Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.m68k.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.m68k.elf
Analysis ID:	1581064
MD5:	66a180c32017012ec4c189f8494242fa
SHA1:	274219448fda71b2808e39da6b27cfffcadfd38b
SHA256:	45570708bdd25741bfdeece0da98498174385ebb2182590e76ccbfcd763f617b
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581064
Start date and time:	2024-12-26 22:02:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.m68k.elf
Detection:	MAL
Classification:	mal72.troj.linELF@0/0@0/0

Warnings

VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.m68k.elf

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
PID:	5483
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483, Parent: 5410, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf

ub8ehJSePAfc9FYqZIT6.m68k.elf New Fork (PID: 5485, Parent: 5483)

ub8ehJSePAfc9FYqZIT6.m68k.elf New Fork (PID: 5487, Parent: 5485)

ub8ehJSePAfc9FYqZIT6.m68k.elf New Fork (PID: 5488, Parent: 5485)

ub8ehJSePAfc9FYqZIT6.m68k.elf New Fork (PID: 5497, Parent: 5483)

ub8ehJSePAfc9FYqZIT6.m68k.elf New Fork (PID: 5498, Parent: 5483)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ub8ehJSePAfc9FYqZIT6.m68k.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
ub8ehJSePAfc9FYqZIT6.m68k.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
5487.1.00007f7164001000.00007f7164019000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5487.1.00007f7164001000.00007f7164019000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5497.1.00007f7164001000.00007f7164019000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5497.1.00007f7164001000.00007f7164019000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5485.1.00007f7164001000.00007f7164019000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5485.1.00007f7164001000.00007f7164019000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5483.1.00007f7164001000.00007f7164019000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5483.1.00007f7164001000.00007f7164019000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x151af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1523b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1524f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1528b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1529f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x152ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1532b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1533f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xba79:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xba8d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbaa1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbab5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbac9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbadd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbaf1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb05:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb2d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb41:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb55:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb69:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb7d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbb91:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbba5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbb9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbcd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbe1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbf5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbc09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x43c1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x43d5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x43e9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x43fd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4411:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4425:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4439:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x444d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4461:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4475:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4489:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x449d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x44b1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x44c5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x44d9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x44ed:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4501:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4515:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4529:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x453d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x4551:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xce8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcfc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xdec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xe78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 11 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ub8ehJSePAfc9FYqZIT6.m68k.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.m68k.elf

ReversingLabs: Detection: 65%

Source: global traffic

TCP traffic: 192.168.2.14:55782 -> 92.118.56.167:3778

Source: global traffic

TCP traffic: 192.168.2.14:46540 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167
Source: unknown	TCP traffic detected without corresponding DNS query: 92.118.56.167

Source: unknown

Network traffic detected: HTTP traffic on port 46540 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5487.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5497.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5485.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5483.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog92.118.56.167

Source: ELF static info symbol of initial sample

.symtab present: no

Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5487.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5497.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5485.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5483.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.troj.linELF@0/0@0/0

Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1583/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/2672/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1577/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3752/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3753/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3754/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3755/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1593/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3094/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3406/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1589/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3402/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/806/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/807/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/928/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/135/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/3412/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/1371/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/260/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/261/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)	File opened: /proc/262/status	Jump to behavior

Source: /tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf (PID: 5483)

Queries kernel information via 'uname':

Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 5483.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5485.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5487.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5497.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 5483.1.0000555baedfa000.0000555baee82000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5485.1.0000555baedfa000.0000555baee5e000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5487.1.0000555baedfa000.0000555baee5e000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5497.1.0000555baedfa000.0000555baee82000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 5483.1.0000555baedfa000.0000555baee82000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5485.1.0000555baedfa000.0000555baee5e000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5487.1.0000555baedfa000.0000555baee5e000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5497.1.0000555baedfa000.0000555baee82000.rw-.sdmp	Binary or memory string: [U!/etc/qemu-binfmt/m68k
Source: ub8ehJSePAfc9FYqZIT6.m68k.elf, 5483.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5485.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5487.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.m68k.elf, 5497.1.00007ffc33b91000.00007ffc33bb2000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE
Source: Yara match	File source: 5487.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5497.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5485.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5483.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: ub8ehJSePAfc9FYqZIT6.m68k.elf, type: SAMPLE
Source: Yara match	File source: 5487.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5497.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5485.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5483.1.00007f7164001000.00007f7164019000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ub8ehJSePAfc9FYqZIT6.m68k.elf	66%	ReversingLabs	Linux.Trojan.Mirai
ub8ehJSePAfc9FYqZIT6.m68k.elf	100%	Avira	LINUX/Mirai.bonb

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false
92.118.56.167	unknown	Germany		9009	M247GB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
185.125.190.26	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	byte.arm5.elf	Get hash	malicious	Unknown	Browse
	wlw68k.elf	Get hash	malicious	Mirai	Browse
	main_mips.elf	Get hash	malicious	Mirai	Browse
	main_x86.elf	Get hash	malicious	Mirai	Browse
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
	Aqua.i686.elf	Get hash	malicious	Unknown	Browse
	Aqua.ppc.elf	Get hash	malicious	Unknown	Browse
92.118.56.167	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse
92.118.56.167	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	win.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	boatnet.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	most-m68k.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
M247GB	ub8ehJSePAfc9FYqZIT6.i686.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	http://au.kirmalk.com/watch.php?vid=7750fd3c8	Get hash	malicious	Unknown	Browse	38.132.109.126
	nklppc.elf	Get hash	malicious	Unknown	Browse	193.160.72.174
	https://en.newsnowbangla.com/archives/69912	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	45.10.162.162
	arm.elf	Get hash	malicious	Unknown	Browse	92.249.48.36
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	38.204.189.65
	hmips.elf	Get hash	malicious	Mirai	Browse	38.207.37.102
	nshppc.elf	Get hash	malicious	Mirai	Browse	185.120.145.21
	la.bot.powerpc.elf	Get hash	malicious	Mirai	Browse	196.18.78.47

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.276114470513515
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ub8ehJSePAfc9FYqZIT6.m68k.elf
File size:	97'552 bytes
MD5:	66a180c32017012ec4c189f8494242fa
SHA1:	274219448fda71b2808e39da6b27cfffcadfd38b
SHA256:	45570708bdd25741bfdeece0da98498174385ebb2182590e76ccbfcd763f617b
SHA512:	eb9d5f5f796b50b454f8f4b51ca414a72224d7c72867c9f62816a8f4d491d8487855ac6a318ec291e4698eed21677f2521507b33a83e6808389232d5eaa5663a
SSDEEP:	1536:ry9srCNMjSqaNElmnwzX8/EqXabQeuacWjcW0JcWcBl4rZpipI4WlV/N4zfVZol+:ryqrzjSq+OXqqbQeuacWjcW0JcWcBSrO
TLSH:	809329C7F811ED7EF80BD67748A34D0E7571F2A00A930A327767BA67AC760A5141BD82
File Content Preview:	.ELF.......................D...4..{......4. ...(......................x...x....... .......x............x..*....... .dt.Q............................NV..a....da...P N^NuNV..J9...@f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........@N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	97152
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0x1504a	0x0	0x6	AX	4
.fini	PROGBITS	0x800150f2	0x150f2	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x80015100	0x15100	0x27c1	0x0	0x2	A	2
.ctors	PROGBITS	0x800198c8	0x178c8	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x800198d0	0x178d0	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x800198dc	0x178dc	0x264	0x0	0x3	WA	4
.bss	NOBITS	0x80019b40	0x17b40	0x2818	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x17b40	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x178c1	0x178c1	6.2917	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x178c8	0x800198c8	0x800198c8	0x278	0x2a90	3.6517	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 22:02:51.623198032 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:51.893619061 CET	3778	55782	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:51.893717051 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:51.895474911 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:52.014880896 CET	3778	55782	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:52.014924049 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:52.134398937 CET	3778	55782	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:53.157857895 CET	3778	55782	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:53.158396959 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.158396959 CET	55782	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.159070969 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.278642893 CET	3778	55784	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:53.278922081 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.279983997 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.399496078 CET	3778	55784	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:53.399595976 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:53.519067049 CET	3778	55784	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:54.510026932 CET	3778	55784	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:54.510525942 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.510525942 CET	55784	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.510838985 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.630335093 CET	3778	55786	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:54.633678913 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.633678913 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.753484964 CET	3778	55786	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:54.753693104 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:54.873167038 CET	3778	55786	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:55.866508007 CET	3778	55786	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:55.866660118 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:55.866660118 CET	55786	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:55.867264986 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:55.986749887 CET	3778	55788	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:55.987010002 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:55.988078117 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:56.107597113 CET	3778	55788	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:56.107696056 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:56.227471113 CET	3778	55788	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:57.231489897 CET	3778	55788	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:57.231654882 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.231654882 CET	55788	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.232224941 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.351834059 CET	3778	55790	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:57.351933956 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.353136063 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.472631931 CET	3778	55790	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:57.472707033 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:57.592273951 CET	3778	55790	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.052848101 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.172480106 CET	3778	55792	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.172540903 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.174458027 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.293965101 CET	3778	55792	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.294240952 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.413733959 CET	3778	55792	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.588402033 CET	3778	55790	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.588785887 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.588785887 CET	55790	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.589335918 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.708781958 CET	3778	55794	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.709001064 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.709970951 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.829399109 CET	3778	55794	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:58.829483032 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:58.949037075 CET	3778	55794	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.405711889 CET	3778	55792	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.405988932 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.406363010 CET	55792	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.407084942 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.526650906 CET	3778	55796	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.526880980 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.527981043 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.647603035 CET	3778	55796	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.647831917 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.768476963 CET	3778	55796	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.939564943 CET	3778	55794	92.118.56.167	192.168.2.14
Dec 26, 2024 22:02:59.939929008 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.939929008 CET	55794	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:02:59.940572023 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.060180902 CET	3778	55798	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.060293913 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.061460972 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.180989027 CET	3778	55798	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.181315899 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.554035902 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.752301931 CET	3778	55798	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.752336979 CET	3778	55798	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.761358976 CET	3778	55796	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.761584997 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.761584997 CET	55796	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.762250900 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.881916046 CET	3778	55800	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:00.882076025 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:00.883181095 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.004671097 CET	3778	55800	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:01.004757881 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.125658035 CET	3778	55800	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:01.292560101 CET	3778	55798	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:01.292855978 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.292855978 CET	55798	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.294162035 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.413633108 CET	3778	55802	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:01.413933992 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.414793015 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.534339905 CET	3778	55802	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:01.534420967 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:01.654052019 CET	3778	55802	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.120280981 CET	3778	55800	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.120534897 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.120534897 CET	55800	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.121226072 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.240829945 CET	3778	55804	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.240951061 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.242018938 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.361583948 CET	3778	55804	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.361901045 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.481452942 CET	3778	55804	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.652453899 CET	3778	55802	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.652910948 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.652910948 CET	55802	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.653534889 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.773145914 CET	3778	55806	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.773412943 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.774346113 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:02.893851995 CET	3778	55806	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:02.894171953 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.013688087 CET	3778	55806	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:03.178071976 CET	46540	443	192.168.2.14	185.125.190.26
Dec 26, 2024 22:03:03.496308088 CET	3778	55804	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:03.496572971 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.496572971 CET	55804	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.497312069 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.616887093 CET	3778	55808	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:03.617144108 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.618033886 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:03.738420963 CET	3778	55808	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:03.738619089 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.091358900 CET	3778	55806	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.091406107 CET	3778	55808	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.091655016 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.091793060 CET	55806	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.092394114 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.211935997 CET	3778	55810	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.212069988 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.213255882 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.332717896 CET	3778	55810	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.332936049 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.452697992 CET	3778	55810	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.848268032 CET	3778	55808	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.848521948 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.848651886 CET	55808	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.849366903 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.968956947 CET	3778	55812	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:04.969189882 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:04.970232964 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.089673042 CET	3778	55812	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:05.089973927 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.209709883 CET	3778	55812	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:05.441343069 CET	3778	55810	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:05.441565990 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.441688061 CET	55810	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.442423105 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.561933041 CET	3778	55814	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:05.562149048 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.563232899 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.682679892 CET	3778	55814	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:05.682888031 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:05.802330017 CET	3778	55814	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.222764969 CET	3778	55812	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.222964048 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.223011971 CET	55812	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.223613024 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.343163013 CET	3778	55816	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.343483925 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.344599962 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.464308977 CET	3778	55816	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.464526892 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.584163904 CET	3778	55816	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.791827917 CET	3778	55814	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.792083025 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.792083025 CET	55814	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.792495012 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.912144899 CET	3778	55818	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:06.912400961 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:06.913228035 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.032888889 CET	3778	55818	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:07.033001900 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.152774096 CET	3778	55818	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:07.631592035 CET	3778	55816	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:07.631855965 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.631855965 CET	55816	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.632327080 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.751879930 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:07.752053022 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.753025055 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.872654915 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:07.872728109 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:07.992189884 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:08.202960014 CET	3778	55818	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:08.203130960 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.203274965 CET	55818	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.203852892 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.323301077 CET	3778	55822	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:08.323441982 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.324753046 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.444189072 CET	3778	55822	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:08.444319010 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:08.563802958 CET	3778	55822	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:09.662679911 CET	3778	55822	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:09.662884951 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:09.662884951 CET	55822	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:09.663650036 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:09.783139944 CET	3778	55824	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:09.783377886 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:09.784461975 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:09.903899908 CET	3778	55824	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:09.904095888 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:10.023778915 CET	3778	55824	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:11.013252974 CET	3778	55824	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:11.013571024 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.013608932 CET	55824	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.014311075 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.134907007 CET	3778	55826	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:11.135075092 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.135799885 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.255150080 CET	3778	55826	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:11.255343914 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:11.374804974 CET	3778	55826	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:12.421546936 CET	3778	55826	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:12.421761990 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.421761990 CET	55826	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.422246933 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.541846037 CET	3778	55828	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:12.542079926 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.543171883 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.905524015 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:12.910257101 CET	3778	55828	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:13.025196075 CET	3778	55828	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:14.145194054 CET	3778	55828	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:14.145392895 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.145477057 CET	55828	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.146070004 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.265537977 CET	3778	55830	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:14.265660048 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.266666889 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.386142015 CET	3778	55830	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:14.386249065 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:14.505914927 CET	3778	55830	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:15.495054007 CET	3778	55830	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:15.495301008 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.495301962 CET	55830	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.495898008 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.615392923 CET	3778	55832	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:15.615693092 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.617126942 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.736510038 CET	3778	55832	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:15.736677885 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:15.856115103 CET	3778	55832	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:16.844711065 CET	3778	55832	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:16.844990969 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:16.845029116 CET	55832	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:16.846052885 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:16.965507984 CET	3778	55834	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:16.965634108 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:16.967199087 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:17.086625099 CET	3778	55834	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:17.086745024 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:17.206389904 CET	3778	55834	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:17.763097048 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:17.882904053 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:18.121500969 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:18.121912003 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.195327997 CET	3778	55834	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:18.195540905 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.195955038 CET	55834	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.196719885 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.317262888 CET	3778	55836	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:18.317485094 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.318666935 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.438774109 CET	3778	55836	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:18.439017057 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:18.558759928 CET	3778	55836	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:19.787353039 CET	3778	55836	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:19.787472963 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:19.787542105 CET	55836	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:19.788274050 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:19.907771111 CET	3778	55838	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:19.907996893 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:19.909512043 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:20.028964043 CET	3778	55838	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:20.029139996 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:20.148813009 CET	3778	55838	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:21.400496960 CET	3778	55838	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:21.400731087 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.400981903 CET	55838	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.402033091 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.521444082 CET	3778	55840	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:21.521684885 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.523122072 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.644994020 CET	3778	55840	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:21.645091057 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:21.764559031 CET	3778	55840	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:22.806929111 CET	3778	55840	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:22.807183981 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:22.807183981 CET	55840	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:22.808006048 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:22.927398920 CET	3778	55842	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:22.927584887 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:22.928901911 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:23.048310995 CET	3778	55842	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:23.048430920 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:23.168199062 CET	3778	55842	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:24.228118896 CET	3778	55842	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:24.228359938 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.228423119 CET	55842	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.229141951 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.349374056 CET	3778	55844	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:24.349567890 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.351078033 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.472584963 CET	3778	55844	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:24.472737074 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:24.592696905 CET	3778	55844	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:25.631906986 CET	3778	55844	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:25.632019997 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.632169008 CET	55844	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.632970095 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.752415895 CET	3778	55846	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:25.752541065 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.753866911 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.873275995 CET	3778	55846	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:25.873373985 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:25.993010044 CET	3778	55846	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:26.987158060 CET	3778	55846	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:26.987292051 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:26.987292051 CET	55846	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:26.987938881 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:27.107464075 CET	3778	55848	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:27.107563972 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:27.108625889 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:27.228059053 CET	3778	55848	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:27.228128910 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:27.347697020 CET	3778	55848	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:28.354419947 CET	3778	55848	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:28.354526997 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.354584932 CET	55848	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.355099916 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.474569082 CET	3778	55850	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:28.474651098 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.475296974 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.594733953 CET	3778	55850	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:28.594814062 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:28.714534044 CET	3778	55850	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:29.703902006 CET	3778	55850	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:29.704125881 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:29.704197884 CET	55850	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:29.705235958 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:29.824722052 CET	3778	55852	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:29.825010061 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:29.826489925 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:30.216828108 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:30.379055023 CET	3778	55852	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:30.379074097 CET	3778	55852	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:31.489217043 CET	3778	55852	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:31.489368916 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.489566088 CET	55852	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.490400076 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.610058069 CET	3778	55854	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:31.610177994 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.611125946 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.730720043 CET	3778	55854	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:31.730854034 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:31.850400925 CET	3778	55854	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:32.839663982 CET	3778	55854	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:32.839982986 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:32.840106964 CET	55854	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:32.841247082 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:32.960783958 CET	3778	55856	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:32.960932016 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:32.962466955 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:33.081923008 CET	3778	55856	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:33.082026958 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:33.201519012 CET	3778	55856	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:33.640671015 CET	46540	443	192.168.2.14	185.125.190.26
Dec 26, 2024 22:03:34.226752996 CET	3778	55856	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:34.227010012 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.227045059 CET	55856	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.227807045 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.347626925 CET	3778	55858	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:34.347738981 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.348853111 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.468341112 CET	3778	55858	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:34.468478918 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:34.588049889 CET	3778	55858	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:35.644129038 CET	3778	55858	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:35.644434929 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:35.644577980 CET	55858	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:35.645394087 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:35.764802933 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:35.764883995 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:35.766237020 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:35.885798931 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:35.885884047 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:36.005364895 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.056828976 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.056978941 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.057003975 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.057653904 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.659406900 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.659446001 CET	3778	55860	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.659528971 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.659528971 CET	55860	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.659579992 CET	3778	55862	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.659734011 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.660818100 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.780261993 CET	3778	55862	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:37.780497074 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:37.900111914 CET	3778	55862	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:38.890268087 CET	3778	55862	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:38.890435934 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:38.890686989 CET	55862	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:38.891460896 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:39.011044025 CET	3778	55864	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:39.011285067 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:39.012748003 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:39.132229090 CET	3778	55864	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:39.132455111 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:39.252042055 CET	3778	55864	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:40.241638899 CET	3778	55864	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:40.241980076 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.242060900 CET	55864	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.242794037 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.362570047 CET	3778	55866	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:40.362667084 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.364145041 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.483594894 CET	3778	55866	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:40.483680010 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:40.603229046 CET	3778	55866	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:41.591890097 CET	3778	55866	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:41.591986895 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.592053890 CET	55866	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.592578888 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.712060928 CET	3778	55868	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:41.712184906 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.713197947 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.832638025 CET	3778	55868	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:41.832739115 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:41.952301025 CET	3778	55868	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:42.973126888 CET	3778	55868	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:42.973280907 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:42.973280907 CET	55868	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:42.973895073 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:43.093595028 CET	3778	55870	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:43.093683958 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:43.094829082 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:43.214468956 CET	3778	55870	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:43.214540958 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:43.334285021 CET	3778	55870	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:44.321099997 CET	3778	55870	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:44.321338892 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.321338892 CET	55870	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.321963072 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.442708015 CET	3778	55872	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:44.442816019 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.443619967 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.563132048 CET	3778	55872	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:44.563333988 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:44.684041977 CET	3778	55872	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:45.705471992 CET	3778	55872	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:45.705615997 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:45.705696106 CET	55872	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:45.706258059 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:45.825854063 CET	3778	55874	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:45.825977087 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:45.826832056 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:45.946356058 CET	3778	55874	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:45.946563005 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:46.066154957 CET	3778	55874	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:47.056457996 CET	3778	55874	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:47.056674004 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.056756020 CET	55874	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.057482004 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.177053928 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:47.177153111 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.178005934 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.297441959 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:47.297549963 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:47.417164087 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.687684059 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.687702894 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.687901020 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.687901020 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.687921047 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.688478947 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.803607941 CET	3778	55876	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.803761959 CET	55876	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.808000088 CET	3778	55878	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.808213949 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.809689045 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:48.929600000 CET	3778	55878	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:48.929733038 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:49.049789906 CET	3778	55878	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:50.039462090 CET	3778	55878	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:50.039750099 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.039781094 CET	55878	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.040390968 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.160017967 CET	3778	55880	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:50.160141945 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.161504984 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.281064987 CET	3778	55880	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:50.281147003 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:50.401098013 CET	3778	55880	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:51.397145033 CET	3778	55880	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:51.397418022 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.397418022 CET	55880	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.397918940 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.517446041 CET	3778	55882	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:51.517666101 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.518579006 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.638129950 CET	3778	55882	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:51.638278961 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:51.757849932 CET	3778	55882	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:52.747157097 CET	3778	55882	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:52.747387886 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:52.747458935 CET	55882	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:52.748272896 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:52.867854118 CET	3778	55884	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:52.867974043 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:52.869056940 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:52.988540888 CET	3778	55884	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:52.988662958 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:53.108338118 CET	3778	55884	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:54.097939014 CET	3778	55884	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:54.098134995 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.098182917 CET	55884	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.098746061 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.218462944 CET	3778	55886	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:54.218580961 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.219574928 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.339093924 CET	3778	55886	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:54.339194059 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:54.458865881 CET	3778	55886	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:55.506182909 CET	3778	55886	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:55.506357908 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.506434917 CET	55886	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.507163048 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.626770020 CET	3778	55888	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:55.626874924 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.627605915 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.747147083 CET	3778	55888	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:55.747251034 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:55.866868973 CET	3778	55888	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:56.914339066 CET	3778	55888	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:56.914531946 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:56.914623976 CET	55888	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:56.915457964 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:57.035332918 CET	3778	55890	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:57.035428047 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:57.036223888 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:57.155766964 CET	3778	55890	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:57.155858994 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:57.275463104 CET	3778	55890	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:58.594350100 CET	3778	55890	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:58.594512939 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.594618082 CET	55890	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.595411062 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.715087891 CET	3778	55892	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:58.715188026 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.716574907 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.836258888 CET	3778	55892	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:58.836333036 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:58.955900908 CET	3778	55892	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:59.979538918 CET	3778	55892	92.118.56.167	192.168.2.14
Dec 26, 2024 22:03:59.979856968 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:59.979856968 CET	55892	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:03:59.980623960 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:00.100179911 CET	3778	55894	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:00.100364923 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:00.101275921 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:00.220733881 CET	3778	55894	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:00.220851898 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:00.340473890 CET	3778	55894	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:01.341957092 CET	3778	55894	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:01.342102051 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.342137098 CET	55894	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.342812061 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.462430954 CET	3778	55896	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:01.462644100 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.464046001 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.583559036 CET	3778	55896	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:01.583669901 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:01.703273058 CET	3778	55896	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:02.692097902 CET	3778	55896	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:02.692426920 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:02.692508936 CET	55896	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:02.693285942 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:02.812808037 CET	3778	55898	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:02.812921047 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:02.814306974 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:02.933897018 CET	3778	55898	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:02.934015036 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:03.053554058 CET	3778	55898	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:04.045252085 CET	3778	55898	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:04.045397043 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.045430899 CET	55898	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.046036005 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.165612936 CET	3778	55900	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:04.165945053 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.167340040 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.286890030 CET	3778	55900	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:04.287101030 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:04.406631947 CET	3778	55900	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:05.408783913 CET	3778	55900	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:05.408915043 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.408957005 CET	55900	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.409496069 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.529048920 CET	3778	55902	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:05.529133081 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.530030012 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.649534941 CET	3778	55902	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:05.649633884 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:05.769130945 CET	3778	55902	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:06.759670973 CET	3778	55902	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:06.759848118 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:06.759848118 CET	55902	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:06.760379076 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:06.880404949 CET	3778	55904	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:06.880486012 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:06.881392002 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:07.001017094 CET	3778	55904	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:07.001101017 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:07.120918989 CET	3778	55904	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:08.110326052 CET	3778	55904	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:08.110426903 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.110454082 CET	55904	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.111021996 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.230662107 CET	3778	55906	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:08.230757952 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.232125044 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.351803064 CET	3778	55906	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:08.351885080 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:08.471524000 CET	3778	55906	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:09.486728907 CET	3778	55906	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:09.486907959 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:09.486907959 CET	55906	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:09.487523079 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:09.607062101 CET	3778	55908	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:09.607163906 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:09.608424902 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:09.995208025 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:10.210696936 CET	3778	55908	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:10.210789919 CET	3778	55908	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:11.321966887 CET	3778	55908	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:11.322093964 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.322129965 CET	55908	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.322765112 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.442306995 CET	3778	55910	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:11.442584991 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.443926096 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.563534021 CET	3778	55910	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:11.563680887 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:11.683185101 CET	3778	55910	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:12.672472000 CET	3778	55910	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:12.672627926 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:12.672682047 CET	55910	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:12.673381090 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:12.792867899 CET	3778	55912	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:12.793051958 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:12.794337034 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:12.913799047 CET	3778	55912	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:12.913969040 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:13.033550024 CET	3778	55912	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:14.028492928 CET	3778	55912	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:14.028842926 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.028877974 CET	55912	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.029514074 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.149008036 CET	3778	55914	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:14.149107933 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.149920940 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.269489050 CET	3778	55914	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:14.269573927 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:14.389945030 CET	3778	55914	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:15.379277945 CET	3778	55914	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:15.379394054 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.379441023 CET	55914	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.379986048 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.499536037 CET	3778	55916	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:15.499732018 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.500658989 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.620233059 CET	3778	55916	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:15.620367050 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:15.740020990 CET	3778	55916	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:16.729844093 CET	3778	55916	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:16.730117083 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:16.730202913 CET	55916	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:16.731122971 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:16.850606918 CET	3778	55918	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:16.850799084 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:16.852462053 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:16.971937895 CET	3778	55918	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:16.972142935 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:17.091897011 CET	3778	55918	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.122145891 CET	3778	55918	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.122328997 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.122370958 CET	55918	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.123275995 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.157337904 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.243000984 CET	3778	55920	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.243164062 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.244801998 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.276889086 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.364370108 CET	3778	55920	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.364563942 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:18.484250069 CET	3778	55920	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.516809940 CET	3778	55820	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:18.516880035 CET	55820	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.473040104 CET	3778	55920	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:19.473165035 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.473232985 CET	55920	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.474015951 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.593528986 CET	3778	55922	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:19.593617916 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.594645023 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.714112043 CET	3778	55922	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:19.714214087 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:19.833817959 CET	3778	55922	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:20.823131084 CET	3778	55922	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:20.823368073 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:20.823440075 CET	55922	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:20.824213982 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:20.943756104 CET	3778	55924	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:20.944053888 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:20.945420980 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:21.064918995 CET	3778	55924	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:21.065157890 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:21.184835911 CET	3778	55924	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:22.246861935 CET	3778	55924	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:22.247257948 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.247445107 CET	55924	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.248332024 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.367820978 CET	3778	55926	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:22.367938042 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.369486094 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.488936901 CET	3778	55926	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:22.489052057 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:22.608624935 CET	3778	55926	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:23.651027918 CET	3778	55926	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:23.651205063 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:23.651305914 CET	55926	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:23.652240992 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:23.771845102 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:23.772109032 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:23.773550987 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:23.892997980 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:23.893291950 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:24.012829065 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:33.783597946 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:33.903115034 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:34.560592890 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:34.560619116 CET	3778	55928	92.118.56.167	192.168.2.14
Dec 26, 2024 22:04:34.560714006 CET	55928	3778	192.168.2.14	92.118.56.167
Dec 26, 2024 22:04:34.560714006 CET	55928	3778	192.168.2.14	92.118.56.167

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, Parent PID: 5410

General

Start time (UTC):	21:02:50
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, Parent PID: 5483

General

Start time (UTC):	21:02:50
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, Parent PID: 5485

General

Start time (UTC):	21:02:50
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5488, Parent PID: 5485

General

Start time (UTC):	21:02:50
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, Parent PID: 5483

General

Start time (UTC):	21:02:56
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5498, Parent PID: 5483

General

Start time (UTC):	21:02:56
Start date (UTC):	26/12/2024
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.m68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5483, Parent PID: 5410

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5485, Parent PID: 5483

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5487, Parent PID: 5485

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5488, Parent PID: 5485

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5497, Parent PID: 5483

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.m68k.elf PID: 5498, Parent PID: 5483

General

Chronological Activities

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.m68k.elf