Edit tour

Linux Analysis Report
HTUyCRuDev.elf

Overview

General Information

Sample name:	HTUyCRuDev.elf renamed because original name is a hash value
Original sample name:	cdfd23d13080c787cf5784248d62133f.elf
Analysis ID:	1456793
MD5:	cdfd23d13080c787cf5784248d62133f
SHA1:	92244f7c8392ac821276be00de438806e9eba4c7
SHA256:	4dc3b6dc4cfda3cd8762083e96f394bae961573ffa269f961737a4ce6705c79f
Tags:	32elfmiraimotorola
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1456793
Start date and time:	2024-06-13 19:35:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 1s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	HTUyCRuDev.elf renamed because original name is a hash value
Original Sample Name:	cdfd23d13080c787cf5784248d62133f.elf
Detection:	MAL
Classification:	mal56.linELF@0/0@0/0

Warnings

Report size exceeded maximum capacity and may have missing network information.
TCP Packets have been reduced to 100
VT rate limit hit for: HTUyCRuDev.elf

Runtime Messages

Command:	/tmp/HTUyCRuDev.elf
PID:	6210
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	JEW was here lol
Standard Error:

Process Tree

system is lnxubuntu20

HTUyCRuDev.elf (PID: 6210, Parent: 6122, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/HTUyCRuDev.elf

HTUyCRuDev.elf New Fork (PID: 6212, Parent: 6210)

HTUyCRuDev.elf New Fork (PID: 6213, Parent: 6210)

HTUyCRuDev.elf New Fork (PID: 6216, Parent: 6213)

HTUyCRuDev.elf New Fork (PID: 6217, Parent: 6213)

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: HTUyCRuDev.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: HTUyCRuDev.elf

ReversingLabs: Detection: 55%

Source: global traffic	TCP traffic: 192.168.2.23:36546 -> 147.78.103.47:9931
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 101.246.247.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 106.95.241.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 168.252.50.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 63.209.76.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 50.180.220.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 211.10.230.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 64.206.147.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 2.151.210.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 98.30.232.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.85.62.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 145.239.176.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 135.63.94.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 185.54.101.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 166.49.73.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 211.225.173.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 201.242.145.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 154.108.149.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 117.117.250.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 223.97.98.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 8.11.152.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 193.65.89.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 52.134.231.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 207.236.9.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.224.147.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 158.168.176.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 128.38.100.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.159.182.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 25.112.138.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 146.126.49.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.205.247.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 93.187.199.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.43.220.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 58.177.216.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.135.126.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 40.220.148.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 54.92.121.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 100.243.5.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 5.244.25.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.139.9.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 109.140.253.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 126.54.13.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 190.140.41.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 119.195.130.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 85.243.174.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 154.72.105.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 58.55.41.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 121.176.46.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 96.97.56.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 95.77.185.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 204.184.85.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 49.135.207.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.17.91.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 194.147.24.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 122.177.216.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 148.122.102.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 79.70.74.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 38.213.74.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 168.107.159.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 163.16.28.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 47.30.204.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 2.181.134.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 137.254.160.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 68.0.158.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 18.29.238.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 62.117.230.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 105.90.71.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 27.114.225.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 132.28.167.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 144.173.220.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 217.241.249.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 113.227.45.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 99.57.172.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.190.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 133.95.80.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 93.15.19.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 153.158.99.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.169.90.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 222.91.127.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 125.15.239.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 118.47.117.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 100.206.236.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.46.218.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 206.185.62.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 208.179.117.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 143.143.207.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 208.93.199.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 98.170.7.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 104.27.206.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 20.154.172.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 193.196.236.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.177.254.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 102.206.165.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 185.75.90.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 70.47.48.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 188.118.77.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 174.20.169.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 62.113.181.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 223.180.155.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 163.48.4.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.225.133.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 62.183.144.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 196.126.172.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 112.63.69.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 108.41.203.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 173.161.229.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 19.19.214.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 64.51.182.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 31.154.36.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 120.182.6.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.69.92.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 198.61.197.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 207.112.12.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 23.30.191.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 88.160.46.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 213.114.198.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 116.238.228.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 135.239.129.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 116.109.31.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 106.16.243.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 35.84.62.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 143.3.126.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 150.217.169.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 105.61.169.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 115.190.89.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.137.163.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 106.2.83.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 185.154.211.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 122.30.202.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 196.140.139.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 221.40.102.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 173.198.55.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.151.213.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 87.1.18.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 169.51.53.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 92.185.219.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 37.149.48.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.156.75.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 218.229.10.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 116.107.127.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 166.132.152.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 155.102.164.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 49.149.151.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 206.207.9.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 150.42.76.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 27.209.86.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 220.195.194.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 88.113.93.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 211.31.6.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 74.232.67.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 180.215.108.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.93.240.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 34.247.234.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 142.247.79.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.78.105.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 94.97.225.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 86.101.13.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 187.165.165.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 48.64.222.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.186.167.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 160.208.94.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 54.64.231.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 162.65.10.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 182.98.156.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 85.104.99.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 217.203.91.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 32.154.221.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 151.243.166.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 65.176.170.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 132.244.210.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.102.38.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 97.94.237.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 221.48.82.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 206.222.65.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.74.194.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 32.153.232.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 13.56.216.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 222.121.69.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 123.30.174.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 17.140.116.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 140.66.183.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 160.184.27.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 80.49.116.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 131.221.199.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.149.62.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 202.132.97.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 14.122.210.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 60.237.152.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 51.73.122.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 70.208.89.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 123.110.102.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 130.213.37.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 130.15.248.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 82.59.110.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 94.32.134.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.137.132.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 104.17.151.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.6.246.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 38.207.67.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 109.164.239.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 155.207.237.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 100.23.224.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.23.148.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.234.201.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 115.177.254.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 142.246.144.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 38.227.254.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 112.132.19.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 110.235.70.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 190.196.197.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.238.227.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.102.39.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.224.168.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 170.232.17.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 12.87.89.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 62.54.235.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.175.122.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 83.105.62.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 216.62.179.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 199.32.89.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 196.142.248.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 73.176.199.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.36.16.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 2.149.245.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.121.13.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 109.25.130.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 12.189.18.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 119.218.45.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 183.88.11.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 180.4.154.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 120.99.39.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 171.175.52.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 142.5.70.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 96.136.26.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 4.208.242.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 51.218.68.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.192.7.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.232.147.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 200.91.89.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 60.139.226.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 48.181.6.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 186.200.196.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 25.111.53.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.144.29.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 101.132.185.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 174.22.43.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 96.35.20.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 25.150.149.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 212.99.222.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.114.32.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 74.134.208.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 146.100.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 41.55.51.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 187.110.33.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 82.37.50.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 217.231.22.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 174.222.96.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 78.205.21.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 181.102.30.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 36.43.191.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 25.166.142.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 123.160.203.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 106.114.161.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 76.24.115.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 218.20.245.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 80.241.69.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 125.39.94.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 101.102.82.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 65.162.217.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 67.155.222.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 19.172.79.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 155.221.168.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 166.5.185.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 61.77.136.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 156.88.90.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 212.74.154.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 80.190.201.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 96.247.143.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 46.11.91.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.16.180.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 170.140.203.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 210.48.63.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 54.202.206.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 74.143.237.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 212.149.218.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 119.233.109.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 138.177.124.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 166.84.50.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 135.239.252.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 82.126.74.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 152.25.245.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.238.111.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 40.159.154.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 129.163.208.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 189.115.200.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 144.23.34.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 112.253.114.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.119.248.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 126.112.234.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 147.224.89.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 156.49.108.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 160.79.249.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 114.15.45.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.129.155.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 145.29.173.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 34.22.254.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 161.179.68.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 75.43.241.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 144.116.249.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 202.43.209.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 59.41.179.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.181.43.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.157.165.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.46.35.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 14.100.0.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 48.49.187.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 48.94.255.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 211.131.79.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 108.253.124.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 176.59.4.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 69.83.212.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 42.101.149.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 148.107.35.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 188.245.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 190.95.48.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 220.67.203.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 130.143.170.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.172.145.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 152.143.65.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 101.61.90.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.156.70.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 77.194.36.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 212.52.222.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 12.138.53.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 178.60.118.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 71.153.168.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 176.186.35.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 60.54.8.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 135.66.240.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 101.207.124.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 72.189.229.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.230.212.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.158.198.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 80.201.120.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.123.152.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.177.225.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 49.34.34.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 149.14.23.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 107.101.8.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 144.31.234.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 166.115.132.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 34.194.63.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 143.178.130.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 175.58.17.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.120.32.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 94.103.116.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 61.244.113.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 194.173.227.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 70.227.60.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 98.168.0.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.240.251.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 133.90.110.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 188.172.120.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 168.79.4.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.230.178.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 160.147.94.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 185.157.108.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 99.103.195.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.250.173.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 86.128.83.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 48.14.145.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 129.15.52.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 128.129.210.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 170.82.211.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 169.242.62.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 206.52.172.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 82.48.52.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 154.91.137.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 81.31.97.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 156.14.253.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 23.244.164.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 150.56.92.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 196.139.39.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 67.108.168.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 168.239.134.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 73.99.65.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.251.119.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 14.188.7.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 195.149.107.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 197.152.21.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 46.76.204.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 181.81.38.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 124.99.138.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 177.129.92.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 20.21.2.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 194.81.123.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 117.228.133.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 97.110.241.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 92.72.16.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 187.39.203.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.165.207.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 178.95.234.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 31.181.187.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 20.198.3.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 188.66.196.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 185.34.121.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 129.108.27.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 202.41.189.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 194.86.104.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 79.227.212.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 61.170.232.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 221.229.144.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 144.113.117.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 218.183.61.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 93.157.208.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 115.141.171.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 222.19.59.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 14.236.66.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 187.210.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 190.99.100.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 80.20.241.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 82.153.7.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 168.175.156.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 105.11.245.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 84.213.8.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 58.49.78.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.43.128.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 188.74.120.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 75.14.97.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 135.182.155.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 184.98.133.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 138.127.26.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 19.245.85.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 73.94.170.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 201.160.130.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 104.200.105.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 187.100.42.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 49.11.64.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 140.244.8.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 204.133.208.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 142.247.248.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 198.165.117.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 147.205.86.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 165.40.40.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 198.25.174.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 62.75.162.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 76.171.172.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 111.144.40.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 25.47.29.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 36.191.117.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 156.83.81.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 183.102.13.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 35.226.23.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 182.9.92.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 99.239.13.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 39.103.101.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 46.236.243.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 137.156.199.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 143.224.145.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 155.243.54.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 167.254.218.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.24.9.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 38.84.174.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 148.10.120.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 112.94.184.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 130.67.233.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 108.125.72.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 165.217.104.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 182.55.34.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 58.229.12.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 9.161.183.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 86.56.219.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 159.16.236.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 173.218.37.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 149.109.233.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 13.122.192.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 43.29.15.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 121.124.168.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 66.120.108.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 63.53.173.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 54.177.94.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 99.171.123.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 89.251.117.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 130.115.101.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 211.250.215.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 61.131.54.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 23.183.76.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 218.160.162.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 47.20.50.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 108.22.140.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 167.200.70.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 180.37.29.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 52.117.103.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 74.206.51.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 222.125.108.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 208.155.176.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 105.144.234.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 13.66.131.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 54.72.230.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23879 -> 64.9.0.248:2323

Source: /tmp/HTUyCRuDev.elf (PID: 6210)

Socket: 127.0.0.1:1926

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 147.78.103.47
Source: unknown	TCP traffic detected without corresponding DNS query: 147.78.103.47
Source: unknown	TCP traffic detected without corresponding DNS query: 101.246.247.34
Source: unknown	TCP traffic detected without corresponding DNS query: 123.237.200.34
Source: unknown	TCP traffic detected without corresponding DNS query: 156.199.253.162
Source: unknown	TCP traffic detected without corresponding DNS query: 75.177.211.33
Source: unknown	TCP traffic detected without corresponding DNS query: 204.228.177.112
Source: unknown	TCP traffic detected without corresponding DNS query: 78.55.208.33
Source: unknown	TCP traffic detected without corresponding DNS query: 42.250.209.51
Source: unknown	TCP traffic detected without corresponding DNS query: 150.89.44.147
Source: unknown	TCP traffic detected without corresponding DNS query: 128.222.86.92
Source: unknown	TCP traffic detected without corresponding DNS query: 106.95.241.245
Source: unknown	TCP traffic detected without corresponding DNS query: 73.168.241.230
Source: unknown	TCP traffic detected without corresponding DNS query: 111.16.142.215
Source: unknown	TCP traffic detected without corresponding DNS query: 98.163.160.169
Source: unknown	TCP traffic detected without corresponding DNS query: 91.169.89.0
Source: unknown	TCP traffic detected without corresponding DNS query: 205.125.0.234
Source: unknown	TCP traffic detected without corresponding DNS query: 201.155.129.126
Source: unknown	TCP traffic detected without corresponding DNS query: 183.191.203.221
Source: unknown	TCP traffic detected without corresponding DNS query: 196.122.33.244
Source: unknown	TCP traffic detected without corresponding DNS query: 191.243.20.122
Source: unknown	TCP traffic detected without corresponding DNS query: 168.252.50.172
Source: unknown	TCP traffic detected without corresponding DNS query: 144.139.1.102
Source: unknown	TCP traffic detected without corresponding DNS query: 85.49.141.210
Source: unknown	TCP traffic detected without corresponding DNS query: 97.91.11.243
Source: unknown	TCP traffic detected without corresponding DNS query: 152.172.14.171
Source: unknown	TCP traffic detected without corresponding DNS query: 183.182.153.35
Source: unknown	TCP traffic detected without corresponding DNS query: 54.16.196.2
Source: unknown	TCP traffic detected without corresponding DNS query: 124.54.183.186
Source: unknown	TCP traffic detected without corresponding DNS query: 167.241.117.66
Source: unknown	TCP traffic detected without corresponding DNS query: 131.230.161.24
Source: unknown	TCP traffic detected without corresponding DNS query: 81.231.16.241
Source: unknown	TCP traffic detected without corresponding DNS query: 63.209.76.37
Source: unknown	TCP traffic detected without corresponding DNS query: 71.145.108.147
Source: unknown	TCP traffic detected without corresponding DNS query: 200.36.140.53
Source: unknown	TCP traffic detected without corresponding DNS query: 157.180.219.161
Source: unknown	TCP traffic detected without corresponding DNS query: 57.107.162.192
Source: unknown	TCP traffic detected without corresponding DNS query: 50.30.164.239
Source: unknown	TCP traffic detected without corresponding DNS query: 169.87.5.77
Source: unknown	TCP traffic detected without corresponding DNS query: 50.180.220.42
Source: unknown	TCP traffic detected without corresponding DNS query: 82.90.211.127
Source: unknown	TCP traffic detected without corresponding DNS query: 44.116.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 24.233.116.49
Source: unknown	TCP traffic detected without corresponding DNS query: 182.244.43.78
Source: unknown	TCP traffic detected without corresponding DNS query: 202.150.199.206
Source: unknown	TCP traffic detected without corresponding DNS query: 8.189.254.195
Source: unknown	TCP traffic detected without corresponding DNS query: 43.163.80.240
Source: unknown	TCP traffic detected without corresponding DNS query: 94.4.27.44
Source: unknown	TCP traffic detected without corresponding DNS query: 222.144.106.110

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Source: /tmp/HTUyCRuDev.elf (PID: 6210)

Queries kernel information via 'uname':

Source: HTUyCRuDev.elf, 6210.1.00005595e97f2000.00005595e9877000.rw-.sdmp, HTUyCRuDev.elf, 6212.1.00005595e97f2000.00005595e9877000.rw-.sdmp, HTUyCRuDev.elf, 6216.1.00005595e97f2000.00005595e9877000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: HTUyCRuDev.elf, 6210.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp, HTUyCRuDev.elf, 6212.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp, HTUyCRuDev.elf, 6216.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: HTUyCRuDev.elf, 6210.1.00005595e97f2000.00005595e9877000.rw-.sdmp, HTUyCRuDev.elf, 6212.1.00005595e97f2000.00005595e9877000.rw-.sdmp, HTUyCRuDev.elf, 6216.1.00005595e97f2000.00005595e9877000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: HTUyCRuDev.elf, 6210.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp, HTUyCRuDev.elf, 6212.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp, HTUyCRuDev.elf, 6216.1.00007ffdcb1a2000.00007ffdcb1c3000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/HTUyCRuDev.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HTUyCRuDev.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HTUyCRuDev.elf	55%	ReversingLabs	Linux.Trojan.Mirai
HTUyCRuDev.elf	100%	Avira	EXP/ELF.Mirai.Bootnet.o

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
98.139.142.32	unknown	United States	26101	YAHOO-3US	false
116.175.62.41	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
211.214.93.246	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
58.40.193.242	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
111.80.81.134	unknown	Taiwan; Republic of China (ROC)	2510	INFOWEBFUJITSULIMITEDJP	false
65.66.253.140	unknown	United States	7018	ATT-INTERNET4US	false
139.191.120.134	unknown	European Union	2611	BELNETBE	false
155.229.97.21	unknown	United States	18566	MEGAPATH5-US	false
115.188.31.87	unknown	New Zealand	4771	SPARKNZSparkNewZealandTradingLtdNZ	false
63.75.247.60	unknown	United States	701	UUNETUS	false
114.73.115.157	unknown	Australia	4804	MPX-ASMicroplexPTYLTDAU	false
184.216.100.5	unknown	United States	10507	SPCSUS	false
176.243.1.41	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
77.91.171.207	unknown	Palestinian Territory Occupied	12975	PALTEL-ASPALTELAutonomousSystemPS	false
97.118.60.43	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
173.229.136.204	unknown	United States	10405	UPRR-ASN-01US	false
117.114.195.159	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
155.90.12.142	unknown	United States	4010	DNIC-AS-04010US	false
93.231.244.24	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
121.44.191.221	unknown	Australia	4739	INTERNODE-ASInternodePtyLtdAU	false
47.111.235.129	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
53.25.129.93	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
186.164.26.182	unknown	Venezuela	21575	ENTELPERUSAPE	false
174.50.238.101	unknown	United States	7922	COMCAST-7922US	false
109.183.73.38	unknown	Czech Republic	12767	PRAGONET-ASCZ	false
12.174.10.254	unknown	United States	7018	ATT-INTERNET4US	false
175.131.187.169	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
112.220.121.6	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
182.23.97.162	unknown	Indonesia	4800	LINTASARTA-AS-APNetworkAccessProviderandInternetServic	false
4.31.146.161	unknown	United States	3356	LEVEL3US	false
114.52.161.116	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
109.32.62.199	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
49.57.109.29	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
12.77.153.113	unknown	United States	7018	ATT-INTERNET4US	false
138.203.175.153	unknown	Belgium	5488	BELGACOMBE	false
27.191.234.159	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
132.145.12.79	unknown	United States	31898	ORACLE-BMC-31898US	false
221.215.46.75	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
164.219.30.78	unknown	United States	5180	DNIC-ASBLK-05120-05376US	false
182.116.76.173	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
92.161.37.70	unknown	France	3215	FranceTelecom-OrangeFR	false
198.216.73.110	unknown	United States	3354	THENET-AS-3354US	false
184.145.64.108	unknown	Canada	577	BACOMCA	false
200.133.116.170	unknown	Brazil	1916	AssociacaoRedeNacionaldeEnsinoePesquisaBR	false
160.194.248.96	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
183.153.123.185	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
61.58.219.52	unknown	Taiwan; Republic of China (ROC)	9676	SAVECOM-TWSaveComInternationIncTW	false
93.7.2.230	unknown	France	15557	LDCOMNETFR	false
35.184.32.6	unknown	United States	15169	GOOGLEUS	false
113.171.247.190	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
170.11.192.63	unknown	United States	1621	ASN-SECURIANUS	false
190.205.79.171	unknown	Venezuela	8048	CANTVServiciosVenezuelaVE	false
104.169.169.5	unknown	United States	5650	FRONTIER-FRTRUS	false
206.155.113.41	unknown	United States	23280	OS33US	false
8.222.72.242	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
52.168.74.222	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.154.57.240	unknown	Reserved	26445	BNCUS	false
39.180.65.78	unknown	China	56041	CMNET-ZHEJIANG-APChinaMobilecommunicationscorporationC	false
47.42.232.95	unknown	United States	20115	CHARTER-20115US	false
121.180.167.109	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
220.70.36.136	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
147.118.233.65	unknown	United States	10370	NORTHWEST-AIRLINESUS	false
36.37.168.145	unknown	Cambodia	38623	VIETTELCAMBODIA-AS-APISPIXPINCAMBODIAWITHTHEBESTVERV	false
98.10.209.90	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
126.68.137.13	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
76.207.131.216	unknown	United States	7018	ATT-INTERNET4US	false
12.88.113.233	unknown	United States	7018	ATT-INTERNET4US	false
161.252.64.155	unknown	Kuwait	42781	ZNETAS-KW	false
64.151.37.208	unknown	United States	18712	SUREWEST-KANSASUS	false
113.148.217.183	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
110.129.234.181	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
210.239.174.147	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
107.170.128.159	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
134.198.98.189	unknown	United States	36269	UOFSCRANTONUS	false
53.152.119.186	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
143.250.200.104	unknown	United States	27064	DNIC-ASBLK-27032-27159US	false
178.73.57.176	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
93.43.182.90	unknown	Italy	12874	FASTWEBIT	false
126.83.62.95	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
58.49.78.172	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
71.207.148.163	unknown	United States	7922	COMCAST-7922US	false
114.69.243.149	unknown	India	18002	WORLDPHONE-INASNumberforInterdomainRoutingIN	false
113.105.112.161	unknown	China	58466	CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN	false
196.147.109.227	unknown	Egypt	36935	Vodafone-EG	false
189.227.237.82	unknown	Mexico	8151	UninetSAdeCVMX	false
100.158.41.172	unknown	United States	21928	T-MOBILE-AS21928US	false
169.151.182.215	unknown	United States	2386	INS-ASUS	false
134.31.121.145	unknown	Canada	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
92.255.42.53	unknown	Russian Federation	205282	RUSENRESRU	false
179.120.163.203	unknown	Brazil	26615	TIMSABR	false
137.175.34.2	unknown	United States	54600	PEGTECHINCUS	false
112.44.125.146	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
50.206.19.177	unknown	United States	7922	COMCAST-7922US	false
92.96.166.207	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
74.112.91.89	unknown	Canada	63350	FONCLOUDCA	false
37.251.157.124	unknown	Romania	34358	WEBCLASSITRO	false
39.29.180.17	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
19.57.4.154	unknown	United States	3	MIT-GATEWAYSUS	false
162.199.226.9	unknown	United States	7018	ATT-INTERNET4US	false
135.198.43.75	unknown	United States	8190	MDNXGB	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.261140366553239
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	HTUyCRuDev.elf
File size:	61'432 bytes
MD5:	cdfd23d13080c787cf5784248d62133f
SHA1:	92244f7c8392ac821276be00de438806e9eba4c7
SHA256:	4dc3b6dc4cfda3cd8762083e96f394bae961573ffa269f961737a4ce6705c79f
SHA512:	b97efa9f5590bae9239f2e75ecf45980281d3e54ec40cf61965d38d664d6ddb0ac3892789bfa3780d00de7cc6e2553ef32403ad01ed06d3d93ac4e1f8a9dad46
SSDEEP:	768:neT+6JhUvtNaEVG1xPgj2x9+iGCvYN1ul8yXLyCIlqXxXv2XWFGN:nInQvtNFG1xIjeWvNUl8yXx2qBvyTN
TLSH:	21534E96B401AD3CFC5BE6BD40165A19FA313B3016A30F5B9BA7FC839C321A6DD16D41
File Content Preview:	.ELF.......................D...4...h.....4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9...(f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........(N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	61032
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xdfd6	0x0	0x6	AX	4
.fini	PROGBITS	0x8000e07e	0xe07e	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000e08c	0xe08c	0xb6e	0x0	0x2	A	2
.ctors	PROGBITS	0x80010c00	0xec00	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80010c08	0xec08	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x80010c14	0xec14	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x80010e28	0xee28	0x2a8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xee28	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0xebfa	0xebfa	6.2931	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0xec00	0x80010c00	0x80010c00	0x228	0x4d0	3.0392	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 13, 2024 19:36:13.470504045 CEST	43928	443	192.168.2.23	91.189.91.42
Jun 13, 2024 19:36:14.814646006 CEST	36546	9931	192.168.2.23	147.78.103.47
Jun 13, 2024 19:36:14.820075035 CEST	9931	36546	147.78.103.47	192.168.2.23
Jun 13, 2024 19:36:14.820177078 CEST	36546	9931	192.168.2.23	147.78.103.47
Jun 13, 2024 19:36:14.834691048 CEST	23879	2323	192.168.2.23	101.246.247.34
Jun 13, 2024 19:36:14.834731102 CEST	23879	23	192.168.2.23	123.237.200.34
Jun 13, 2024 19:36:14.834745884 CEST	23879	23	192.168.2.23	156.199.253.162
Jun 13, 2024 19:36:14.834747076 CEST	23879	23	192.168.2.23	75.177.211.33
Jun 13, 2024 19:36:14.834757090 CEST	23879	23	192.168.2.23	204.228.177.112
Jun 13, 2024 19:36:14.834764957 CEST	23879	23	192.168.2.23	78.55.208.33
Jun 13, 2024 19:36:14.834772110 CEST	23879	23	192.168.2.23	42.250.209.51
Jun 13, 2024 19:36:14.834785938 CEST	23879	23	192.168.2.23	150.89.44.147
Jun 13, 2024 19:36:14.834801912 CEST	23879	23	192.168.2.23	128.222.86.92
Jun 13, 2024 19:36:14.834821939 CEST	23879	2323	192.168.2.23	106.95.241.245
Jun 13, 2024 19:36:14.834821939 CEST	23879	23	192.168.2.23	73.168.241.230
Jun 13, 2024 19:36:14.834827900 CEST	23879	23	192.168.2.23	111.16.142.215
Jun 13, 2024 19:36:14.834836960 CEST	23879	23	192.168.2.23	98.163.160.169
Jun 13, 2024 19:36:14.834840059 CEST	23879	23	192.168.2.23	91.169.89.0
Jun 13, 2024 19:36:14.834853888 CEST	23879	23	192.168.2.23	205.125.0.234
Jun 13, 2024 19:36:14.834853888 CEST	23879	23	192.168.2.23	201.155.129.126
Jun 13, 2024 19:36:14.834855080 CEST	23879	23	192.168.2.23	183.191.203.221
Jun 13, 2024 19:36:14.834855080 CEST	23879	23	192.168.2.23	196.122.33.244
Jun 13, 2024 19:36:14.834858894 CEST	23879	23	192.168.2.23	195.210.29.254
Jun 13, 2024 19:36:14.834868908 CEST	23879	23	192.168.2.23	191.243.20.122
Jun 13, 2024 19:36:14.834876060 CEST	23879	2323	192.168.2.23	168.252.50.172
Jun 13, 2024 19:36:14.834876060 CEST	23879	23	192.168.2.23	144.139.1.102
Jun 13, 2024 19:36:14.834887028 CEST	23879	23	192.168.2.23	85.49.141.210
Jun 13, 2024 19:36:14.834903955 CEST	23879	23	192.168.2.23	97.91.11.243
Jun 13, 2024 19:36:14.834909916 CEST	23879	23	192.168.2.23	152.172.14.171
Jun 13, 2024 19:36:14.834923983 CEST	23879	23	192.168.2.23	183.182.153.35
Jun 13, 2024 19:36:14.834932089 CEST	23879	23	192.168.2.23	54.16.196.2
Jun 13, 2024 19:36:14.834945917 CEST	23879	23	192.168.2.23	124.54.183.186
Jun 13, 2024 19:36:14.834949970 CEST	23879	23	192.168.2.23	167.241.117.66
Jun 13, 2024 19:36:14.834949970 CEST	23879	23	192.168.2.23	131.230.161.24
Jun 13, 2024 19:36:14.834959030 CEST	23879	23	192.168.2.23	81.231.16.241
Jun 13, 2024 19:36:14.834961891 CEST	23879	2323	192.168.2.23	63.209.76.37
Jun 13, 2024 19:36:14.834969044 CEST	23879	23	192.168.2.23	71.145.108.147
Jun 13, 2024 19:36:14.834979057 CEST	23879	23	192.168.2.23	200.36.140.53
Jun 13, 2024 19:36:14.834980965 CEST	23879	23	192.168.2.23	157.180.219.161
Jun 13, 2024 19:36:14.834985018 CEST	23879	23	192.168.2.23	57.107.162.192
Jun 13, 2024 19:36:14.834994078 CEST	23879	23	192.168.2.23	186.162.10.220
Jun 13, 2024 19:36:14.835007906 CEST	23879	23	192.168.2.23	50.30.164.239
Jun 13, 2024 19:36:14.835007906 CEST	23879	23	192.168.2.23	169.87.5.77
Jun 13, 2024 19:36:14.835028887 CEST	23879	2323	192.168.2.23	50.180.220.42
Jun 13, 2024 19:36:14.835031986 CEST	23879	23	192.168.2.23	82.90.211.127
Jun 13, 2024 19:36:14.835041046 CEST	23879	23	192.168.2.23	44.116.253.51
Jun 13, 2024 19:36:14.835053921 CEST	23879	23	192.168.2.23	24.233.116.49
Jun 13, 2024 19:36:14.835055113 CEST	23879	23	192.168.2.23	182.244.43.78
Jun 13, 2024 19:36:14.835057020 CEST	23879	23	192.168.2.23	202.150.199.206
Jun 13, 2024 19:36:14.835072994 CEST	23879	23	192.168.2.23	8.189.254.195
Jun 13, 2024 19:36:14.835072994 CEST	23879	23	192.168.2.23	43.163.80.240
Jun 13, 2024 19:36:14.835074902 CEST	23879	23	192.168.2.23	94.4.27.44
Jun 13, 2024 19:36:14.835093021 CEST	23879	23	192.168.2.23	222.144.106.110
Jun 13, 2024 19:36:14.835093021 CEST	23879	2323	192.168.2.23	211.10.230.95
Jun 13, 2024 19:36:14.835097075 CEST	23879	23	192.168.2.23	2.44.84.244
Jun 13, 2024 19:36:14.835098028 CEST	23879	23	192.168.2.23	86.207.199.207
Jun 13, 2024 19:36:14.835097075 CEST	23879	23	192.168.2.23	20.154.176.146
Jun 13, 2024 19:36:14.835099936 CEST	23879	23	192.168.2.23	138.161.120.28
Jun 13, 2024 19:36:14.835113049 CEST	23879	23	192.168.2.23	41.95.84.196
Jun 13, 2024 19:36:14.835114002 CEST	23879	23	192.168.2.23	212.40.145.12
Jun 13, 2024 19:36:14.835119963 CEST	23879	23	192.168.2.23	199.151.43.111
Jun 13, 2024 19:36:14.835128069 CEST	23879	23	192.168.2.23	91.130.146.91
Jun 13, 2024 19:36:14.835138083 CEST	23879	23	192.168.2.23	210.16.6.79
Jun 13, 2024 19:36:14.835140944 CEST	23879	2323	192.168.2.23	64.206.147.37
Jun 13, 2024 19:36:14.835153103 CEST	23879	23	192.168.2.23	119.46.27.139
Jun 13, 2024 19:36:14.835158110 CEST	23879	23	192.168.2.23	118.2.143.80
Jun 13, 2024 19:36:14.835160971 CEST	23879	23	192.168.2.23	125.8.176.62
Jun 13, 2024 19:36:14.835175037 CEST	23879	23	192.168.2.23	89.95.23.84
Jun 13, 2024 19:36:14.835177898 CEST	23879	23	192.168.2.23	46.245.7.182
Jun 13, 2024 19:36:14.835191965 CEST	23879	23	192.168.2.23	184.128.37.197
Jun 13, 2024 19:36:14.835212946 CEST	23879	23	192.168.2.23	210.128.75.7
Jun 13, 2024 19:36:14.835222006 CEST	23879	23	192.168.2.23	217.242.67.195
Jun 13, 2024 19:36:14.835227013 CEST	23879	23	192.168.2.23	168.79.68.186
Jun 13, 2024 19:36:14.835227013 CEST	23879	2323	192.168.2.23	2.151.210.196
Jun 13, 2024 19:36:14.835232019 CEST	23879	23	192.168.2.23	158.172.213.245
Jun 13, 2024 19:36:14.835242033 CEST	23879	23	192.168.2.23	109.23.117.111
Jun 13, 2024 19:36:14.835242033 CEST	23879	23	192.168.2.23	205.239.115.121
Jun 13, 2024 19:36:14.835269928 CEST	23879	23	192.168.2.23	107.87.69.110
Jun 13, 2024 19:36:14.835278034 CEST	23879	23	192.168.2.23	78.131.161.76
Jun 13, 2024 19:36:14.835278034 CEST	23879	23	192.168.2.23	115.43.240.228
Jun 13, 2024 19:36:14.835278034 CEST	23879	23	192.168.2.23	45.32.97.24
Jun 13, 2024 19:36:14.835288048 CEST	23879	23	192.168.2.23	62.23.52.143
Jun 13, 2024 19:36:14.835298061 CEST	23879	23	192.168.2.23	31.66.96.162
Jun 13, 2024 19:36:14.835318089 CEST	23879	23	192.168.2.23	52.135.205.184
Jun 13, 2024 19:36:14.835319042 CEST	23879	2323	192.168.2.23	98.30.232.32
Jun 13, 2024 19:36:14.835319042 CEST	23879	23	192.168.2.23	140.192.225.94
Jun 13, 2024 19:36:14.835325003 CEST	23879	23	192.168.2.23	176.150.39.188
Jun 13, 2024 19:36:14.835330009 CEST	23879	23	192.168.2.23	37.75.166.93
Jun 13, 2024 19:36:14.835345984 CEST	23879	23	192.168.2.23	58.111.203.186
Jun 13, 2024 19:36:14.835349083 CEST	23879	23	192.168.2.23	18.237.207.174
Jun 13, 2024 19:36:14.835351944 CEST	23879	23	192.168.2.23	82.165.131.69
Jun 13, 2024 19:36:14.835369110 CEST	23879	23	192.168.2.23	109.43.220.228
Jun 13, 2024 19:36:14.835370064 CEST	23879	23	192.168.2.23	25.86.187.211
Jun 13, 2024 19:36:14.835370064 CEST	23879	2323	192.168.2.23	177.85.62.157
Jun 13, 2024 19:36:14.835377932 CEST	23879	23	192.168.2.23	165.166.209.137
Jun 13, 2024 19:36:14.835377932 CEST	23879	23	192.168.2.23	91.96.38.180
Jun 13, 2024 19:36:14.835381031 CEST	23879	23	192.168.2.23	177.70.41.156
Jun 13, 2024 19:36:14.835405111 CEST	23879	23	192.168.2.23	186.209.254.205
Jun 13, 2024 19:36:14.835407019 CEST	23879	23	192.168.2.23	96.156.44.167
Jun 13, 2024 19:36:14.835407972 CEST	23879	23	192.168.2.23	114.179.47.155

System Behavior

Analysis Process: HTUyCRuDev.elf PID: 6210, Parent PID: 6122

General

Start time (UTC):	17:36:13
Start date (UTC):	13/06/2024
Path:	/tmp/HTUyCRuDev.elf
Arguments:	/tmp/HTUyCRuDev.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: HTUyCRuDev.elf PID: 6212, Parent PID: 6210

General

Start time (UTC):	17:36:13
Start date (UTC):	13/06/2024
Path:	/tmp/HTUyCRuDev.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: HTUyCRuDev.elf PID: 6213, Parent PID: 6210

General

Start time (UTC):	17:36:13
Start date (UTC):	13/06/2024
Path:	/tmp/HTUyCRuDev.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: HTUyCRuDev.elf PID: 6216, Parent PID: 6213

General

Start time (UTC):	17:36:13
Start date (UTC):	13/06/2024
Path:	/tmp/HTUyCRuDev.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: HTUyCRuDev.elf PID: 6217, Parent PID: 6213

General

Start time (UTC):	17:36:13
Start date (UTC):	13/06/2024
Path:	/tmp/HTUyCRuDev.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report HTUyCRuDev.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: HTUyCRuDev.elf PID: 6210, Parent PID: 6122

General

Analysis Process: HTUyCRuDev.elf PID: 6212, Parent PID: 6210

General

Analysis Process: HTUyCRuDev.elf PID: 6213, Parent PID: 6210

General

Analysis Process: HTUyCRuDev.elf PID: 6216, Parent PID: 6213

General

Analysis Process: HTUyCRuDev.elf PID: 6217, Parent PID: 6213

General

Linux Analysis Report
HTUyCRuDev.elf