041	23	192.168.2.15	120.34.124.233
Apr 22, 2024 12:16:02.101161003 CEST	57041	23	192.168.2.15	23.78.145.74
Apr 22, 2024 12:16:02.101162910 CEST	57041	23	192.168.2.15	79.141.197.160
Apr 22, 2024 12:16:02.101165056 CEST	57041	23	192.168.2.15	130.43.7.243
Apr 22, 2024 12:16:02.101167917 CEST	57041	23	192.168.2.15	154.163.209.195
Apr 22, 2024 12:16:02.101176977 CEST	57041	23	192.168.2.15	141.66.229.217
Apr 22, 2024 12:16:02.101226091 CEST	57041	23	192.168.2.15	71.170.29.196
Apr 22, 2024 12:16:02.101226091 CEST	57041	23	192.168.2.15	162.37.90.189
Apr 22, 2024 12:16:02.101227999 CEST	57041	23	192.168.2.15	104.164.219.14
Apr 22, 2024 12:16:02.101227999 CEST	57041	23	192.168.2.15	146.166.193.17
Apr 22, 2024 12:16:02.101232052 CEST	57041	23	192.168.2.15	139.159.241.95
Apr 22, 2024 12:16:02.101232052 CEST	57041	23	192.168.2.15	217.155.142.63
Apr 22, 2024 12:16:02.101233959 CEST	57041	23	192.168.2.15	45.54.117.104
Apr 22, 2024 12:16:02.101243019 CEST	57041	23	192.168.2.15	71.188.62.41
Apr 22, 2024 12:16:02.101263046 CEST	57041	23	192.168.2.15	120.130.199.26
Apr 22, 2024 12:16:02.101286888 CEST	57041	23	192.168.2.15	216.235.165.63
Apr 22, 2024 12:16:02.101288080 CEST	57041	23	192.168.2.15	39.193.66.106
Apr 22, 2024 12:16:02.101294994 CEST	57041	23	192.168.2.15	119.178.119.226
Apr 22, 2024 12:16:02.101298094 CEST	57041	23	192.168.2.15	218.148.126.50
Apr 22, 2024 12:16:02.101298094 CEST	57041	23	192.168.2.15	118.126.108.13
Apr 22, 2024 12:16:02.101311922 CEST	57041	23	192.168.2.15	130.199.62.88
Apr 22, 2024 12:16:02.101334095 CEST	57041	23	192.168.2.15	168.157.3.178
Apr 22, 2024 12:16:02.101334095 CEST	57041	23	192.168.2.15	175.40.44.129
Apr 22, 2024 12:16:02.101334095 CEST	57041	23	192.168.2.15	155.49.231.171
Apr 22, 2024 12:16:02.101334095 CEST	57041	23	192.168.2.15	165.81.116.59
Apr 22, 2024 12:16:02.101340055 CEST	57041	23	192.168.2.15	178.109.130.69
Apr 22, 2024 12:16:02.101355076 CEST	57041	23	192.168.2.15	63.33.138.204
Apr 22, 2024 12:16:02.101381063 CEST	57041	23	192.168.2.15	76.58.240.116
Apr 22, 2024 12:16:02.101381063 CEST	57041	23	192.168.2.15	130.239.60.132
Apr 22, 2024 12:16:02.101392031 CEST	57041	23	192.168.2.15	102.7.212.114
Apr 22, 2024 12:16:02.101392031 CEST	57041	23	192.168.2.15	221.96.215.249
Apr 22, 2024 12:16:02.101406097 CEST	57041	23	192.168.2.15	27.69.190.11
Apr 22, 2024 12:16:02.101411104 CEST	57041	23	192.168.2.15	57.40.209.60
Apr 22, 2024 12:16:02.101412058 CEST	57041	23	192.168.2.15	53.231.49.201
Apr 22, 2024 12:16:02.101412058 CEST	57041	23	192.168.2.15	206.196.4.72
Apr 22, 2024 12:16:02.101413965 CEST	57041	23	192.168.2.15	187.107.253.185
Apr 22, 2024 12:16:02.101421118 CEST	57041	23	192.168.2.15	35.226.167.244
Apr 22, 2024 12:16:02.101428032 CEST	57041	23	192.168.2.15	211.139.202.185
Apr 22, 2024 12:16:02.101439953 CEST	57041	23	192.168.2.15	34.230.75.227
Apr 22, 2024 12:16:02.101459026 CEST	57041	23	192.168.2.15	167.139.240.70
Apr 22, 2024 12:16:02.101459026 CEST	57041	23	192.168.2.15	94.45.105.110
Apr 22, 2024 12:16:02.101466894 CEST	57041	23	192.168.2.15	131.150.52.165
Apr 22, 2024 12:16:02.101469040 CEST	57041	23	192.168.2.15	164.116.41.92
Apr 22, 2024 12:16:02.101491928 CEST	57041	23	192.168.2.15	24.215.239.188
Apr 22, 2024 12:16:02.101504087 CEST	57041	23	192.168.2.15	192.106.110.86
Apr 22, 2024 12:16:02.101516962 CEST	57041	23	192.168.2.15	52.38.55.159
Apr 22, 2024 12:16:02.101521969 CEST	57041	23	192.168.2.15	87.65.141.89
Apr 22, 2024 12:16:02.101521969 CEST	57041	23	192.168.2.15	105.29.56.204
Apr 22, 2024 12:16:02.101526976 CEST	57041	23	192.168.2.15	25.119.72.90
Apr 22, 2024 12:16:02.101526976 CEST	57041	23	192.168.2.15	157.182.115.29
Apr 22, 2024 12:16:02.101527929 CEST	57041	23	192.168.2.15	100.162.125.128
Apr 22, 2024 12:16:02.101538897 CEST	57041	23	192.168.2.15	198.192.237.101
Apr 22, 2024 12:16:02.101546049 CEST	57041	23	192.168.2.15	73.45.7.241
Apr 22, 2024 12:16:02.101557970 CEST	57041	23	192.168.2.15	196.75.55.163
Apr 22, 2024 12:16:02.101566076 CEST	57041	23	192.168.2.15	122.223.42.54
Apr 22, 2024 12:16:02.101572037 CEST	57041	23	192.168.2.15	36.246.240.48
Apr 22, 2024 12:16:02.101592064 CEST	57041	23	192.168.2.15	94.199.231.129
Apr 22, 2024 12:16:02.101592064 CEST	57041	23	192.168.2.15	41.31.240.215
Apr 22, 2024 12:16:02.101592064 CEST	57041	23	192.168.2.15	80.120.237.129
Apr 22, 2024 12:16:02.101592064 CEST	57041	23	192.168.2.15	13.96.28.208
Apr 22, 2024 12:16:02.101598024 CEST	57041	23	192.168.2.15	74.244.136.183
Apr 22, 2024 12:16:02.101598978 CEST	57041	23	192.168.2.15	135.60.228.60
Apr 22, 2024 12:16:02.101610899 CEST	57041	23	192.168.2.15	89.127.164.113
Apr 22, 2024 12:16:02.101610899 CEST	57041	23	192.168.2.15	198.34.119.98
Apr 22, 2024 12:16:02.101623058 CEST	57041	23	192.168.2.15	138.245.57.96
Apr 22, 2024 12:16:02.101623058 CEST	57041	23	192.168.2.15	61.89.157.161
Apr 22, 2024 12:16:02.101639986 CEST	57041	23	192.168.2.15	176.196.74.216
Apr 22, 2024 12:16:02.101644039 CEST	57041	23	192.168.2.15	66.187.9.170
Apr 22, 2024 12:16:02.101655006 CEST	57041	23	192.168.2.15	149.115.106.189
Apr 22, 2024 12:16:02.101660013 CEST	57041	23	192.168.2.15	168.13.149.105
Apr 22, 2024 12:16:02.101679087 CEST	57041	23	192.168.2.15	61.51.45.225
Apr 22, 2024 12:16:02.101680994 CEST	57041	23	192.168.2.15	161.77.16.127
Apr 22, 2024 12:16:02.101684093 CEST	57041	23	192.168.2.15	187.84.10.55
Apr 22, 2024 12:16:02.101684093 CEST	57041	23	192.168.2.15	220.214.85.97
Apr 22, 2024 12:16:02.101696968 CEST	57041	23	192.168.2.15	73.118.124.247
Apr 22, 2024 12:16:02.101713896 CEST	57041	23	192.168.2.15	45.224.97.84
Apr 22, 2024 12:16:02.101722956 CEST	57041	23	192.168.2.15	149.110.67.252
Apr 22, 2024 12:16:02.101727009 CEST	57041	23	192.168.2.15	104.179.232.169
Apr 22, 2024 12:16:02.101736069 CEST	57041	23	192.168.2.15	219.153.98.147
Apr 22, 2024 12:16:02.101736069 CEST	57041	23	192.168.2.15	135.32.82.196
Apr 22, 2024 12:16:02.101752996 CEST	57041	23	192.168.2.15	210.90.106.122
Apr 22, 2024 12:16:02.101773977 CEST	57041	23	192.168.2.15	71.133.53.162
Apr 22, 2024 12:16:02.101773977 CEST	57041	23	192.168.2.15	114.91.77.63
Apr 22, 2024 12:16:02.101804018 CEST	57041	23	192.168.2.15	166.223.179.171
Apr 22, 2024 12:16:02.101804018 CEST	57041	23	192.168.2.15	185.216.201.241
Apr 22, 2024 12:16:02.101804018 CEST	57041	23	192.168.2.15	180.194.148.178
Apr 22, 2024 12:16:02.101807117 CEST	57041	23	192.168.2.15	120.189.206.122
Apr 22, 2024 12:16:02.101807117 CEST	57041	23	192.168.2.15	122.56.197.176
Apr 22, 2024 12:16:02.101819038 CEST	57041	23	192.168.2.15	36.245.218.102
Apr 22, 2024 12:16:02.101819038 CEST	57041	23	192.168.2.15	219.180.95.37
Apr 22, 2024 12:16:02.101820946 CEST	57041	23	192.168.2.15	123.75.104.156
Apr 22, 2024 12:16:02.101820946 CEST	57041	23	192.168.2.15	84.116.130.151
Apr 22, 2024 12:16:02.101824045 CEST	57041	23	192.168.2.15	118.116.207.128
Apr 22, 2024 12:16:02.101824045 CEST	57041	23	192.168.2.15	134.142.154.79
Apr 22, 2024 12:16:02.101838112 CEST	57041	23	192.168.2.15	40.61.248.196
Apr 22, 2024 12:16:02.101838112 CEST	57041	23	192.168.2.15	174.55.142.215
Apr 22, 2024 12:16:02.101871967 CEST	57041	23	192.168.2.15	104.45.127.220
Apr 22, 2024 12:16:02.101885080 CEST	57041	23	192.168.2.15	48.54.243.157
Apr 22, 2024 12:16:02.101885080 CEST	57041	23	192.168.2.15	1.193.49.101
Apr 22, 2024 12:16:02.101886034 CEST	57041	23	192.168.2.15	74.10.38.35
Apr 22, 2024 12:16:02.101901054 CEST	57041	23	192.168.2.15	200.111.6.175
Apr 22, 2024 12:16:02.101907969 CEST	57041	23	192.168.2.15	34.210.50.7
Apr 22, 2024 12:16:02.101908922 CEST	57041	23	192.168.2.15	166.172.228.208
Apr 22, 2024 12:16:02.101927042 CEST	57041	23	192.168.2.15	135.74.135.86
Apr 22, 2024 12:16:02.101929903 CEST	57041	23	192.168.2.15	40.99.238.245
Apr 22, 2024 12:16:02.101938963 CEST	57041	23	192.168.2.15	119.192.104.252
Apr 22, 2024 12:16:02.101943016 CEST	57041	23	192.168.2.15	108.106.156.32
Apr 22, 2024 12:16:02.101954937 CEST	57041	23	192.168.2.15	73.123.45.233
Apr 22, 2024 12:16:02.101954937 CEST	57041	23	192.168.2.15	170.119.119.45
Apr 22, 2024 12:16:02.101960897 CEST	57041	23	192.168.2.15	168.213.110.231
Apr 22, 2024 12:16:02.101962090 CEST	57041	23	192.168.2.15	51.204.64.235
Apr 22, 2024 12:16:02.101960897 CEST	57041	23	192.168.2.15	106.103.2.146
Apr 22, 2024 12:16:02.101978064 CEST	57041	23	192.168.2.15	132.113.243.20
Apr 22, 2024 12:16:02.101983070 CEST	57041	23	192.168.2.15	48.152.39.71
Apr 22, 2024 12:16:02.101988077 CEST	57041	23	192.168.2.15	175.103.110.223
Apr 22, 2024 12:16:02.101989031 CEST	57041	23	192.168.2.15	184.205.151.187
Apr 22, 2024 12:16:02.101989031 CEST	57041	23	192.168.2.15	163.195.173.66
Apr 22, 2024 12:16:02.101999998 CEST	57041	23	192.168.2.15	70.52.241.66
Apr 22, 2024 12:16:02.102009058 CEST	57041	23	192.168.2.15	204.16.206.231
Apr 22, 2024 12:16:02.102009058 CEST	57041	23	192.168.2.15	85.19.9.125
Apr 22, 2024 12:16:02.102029085 CEST	57041	23	192.168.2.15	79.224.64.124
Apr 22, 2024 12:16:02.102029085 CEST	57041	23	192.168.2.15	69.201.66.165
Apr 22, 2024 12:16:02.102041006 CEST	57041	23	192.168.2.15	48.45.149.111
Apr 22, 2024 12:16:02.102051973 CEST	57041	23	192.168.2.15	1.129.10.4
Apr 22, 2024 12:16:02.102061033 CEST	57041	23	192.168.2.15	163.110.202.189
Apr 22, 2024 12:16:02.102073908 CEST	57041	23	192.168.2.15	36.81.39.250
Apr 22, 2024 12:16:02.102080107 CEST	57041	23	192.168.2.15	203.137.50.87
Apr 22, 2024 12:16:02.102080107 CEST	57041	23	192.168.2.15	200.192.226.160
Apr 22, 2024 12:16:02.102097988 CEST	57041	23	192.168.2.15	160.146.176.129
Apr 22, 2024 12:16:02.102117062 CEST	57041	23	192.168.2.15	2.254.36.109
Apr 22, 2024 12:16:02.102117062 CEST	57041	23	192.168.2.15	154.173.144.10
Apr 22, 2024 12:16:02.102118969 CEST	57041	23	192.168.2.15	27.115.124.42
Apr 22, 2024 12:16:02.102130890 CEST	57041	23	192.168.2.15	223.237.30.44
Apr 22, 2024 12:16:02.102133989 CEST	57041	23	192.168.2.15	43.113.156.150
Apr 22, 2024 12:16:02.102142096 CEST	57041	23	192.168.2.15	145.227.158.179
Apr 22, 2024 12:16:02.102149010 CEST	57041	23	192.168.2.15	71.64.24.40
Apr 22, 2024 12:16:02.102175951 CEST	57041	23	192.168.2.15	196.133.72.205
Apr 22, 2024 12:16:02.102176905 CEST	57041	23	192.168.2.15	154.25.118.144
Apr 22, 2024 12:16:02.102179050 CEST	57041	23	192.168.2.15	185.229.129.215
Apr 22, 2024 12:16:02.102185011 CEST	57041	23	192.168.2.15	97.218.227.85
Apr 22, 2024 12:16:02.102200985 CEST	57041	23	192.168.2.15	115.92.236.26
Apr 22, 2024 12:16:02.102201939 CEST	57041	23	192.168.2.15	8.30.32.42
Apr 22, 2024 12:16:02.102214098 CEST	57041	23	192.168.2.15	195.52.206.232
Apr 22, 2024 12:16:02.102220058 CEST	57041	23	192.168.2.15	20.208.35.246
Apr 22, 2024 12:16:02.102221012 CEST	57041	23	192.168.2.15	82.167.76.130
Apr 22, 2024 12:16:02.102232933 CEST	57041	23	192.168.2.15	67.97.2.190
Apr 22, 2024 12:16:02.102255106 CEST	57041	23	192.168.2.15	109.75.237.133
Apr 22, 2024 12:16:02.102257013 CEST	57041	23	192.168.2.15	2.18.165.112
Apr 22, 2024 12:16:02.102263927 CEST	57041	23	192.168.2.15	65.91.9.204
Apr 22, 2024 12:16:02.102266073 CEST	57041	23	192.168.2.15	117.64.187.132
Apr 22, 2024 12:16:02.102288961 CEST	57041	23	192.168.2.15	112.190.33.152
Apr 22, 2024 12:16:02.102289915 CEST	57041	23	192.168.2.15	100.206.208.180
Apr 22, 2024 12:16:02.102291107 CEST	57041	23	192.168.2.15	24.96.94.181
Apr 22, 2024 12:16:02.102292061 CEST	57041	23	192.168.2.15	40.26.69.211
Apr 22, 2024 12:16:02.102317095 CEST	57041	23	192.168.2.15	93.86.41.53
Apr 22, 2024 12:16:02.102317095 CEST	57041	23	192.168.2.15	43.142.103.144
Apr 22, 2024 12:16:02.102322102 CEST	57041	23	192.168.2.15	110.104.171.15
Apr 22, 2024 12:16:02.102322102 CEST	57041	23	192.168.2.15	14.76.25.32
Apr 22, 2024 12:16:02.102322102 CEST	57041	23	192.168.2.15	81.230.134.194
Apr 22, 2024 12:16:02.102324963 CEST	57041	23	192.168.2.15	147.96.46.147
Apr 22, 2024 12:16:02.102338076 CEST	57041	23	192.168.2.15	36.168.72.45
Apr 22, 2024 12:16:02.102343082 CEST	57041	23	192.168.2.15	162.95.40.218
Apr 22, 2024 12:16:02.102343082 CEST	57041	23	192.168.2.15	207.135.57.155
Apr 22, 2024 12:16:02.102361917 CEST	57041	23	192.168.2.15	148.175.167.189
Apr 22, 2024 12:16:02.102363110 CEST	57041	23	192.168.2.15	200.117.245.6
Apr 22, 2024 12:16:02.102372885 CEST	57041	23	192.168.2.15	114.55.41.27
Apr 22, 2024 12:16:02.102397919 CEST	57041	23	192.168.2.15	199.112.107.251
Apr 22, 2024 12:16:02.102400064 CEST	57041	23	192.168.2.15	114.63.212.66
Apr 22, 2024 12:16:02.102400064 CEST	57041	23	192.168.2.15	52.174.40.233
Apr 22, 2024 12:16:02.102420092 CEST	57041	23	192.168.2.15	81.135.64.218
Apr 22, 2024 12:16:02.102421045 CEST	57041	23	192.168.2.15	117.82.23.188
Apr 22, 2024 12:16:02.102421045 CEST	57041	23	192.168.2.15	198.90.58.79
Apr 22, 2024 12:16:02.102421999 CEST	57041	23	192.168.2.15	148.76.161.28
Apr 22, 2024 12:16:02.102442026 CEST	57041	23	192.168.2.15	41.208.58.138
Apr 22, 2024 12:16:02.102442026 CEST	57041	23	192.168.2.15	185.90.0.164
Apr 22, 2024 12:16:02.102443933 CEST	57041	23	192.168.2.15	124.165.14.19
Apr 22, 2024 12:16:02.102463961 CEST	57041	23	192.168.2.15	4.55.82.119
Apr 22, 2024 12:16:02.102485895 CEST	57041	23	192.168.2.15	141.33.226.28
Apr 22, 2024 12:16:02.102495909 CEST	57041	23	192.168.2.15	91.125.185.26
Apr 22, 2024 12:16:02.102511883 CEST	57041	23	192.168.2.15	59.83.39.52
Apr 22, 2024 12:16:02.102514029 CEST	57041	23	192.168.2.15	160.160.40.103
Apr 22, 2024 12:16:02.102514029 CEST	57041	23	192.168.2.15	121.247.193.158
Apr 22, 2024 12:16:02.102521896 CEST	57041	23	192.168.2.15	101.254.50.42
Apr 22, 2024 12:16:02.102521896 CEST	57041	23	192.168.2.15	63.57.185.160
Apr 22, 2024 12:16:02.102524042 CEST	57041	23	192.168.2.15	120.248.17.191
Apr 22, 2024 12:16:02.102524996 CEST	57041	23	192.168.2.15	216.150.8.151
Apr 22, 2024 12:16:02.102539062 CEST	57041	23	192.168.2.15	94.105.141.31
Apr 22, 2024 12:16:02.102546930 CEST	57041	23	192.168.2.15	142.197.242.49
Apr 22, 2024 12:16:02.102567911 CEST	57041	23	192.168.2.15	126.248.183.192
Apr 22, 2024 12:16:02.102569103 CEST	57041	23	192.168.2.15	164.244.193.242
Apr 22, 2024 12:16:02.102581024 CEST	57041	23	192.168.2.15	39.12.230.95
Apr 22, 2024 12:16:02.102595091 CEST	57041	23	192.168.2.15	32.182.95.199
Apr 22, 2024 12:16:02.102595091 CEST	57041	23	192.168.2.15	120.23.197.120
Apr 22, 2024 12:16:02.109785080 CEST	36252	56730	192.168.2.15	91.228.147.116
Apr 22, 2024 12:16:02.219918966 CEST	23	57041	66.187.9.170	192.168.2.15
Apr 22, 2024 12:16:02.294472933 CEST	23	57041	104.164.219.14	192.168.2.15
Apr 22, 2024 12:16:02.335402966 CEST	23	57041	77.116.143.25	192.168.2.15
Apr 22, 2024 12:16:02.335412025 CEST	23	57041	77.116.143.25	192.168.2.15
Apr 22, 2024 12:16:02.335594893 CEST	57041	23	192.168.2.15	77.116.143.25
Apr 22, 2024 12:16:02.337296963 CEST	23	57041	94.45.105.110	192.168.2.15
Apr 22, 2024 12:16:02.343285084 CEST	56730	36252	91.228.147.116	192.168.2.15
Apr 22, 2024 12:16:02.343360901 CEST	36252	56730	192.168.2.15	91.228.147.116
Apr 22, 2024 12:16:02.381958961 CEST	23	57041	218.148.126.50	192.168.2.15
Apr 22, 2024 12:16:02.443008900 CEST	23	57041	119.178.119.226	192.168.2.15
Apr 22, 2024 12:16:02.480827093 CEST	23	57041	219.153.98.147	192.168.2.15
Apr 22, 2024 12:16:02.580312014 CEST	23	57041	162.191.236.117	192.168.2.15
Apr 22, 2024 12:16:02.657449007 CEST	23	57041	160.160.40.103	192.168.2.15
Apr 22, 2024 12:16:03.103621006 CEST	57041	23	192.168.2.15	104.238.45.83
Apr 22, 2024 12:16:03.103631973 CEST	57041	23	192.168.2.15	115.56.172.141
Apr 22, 2024 12:16:03.103638887 CEST	57041	23	192.168.2.15	112.152.2.92
Apr 22, 2024 12:16:03.103638887 CEST	57041	23	192.168.2.15	141.136.17.187
Apr 22, 2024 12:16:03.103647947 CEST	57041	23	192.168.2.15	86.161.164.77
Apr 22, 2024 12:16:03.103646040 CEST	57041	23	192.168.2.15	17.237.121.189
Apr 22, 2024 12:16:03.103647947 CEST	57041	23	192.168.2.15	103.38.186.87
Apr 22, 2024 12:16:03.103646040 CEST	57041	23	192.168.2.15	36.239.58.227
Apr 22, 2024 12:16:03.103653908 CEST	57041	23	192.168.2.15	138.114.216.212
Apr 22, 2024 12:16:03.103653908 CEST	57041	23	192.168.2.15	96.31.250.182
Apr 22, 2024 12:16:03.103653908 CEST	57041	23	192.168.2.15	149.248.157.83
Apr 22, 2024 12:16:03.103674889 CEST	57041	23	192.168.2.15	219.147.247.119
Apr 22, 2024 12:16:03.103674889 CEST	57041	23	192.168.2.15	201.44.11.53
Apr 22, 2024 12:16:03.103682995 CEST	57041	23	192.168.2.15	203.103.214.252
Apr 22, 2024 12:16:03.103684902 CEST	57041	23	192.168.2.15	196.66.210.193
Apr 22, 2024 12:16:03.103684902 CEST	57041	23	192.168.2.15	36.36.150.117
Apr 22, 2024 12:16:03.103684902 CEST	57041	23	192.168.2.15	193.191.75.216
Apr 22, 2024 12:16:03.103687048 CEST	57041	23	192.168.2.15	206.75.206.252
Apr 22, 2024 12:16:03.103692055 CEST	57041	23	192.168.2.15	145.251.140.229
Apr 22, 2024 12:16:03.103692055 CEST	57041	23	192.168.2.15	168.37.172.206
Apr 22, 2024 12:16:03.103692055 CEST	57041	23	192.168.2.15	32.205.243.218
Apr 22, 2024 12:16:03.103692055 CEST	57041	23	192.168.2.15	218.249.228.248
Apr 22, 2024 12:16:03.103703022 CEST	57041	23	192.168.2.15	124.70.83.31
Apr 22, 2024 12:16:03.103710890 CEST	57041	23	192.168.2.15	36.41.196.241
Apr 22, 2024 12:16:03.103710890 CEST	57041	23	192.168.2.15	139.190.162.212
Apr 22, 2024 12:16:03.103724003 CEST	57041	23	192.168.2.15	209.197.105.101
Apr 22, 2024 12:16:03.103724003 CEST	57041	23	192.168.2.15	99.128.87.141
Apr 22, 2024 12:16:03.103729010 CEST	57041	23	192.168.2.15	133.224.248.204
Apr 22, 2024 12:16:03.103729010 CEST	57041	23	192.168.2.15	148.208.160.191
Apr 22, 2024 12:16:03.103729010 CEST	57041	23	192.168.2.15	142.85.133.218
Apr 22, 2024 12:16:03.103733063 CEST	57041	23	192.168.2.15	94.86.23.49
Apr 22, 2024 12:16:03.103765965 CEST	57041	23	192.168.2.15	36.157.27.80
Apr 22, 2024 12:16:03.103765965 CEST	57041	23	192.168.2.15	202.125.69.20
Apr 22, 2024 12:16:03.103765965 CEST	57041	23	192.168.2.15	176.169.92.237
Apr 22, 2024 12:16:03.103769064 CEST	57041	23	192.168.2.15	217.118.128.185
Apr 22, 2024 12:16:03.103769064 CEST	57041	23	192.168.2.15	27.176.66.144
Apr 22, 2024 12:16:03.103769064 CEST	57041	23	192.168.2.15	91.81.20.101
Apr 22, 2024 12:16:03.103777885 CEST	57041	23	192.168.2.15	168.9.90.3
Apr 22, 2024 12:16:03.103779078 CEST	57041	23	192.168.2.15	157.41.211.217
Apr 22, 2024 12:16:03.103779078 CEST	57041	23	192.168.2.15	195.133.89.28
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	148.209.40.33
Apr 22, 2024 12:16:03.103779078 CEST	57041	23	192.168.2.15	174.202.161.127
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	212.101.125.9
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	172.138.170.62
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	187.42.101.62
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	76.50.59.142
Apr 22, 2024 12:16:03.103780031 CEST	57041	23	192.168.2.15	20.192.103.239
Apr 22, 2024 12:16:03.103785992 CEST	57041	23	192.168.2.15	120.15.210.162
Apr 22, 2024 12:16:03.103785992 CEST	57041	23	192.168.2.15	120.167.13.70
Apr 22, 2024 12:16:03.103787899 CEST	57041	23	192.168.2.15	74.3.120.75
Apr 22, 2024 12:16:03.103796959 CEST	57041	23	192.168.2.15	189.245.50.7
Apr 22, 2024 12:16:03.103796959 CEST	57041	23	192.168.2.15	213.158.87.245
Apr 22, 2024 12:16:03.103796959 CEST	57041	23	192.168.2.15	69.68.135.62
Apr 22, 2024 12:16:03.103799105 CEST	57041	23	192.168.2.15	23.229.176.54
Apr 22, 2024 12:16:03.103800058 CEST	57041	23	192.168.2.15	42.156.254.168
Apr 22, 2024 12:16:03.103801012 CEST	57041	23	192.168.2.15	190.205.241.67
Apr 22, 2024 12:16:03.103801012 CEST	57041	23	192.168.2.15	223.221.125.221
Apr 22, 2024 12:16:03.103806019 CEST	57041	23	192.168.2.15	41.179.49.187
Apr 22, 2024 12:16:03.103815079 CEST	57041	23	192.168.2.15	137.44.156.210
Apr 22, 2024 12:16:03.103815079 CEST	57041	23	192.168.2.15	115.41.120.136
Apr 22, 2024 12:16:03.103815079 CEST	57041	23	192.168.2.15	222.28.187.163
Apr 22, 2024 12:16:03.103817940 CEST	57041	23	192.168.2.15	104.201.191.210
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	71.126.226.125
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	114.178.195.249
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	203.250.219.211
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	95.224.190.14
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	57.109.192.81
Apr 22, 2024 12:16:03.103826046 CEST	57041	23	192.168.2.15	47.169.39.191
Apr 22, 2024 12:16:03.103827953 CEST	57041	23	192.168.2.15	196.119.39.156
Apr 22, 2024 12:16:03.103827953 CEST	57041	23	192.168.2.15	197.186.182.208
Apr 22, 2024 12:16:03.103827953 CEST	57041	23	192.168.2.15	41.29.173.24
Apr 22, 2024 12:16:03.103827953 CEST	57041	23	192.168.2.15	156.106.26.148
Apr 22, 2024 12:16:03.103832960 CEST	57041	23	192.168.2.15	83.191.248.143
Apr 22, 2024 12:16:03.103832960 CEST	57041	23	192.168.2.15	125.168.149.13
Apr 22, 2024 12:16:03.103833914 CEST	57041	23	192.168.2.15	47.93.137.201
Apr 22, 2024 12:16:03.103835106 CEST	57041	23	192.168.2.15	210.225.84.47
Apr 22, 2024 12:16:03.103836060 CEST	57041	23	192.168.2.15	189.246.117.76
Apr 22, 2024 12:16:03.103863955 CEST	57041	23	192.168.2.15	111.123.61.125
Apr 22, 2024 12:16:03.103864908 CEST	57041	23	192.168.2.15	197.188.90.245
Apr 22, 2024 12:16:03.103873014 CEST	57041	23	192.168.2.15	92.79.79.251
Apr 22, 2024 12:16:03.103873014 CEST	57041	23	192.168.2.15	20.20.53.101
Apr 22, 2024 12:16:03.103873014 CEST	57041	23	192.168.2.15	58.142.88.242
Apr 22, 2024 12:16:03.103873014 CEST	57041	23	192.168.2.15	104.7.105.98
Apr 22, 2024 12:16:03.103878975 CEST	57041	23	192.168.2.15	186.112.246.251
Apr 22, 2024 12:16:03.103879929 CEST	57041	23	192.168.2.15	89.80.244.147
Apr 22, 2024 12:16:03.103882074 CEST	57041	23	192.168.2.15	80.236.252.137
Apr 22, 2024 12:16:03.103882074 CEST	57041	23	192.168.2.15	113.129.36.183
Apr 22, 2024 12:16:03.103883028 CEST	57041	23	192.168.2.15	174.13.7.207
Apr 22, 2024 12:16:03.103883028 CEST	57041	23	192.168.2.15	193.160.133.72
Apr 22, 2024 12:16:03.103894949 CEST	57041	23	192.168.2.15	168.105.65.77
Apr 22, 2024 12:16:03.103895903 CEST	57041	23	192.168.2.15	155.201.186.85
Apr 22, 2024 12:16:03.103894949 CEST	57041	23	192.168.2.15	106.123.228.3
Apr 22, 2024 12:16:03.103903055 CEST	57041	23	192.168.2.15	131.242.51.136
Apr 22, 2024 12:16:03.103903055 CEST	57041	23	192.168.2.15	206.110.34.173
Apr 22, 2024 12:16:03.103910923 CEST	57041	23	192.168.2.15	161.31.161.4
Apr 22, 2024 12:16:03.103910923 CEST	57041	23	192.168.2.15	35.247.144.126
Apr 22, 2024 12:16:03.103912115 CEST	57041	23	192.168.2.15	222.123.211.169
Apr 22, 2024 12:16:03.103912115 CEST	57041	23	192.168.2.15	173.82.74.240
Apr 22, 2024 12:16:03.103939056 CEST	57041	23	192.168.2.15	171.101.107.229
Apr 22, 2024 12:16:03.103940010 CEST	57041	23	192.168.2.15	132.8.64.111
Apr 22, 2024 12:16:03.103943110 CEST	57041	23	192.168.2.15	139.95.60.144
Apr 22, 2024 12:16:03.103943110 CEST	57041	23	192.168.2.15	109.164.7.235
Apr 22, 2024 12:16:03.103943110 CEST	57041	23	192.168.2.15	171.196.51.164
Apr 22, 2024 12:16:03.103950024 CEST	57041	23	192.168.2.15	51.175.210.52
Apr 22, 2024 12:16:03.103950024 CEST	57041	23	192.168.2.15	43.241.176.216
Apr 22, 2024 12:16:03.103950024 CEST	57041	23	192.168.2.15	77.40.29.77
Apr 22, 2024 12:16:03.103950977 CEST	57041	23	192.168.2.15	9.37.190.7
Apr 22, 2024 12:16:03.103957891 CEST	57041	23	192.168.2.15	71.167.48.158
Apr 22, 2024 12:16:03.103957891 CEST	57041	23	192.168.2.15	172.197.51.101
Apr 22, 2024 12:16:03.103965998 CEST	57041	23	192.168.2.15	108.156.143.196
Apr 22, 2024 12:16:03.103965998 CEST	57041	23	192.168.2.15	27.187.152.126
Apr 22, 2024 12:16:03.103965998 CEST	57041	23	192.168.2.15	157.8.122.110
Apr 22, 2024 12:16:03.103965998 CEST	57041	23	192.168.2.15	109.98.66.195
Apr 22, 2024 12:16:03.103971958 CEST	57041	23	192.168.2.15	189.135.65.148
Apr 22, 2024 12:16:03.103981972 CEST	57041	23	192.168.2.15	185.6.69.47
Apr 22, 2024 12:16:03.103985071 CEST	57041	23	192.168.2.15	158.35.3.95
Apr 22, 2024 12:16:03.103991985 CEST	57041	23	192.168.2.15	217.17.18.79
Apr 22, 2024 12:16:03.103991985 CEST	57041	23	192.168.2.15	39.26.17.88
Apr 22, 2024 12:16:03.104002953 CEST	57041	23	192.168.2.15	140.134.200.162
Apr 22, 2024 12:16:03.104002953 CEST	57041	23	192.168.2.15	60.121.82.244
Apr 22, 2024 12:16:03.104013920 CEST	57041	23	192.168.2.15	40.111.143.189
Apr 22, 2024 12:16:03.104013920 CEST	57041	23	192.168.2.15	171.171.4.111
Apr 22, 2024 12:16:03.104013920 CEST	57041	23	192.168.2.15	17.192.66.171
Apr 22, 2024 12:16:03.104016066 CEST	57041	23	192.168.2.15	161.174.160.177
Apr 22, 2024 12:16:03.104053974 CEST	57041	23	192.168.2.15	2.187.248.172
Apr 22, 2024 12:16:03.104054928 CEST	57041	23	192.168.2.15	128.69.187.179
Apr 22, 2024 12:16:03.104053974 CEST	57041	23	192.168.2.15	69.238.219.195
Apr 22, 2024 12:16:03.104053974 CEST	57041	23	192.168.2.15	171.247.84.13
Apr 22, 2024 12:16:03.104062080 CEST	57041	23	192.168.2.15	184.177.76.248
Apr 22, 2024 12:16:03.104062080 CEST	57041	23	192.168.2.15	104.162.153.191
Apr 22, 2024 12:16:03.104069948 CEST	57041	23	192.168.2.15	85.88.229.240
Apr 22, 2024 12:16:03.104077101 CEST	57041	23	192.168.2.15	109.198.146.241
Apr 22, 2024 12:16:03.104077101 CEST	57041	23	192.168.2.15	222.161.31.9
Apr 22, 2024 12:16:03.104084015 CEST	57041	23	192.168.2.15	81.49.108.252
Apr 22, 2024 12:16:03.104089022 CEST	57041	23	192.168.2.15	81.108.238.180
Apr 22, 2024 12:16:03.104104996 CEST	57041	23	192.168.2.15	175.152.20.50
Apr 22, 2024 12:16:03.104104996 CEST	57041	23	192.168.2.15	170.31.12.56
Apr 22, 2024 12:16:03.104113102 CEST	57041	23	192.168.2.15	210.90.15.43
Apr 22, 2024 12:16:03.104115963 CEST	57041	23	192.168.2.15	68.87.228.104
Apr 22, 2024 12:16:03.104116917 CEST	57041	23	192.168.2.15	70.201.30.66
Apr 22, 2024 12:16:03.104116917 CEST	57041	23	192.168.2.15	148.137.189.78
Apr 22, 2024 12:16:03.104120970 CEST	57041	23	192.168.2.15	137.218.48.225
Apr 22, 2024 12:16:03.104120970 CEST	57041	23	192.168.2.15	154.167.24.205
Apr 22, 2024 12:16:03.104120970 CEST	57041	23	192.168.2.15	120.115.199.93
Apr 22, 2024 12:16:03.104124069 CEST	57041	23	192.168.2.15	190.74.55.207
Apr 22, 2024 12:16:03.104130030 CEST	57041	23	192.168.2.15	141.181.23.66
Apr 22, 2024 12:16:03.104131937 CEST	57041	23	192.168.2.15	184.197.22.221
Apr 22, 2024 12:16:03.104132891 CEST	57041	23	192.168.2.15	109.75.225.212
Apr 22, 2024 12:16:03.104146004 CEST	57041	23	192.168.2.15	128.173.12.195
Apr 22, 2024 12:16:03.104146957 CEST	57041	23	192.168.2.15	141.6.47.136
Apr 22, 2024 12:16:03.104177952 CEST	57041	23	192.168.2.15	213.235.242.176
Apr 22, 2024 12:16:03.104177952 CEST	57041	23	192.168.2.15	171.243.112.180
Apr 22, 2024 12:16:03.104178905 CEST	57041	23	192.168.2.15	120.104.33.220
Apr 22, 2024 12:16:03.104177952 CEST	57041	23	192.168.2.15	142.63.198.132
Apr 22, 2024 12:16:03.104177952 CEST	57041	23	192.168.2.15	170.248.148.133
Apr 22, 2024 12:16:03.104188919 CEST	57041	23	192.168.2.15	162.76.26.38
Apr 22, 2024 12:16:03.104193926 CEST	57041	23	192.168.2.15	39.208.135.97
Apr 22, 2024 12:16:03.104193926 CEST	57041	23	192.168.2.15	77.101.23.49
Apr 22, 2024 12:16:03.104193926 CEST	57041	23	192.168.2.15	147.13.55.251
Apr 22, 2024 12:16:03.104195118 CEST	57041	23	192.168.2.15	192.117.185.163
Apr 22, 2024 12:16:03.104204893 CEST	57041	23	192.168.2.15	163.49.133.103
Apr 22, 2024 12:16:03.104204893 CEST	57041	23	192.168.2.15	168.7.167.18
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	65.195.30.245
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	86.212.132.127
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	169.93.81.200
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	124.169.132.56
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	223.236.188.35
Apr 22, 2024 12:16:03.104208946 CEST	57041	23	192.168.2.15	157.209.227.109
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	193.180.134.170
Apr 22, 2024 12:16:03.104208946 CEST	57041	23	192.168.2.15	132.174.198.222
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	94.29.78.122
Apr 22, 2024 12:16:03.104208946 CEST	57041	23	192.168.2.15	195.248.124.180
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	163.187.236.53
Apr 22, 2024 12:16:03.104207993 CEST	57041	23	192.168.2.15	83.135.94.213
Apr 22, 2024 12:16:03.104222059 CEST	57041	23	192.168.2.15	176.52.50.166
Apr 22, 2024 12:16:03.104222059 CEST	57041	23	192.168.2.15	203.219.235.129
Apr 22, 2024 12:16:03.104222059 CEST	57041	23	192.168.2.15	201.244.236.46
Apr 22, 2024 12:16:03.104223013 CEST	57041	23	192.168.2.15	59.162.57.164
Apr 22, 2024 12:16:03.104222059 CEST	57041	23	192.168.2.15	192.88.210.73
Apr 22, 2024 12:16:03.104226112 CEST	57041	23	192.168.2.15	89.57.108.11
Apr 22, 2024 12:16:03.104226112 CEST	57041	23	192.168.2.15	142.29.206.162
Apr 22, 2024 12:16:03.104228020 CEST	57041	23	192.168.2.15	64.133.241.168
Apr 22, 2024 12:16:03.104228020 CEST	57041	23	192.168.2.15	118.58.220.200
Apr 22, 2024 12:16:03.104228020 CEST	57041	23	192.168.2.15	31.99.201.84
Apr 22, 2024 12:16:03.104228020 CEST	57041	23	192.168.2.15	223.158.125.219
Apr 22, 2024 12:16:03.104229927 CEST	57041	23	192.168.2.15	38.208.191.131
Apr 22, 2024 12:16:03.104229927 CEST	57041	23	192.168.2.15	124.105.19.108
Apr 22, 2024 12:16:03.104240894 CEST	57041	23	192.168.2.15	17.203.144.208
Apr 22, 2024 12:16:03.104255915 CEST	57041	23	192.168.2.15	44.245.166.155
Apr 22, 2024 12:16:03.104255915 CEST	57041	23	192.168.2.15	13.40.65.101
Apr 22, 2024 12:16:03.104260921 CEST	57041	23	192.168.2.15	112.178.174.15
Apr 22, 2024 12:16:03.104264975 CEST	57041	23	192.168.2.15	18.214.103.73
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	32.134.192.181
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	114.107.1.44
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	218.224.225.52
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	222.24.48.4
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	34.72.179.158
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	118.83.127.149
Apr 22, 2024 12:16:03.104276896 CEST	57041	23	192.168.2.15	8.173.88.211
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	75.54.187.78
Apr 22, 2024 12:16:03.104276896 CEST	57041	23	192.168.2.15	125.151.88.169
Apr 22, 2024 12:16:03.104274035 CEST	57041	23	192.168.2.15	93.131.103.12
Apr 22, 2024 12:16:03.104276896 CEST	57041	23	192.168.2.15	145.2.186.70
Apr 22, 2024 12:16:03.104276896 CEST	57041	23	192.168.2.15	145.10.241.158
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	53.97.157.133
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	145.197.56.171
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	140.233.94.56
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	99.217.192.5
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	46.236.212.247
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	59.227.21.250
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	12.194.93.154
Apr 22, 2024 12:16:03.104279995 CEST	57041	23	192.168.2.15	13.134.244.116
Apr 22, 2024 12:16:03.104289055 CEST	57041	23	192.168.2.15	160.49.188.128
Apr 22, 2024 12:16:03.104293108 CEST	57041	23	192.168.2.15	115.91.201.228
Apr 22, 2024 12:16:03.104295969 CEST	57041	23	192.168.2.15	72.176.112.170
Apr 22, 2024 12:16:03.104295969 CEST	57041	23	192.168.2.15	17.212.162.181
Apr 22, 2024 12:16:03.104301929 CEST	57041	23	192.168.2.15	116.152.149.5
Apr 22, 2024 12:16:03.104310989 CEST	57041	23	192.168.2.15	132.108.177.6
Apr 22, 2024 12:16:03.104311943 CEST	57041	23	192.168.2.15	180.152.167.73
Apr 22, 2024 12:16:03.104321003 CEST	57041	23	192.168.2.15	209.38.199.215
Apr 22, 2024 12:16:03.104331017 CEST	57041	23	192.168.2.15	75.173.17.50
Apr 22, 2024 12:16:03.104331017 CEST	57041	23	192.168.2.15	68.91.127.9
Apr 22, 2024 12:16:03.104331017 CEST	57041	23	192.168.2.15	164.182.254.205
Apr 22, 2024 12:16:03.104331017 CEST	57041	23	192.168.2.15	100.8.41.133
Apr 22, 2024 12:16:03.104334116 CEST	57041	23	192.168.2.15	47.82.186.237
Apr 22, 2024 12:16:03.104334116 CEST	57041	23	192.168.2.15	180.15.109.249
Apr 22, 2024 12:16:03.104338884 CEST	57041	23	192.168.2.15	143.50.94.154
Apr 22, 2024 12:16:03.104338884 CEST	57041	23	192.168.2.15	102.161.163.158
Apr 22, 2024 12:16:03.104338884 CEST	57041	23	192.168.2.15	97.7.175.189
Apr 22, 2024 12:16:03.104338884 CEST	57041	23	192.168.2.15	196.225.226.187
Apr 22, 2024 12:16:03.104346037 CEST	57041	23	192.168.2.15	206.187.151.148
Apr 22, 2024 12:16:03.104347944 CEST	57041	23	192.168.2.15	62.9.191.201
Apr 22, 2024 12:16:03.104373932 CEST	57041	23	192.168.2.15	197.27.150.208
Apr 22, 2024 12:16:03.104373932 CEST	57041	23	192.168.2.15	40.111.65.196
Apr 22, 2024 12:16:03.104376078 CEST	57041	23	192.168.2.15	184.46.152.175
Apr 22, 2024 12:16:03.104376078 CEST	57041	23	192.168.2.15	190.106.197.192
Apr 22, 2024 12:16:03.104377031 CEST	57041	23	192.168.2.15	139.176.73.151
Apr 22, 2024 12:16:03.104377031 CEST	57041	23	192.168.2.15	78.155.128.95
Apr 22, 2024 12:16:03.104376078 CEST	57041	23	192.168.2.15	168.16.110.72
Apr 22, 2024 12:16:03.104394913 CEST	57041	23	192.168.2.15	108.142.124.193
Apr 22, 2024 12:16:03.104396105 CEST	57041	23	192.168.2.15	84.140.7.173
Apr 22, 2024 12:16:03.104396105 CEST	57041	23	192.168.2.15	181.113.13.92
Apr 22, 2024 12:16:03.104396105 CEST	57041	23	192.168.2.15	216.83.84.228
Apr 22, 2024 12:16:03.104397058 CEST	57041	23	192.168.2.15	182.55.164.152
Apr 22, 2024 12:16:03.104396105 CEST	57041	23	192.168.2.15	91.140.188.174
Apr 22, 2024 12:16:03.104397058 CEST	57041	23	192.168.2.15	112.225.132.232
Apr 22, 2024 12:16:03.104396105 CEST	57041	23	192.168.2.15	1.104.79.246
Apr 22, 2024 12:16:03.104397058 CEST	57041	23	192.168.2.15	104.100.206.46
Apr 22, 2024 12:16:03.104403973 CEST	57041	23	192.168.2.15	144.156.210.214
Apr 22, 2024 12:16:03.104403973 CEST	57041	23	192.168.2.15	9.252.23.200
Apr 22, 2024 12:16:03.104406118 CEST	57041	23	192.168.2.15	75.151.246.48
Apr 22, 2024 12:16:03.104406118 CEST	57041	23	192.168.2.15	39.218.57.253
Apr 22, 2024 12:16:03.104406118 CEST	57041	23	192.168.2.15	59.44.29.84
Apr 22, 2024 12:16:03.104445934 CEST	57041	23	192.168.2.15	196.144.133.60
Apr 22, 2024 12:16:03.104445934 CEST	57041	23	192.168.2.15	109.18.197.137
Apr 22, 2024 12:16:03.104445934 CEST	57041	23	192.168.2.15	219.93.252.82
Apr 22, 2024 12:16:03.375744104 CEST	36252	56730	192.168.2.15	91.228.147.116
Apr 22, 2024 12:16:03.388201952 CEST	23	57041	125.151.88.169	192.168.2.15
Apr 22, 2024 12:16:03.393306971 CEST	23	57041	112.178.174.15	192.168.2.15
Apr 22, 2024 12:16:03.395001888 CEST	23	57041	196.66.210.193	192.168.2.15
Apr 22, 2024 12:16:03.609365940 CEST	56730	36252	91.228.147.116	192.168.2.15
Apr 22, 2024 12:16:03.609438896 CEST	36252	56730	192.168.2.15	91.228.147.116

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 22, 2024 12:18:46.130846977 CEST	58363	53	192.168.2.15	1.1.1.1
Apr 22, 2024 12:18:46.130939960 CEST	32840	53	192.168.2.15	1.1.1.1
Apr 22, 2024 12:18:46.235168934 CEST	53	32840	1.1.1.1	192.168.2.15
Apr 22, 2024 12:18:46.235207081 CEST	53	58363	1.1.1.1	192.168.2.15

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 22, 2024 12:16:02.238519907 CEST	67.21.225.9	192.168.2.15	7b1e	(Time to live exceeded in transit)	Time Exceeded
Apr 22, 2024 12:16:02.245626926 CEST	154.54.88.42	192.168.2.15	b7f1	(Time to live exceeded in transit)	Time Exceeded
Apr 22, 2024 12:16:02.247211933 CEST	69.201.66.165	192.168.2.15	4833	(Unknown)	Destination Unreachable
Apr 22, 2024 12:16:02.301033020 CEST	194.51.85.164	192.168.2.15	d4ff	(Net unreachable)	Destination Unreachable
Apr 22, 2024 12:16:02.322993040 CEST	217.95.175.253	192.168.2.15	94ac	(Unknown)	Destination Unreachable
Apr 22, 2024 12:16:02.330267906 CEST	95.118.106.84	192.168.2.15	543f	(Unknown)	Destination Unreachable
Apr 22, 2024 12:16:02.336646080 CEST	188.1.231.30	192.168.2.15	2f10	(Net unreachable)	Destination Unreachable
Apr 22, 2024 12:16:03.338985920 CEST	83.135.94.213	192.168.2.15	6bad	(Unknown)	Destination Unreachable
Apr 22, 2024 12:16:03.362838030 CEST	195.133.89.28	192.168.2.15	dc69	(Unknown)	Destination Unreachable
Apr 22, 2024 12:16:03.392623901 CEST	203.72.191.114	192.168.2.15	ffa2	(Net unreachable)	Destination Unreachable
Apr 22, 2024 12:16:03.484013081 CEST	103.26.244.1	192.168.2.15	c752	(Time to live exceeded in transit)	Time Exceeded
Apr 22, 2024 12:16:04.361844063 CEST	221.145.4.170	192.168.2.15	a08d	(Host unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 22, 2024 12:18:46.130846977 CEST	192.168.2.15	1.1.1.1	0xfa49	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Apr 22, 2024 12:18:46.130939960 CEST	192.168.2.15	1.1.1.1	0xd336	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 22, 2024 12:18:46.235207081 CEST	1.1.1.1	192.168.2.15	0xfa49	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Apr 22, 2024 12:18:46.235207081 CEST	1.1.1.1	192.168.2.15	0xfa49	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: wsskM49eA3.elf PID: 5603, Parent PID: 5519

General

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	/tmp/wsskM49eA3.elf
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Analysis Process: wsskM49eA3.elf PID: 5609, Parent PID: 5607

General

Start time (UTC):	10:16:01
Start date (UTC):	22/04/2024
Path:	/tmp/wsskM49eA3.elf
Arguments:	-
File size:	75664 bytes
MD5 hash:	59ccf2f294605b86339ca5d4015c0016

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report wsskM49eA3.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: wsskM49eA3.elf PID: 5603, Parent PID: 5519

General

Chronological Activities

Analysis Process: wsskM49eA3.elf PID: 5604, Parent PID: 5603

General

Chronological Activities

Analysis Process: wsskM49eA3.elf PID: 5605, Parent PID: 5603

General

Chronological Activities

Analysis Process: wsskM49eA3.elf PID: 5606, Parent PID: 5603

General

Chronological Activities

Analysis Process: wsskM49eA3.elf PID: 5607, Parent PID: 5603

General

Chronological Activities

Analysis Process: wsskM49eA3.elf PID: 5608, Parent PID: 5607

General

Analysis Process: wsskM49eA3.elf PID: 5609, Parent PID: 5607

General

Linux Analysis Report
wsskM49eA3.elf