Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86_64.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
Analysis ID:	1583845
MD5:	a8d68db5da4f6a7a3e1deb8e215b373c
SHA1:	b4c0c438485641b0dc66aa7f9a1c2ed641e312dd
SHA256:	8462b46a614a1430cc8ee38ec616c52be8a40cb313f4a924d997e3e4bb2cb51d
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583845
Start date and time:	2025-01-03 18:32:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
Detection:	MAL
Classification:	mal64.evad.linELF@0/0@0/0

Warnings

VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
PID:	6242
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242, Parent: 6163, MD5: a8d68db5da4f6a7a3e1deb8e215b373c) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 6243, Parent: 6242)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 6244, Parent: 6243)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 6245, Parent: 6243)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 6250, Parent: 6242)

ub8ehJSePAfc9FYqZIT6.x86_64.elf New Fork (PID: 6251, Parent: 6242)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6250.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6250.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6243.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6243.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6242.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6242.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6244.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6244.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6242	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x77b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x78f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x807:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x81b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x843:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x857:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x86b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x87f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x893:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x90b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6243	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x7c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x908:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x930:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x944:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x958:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6244	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x86a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x87e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x892:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x90a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x932:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x946:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x95a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x96e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x982:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x996:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6250	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x19a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x19f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1a94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1aa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1abc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ad0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1ae4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1af8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1b34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

ReversingLabs: Detection: 36%

Machine Learning detection for sample

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.23:46924 -> 141.11.33.73:3778

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6250.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6250.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6243.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6243.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6242.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6242.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6244, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x400000

Source: 6250.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6250.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6243.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6243.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6242.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6242.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6244.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6244, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/6226/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/6242/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/6245/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/4509/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1809/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf (PID: 6242)	File opened: /proc/1494/status	Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.x86_64.elf

Submission file: segment LOAD with 7.9628 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ub8ehJSePAfc9FYqZIT6.x86_64.elf	37%	ReversingLabs	Linux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.x86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	ub8ehJSePAfc9FYqZIT6.x86_64.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
141.11.33.73	unknown	United Kingdom	553	BELWUEBelWue-KoordinationEU	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
141.11.33.73	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse
	nova2.elf	Get hash	malicious	Unknown	Browse
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	g.elf	Get hash	malicious	Unknown	Browse
	aarch643308.elf	Get hash	malicious	Unknown	Browse
	ARMV7L.elf	Get hash	malicious	Unknown	Browse
	bash.elf	Get hash	malicious	Unknown	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
91.189.91.42	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse
	nova2.elf	Get hash	malicious	Unknown	Browse
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	g.elf	Get hash	malicious	Unknown	Browse
	aarch643308.elf	Get hash	malicious	Unknown	Browse
	ARMV7L.elf	Get hash	malicious	Unknown	Browse
	bash.elf	Get hash	malicious	Unknown	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BELWUEBelWue-KoordinationEU	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	141.11.33.73
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	Hilix.mips.elf	Get hash	malicious	Mirai	Browse	134.155.120.154
	armv5l.elf	Get hash	malicious	Unknown	Browse	141.79.218.248
	kwari.arm.elf	Get hash	malicious	Unknown	Browse	134.34.202.108
	kwari.arm7.elf	Get hash	malicious	Mirai	Browse	134.155.120.139
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	141.79.120.12
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	141.59.77.71
CANONICAL-ASGB	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse	91.189.91.42
	nova2.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	g.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	aarch643308.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bash.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
CANONICAL-ASGB	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse	91.189.91.42
	nova2.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	g.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	aarch643308.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bash.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
INIT7CH	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse	109.202.202.202
	nova2.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	g.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	aarch643308.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	bash.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.9608210636113235
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ub8ehJSePAfc9FYqZIT6.x86_64.elf
File size:	37'516 bytes
MD5:	a8d68db5da4f6a7a3e1deb8e215b373c
SHA1:	b4c0c438485641b0dc66aa7f9a1c2ed641e312dd
SHA256:	8462b46a614a1430cc8ee38ec616c52be8a40cb313f4a924d997e3e4bb2cb51d
SHA512:	2a78bdbe2452a4decca2d77077cfc82fc80fc38a0c00cd50db2f8163290dcc7cbf4c3e81b694e06359f2e0b07ed0a449d5b33977dfd179b71ca103843c84988f
SSDEEP:	768:4LR/W7TwmFH2FzMhcHZICkt6AP0hPlYFCfJQzgCgOH7x01:4V2wmB3hQICkt6AcdGFCxQ8NOb4
TLSH:	70F2E0A71016FAB5C837E1B18F1992C0FC55681AB0D00F9B59DAB8BEDC79C88BE057D0
File Content Preview:	.ELF..............>.....H.@.....@...................@.8...@.......................@.......@....................... ......................Ka......Ka.............................Q.td.....................................................I..UPX!D.......8:..8:.

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x408048
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x9184	0x9184	7.9628	0x5	R E	0x200000
LOAD	0xb00	0x614b00	0x614b00	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 18:32:50.938250065 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:50.943135023 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:50.943183899 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:50.944606066 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:50.949378967 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:50.949420929 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:50.954144001 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:51.961359978 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:51.961494923 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.961494923 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.961924076 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.966712952 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:51.966757059 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.967308044 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.972029924 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:51.972086906 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:51.976918936 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:52.967206001 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:52.967323065 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.967370033 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.967852116 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.972630978 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:52.972745895 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.973510981 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.978235006 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:52.978343964 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:52.983094931 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:53.336182117 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:32:56.323323011 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:56.328197956 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:56.328303099 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:56.329885960 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:56.334664106 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:56.334726095 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:56.339536905 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.348505020 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.348622084 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.350362062 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.351335049 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.356199026 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.356466055 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.357302904 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.362066031 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.363090038 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.367892027 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.650943041 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.651072979 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.651109934 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.651781082 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.656593084 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.656789064 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.657236099 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.661973000 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:57.663336039 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:57.668078899 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.396553040 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.396651030 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.396692038 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.397032976 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.401793957 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.401897907 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.402472973 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.407161951 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.407233000 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.411998034 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.690601110 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.690727949 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.690869093 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.691446066 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.696597099 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.696710110 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.697273970 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.702472925 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.702539921 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:58.707288027 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:58.711339951 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 18:32:59.688555956 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:59.688745975 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.688779116 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.689373970 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.694180965 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:59.694282055 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.694830894 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.699605942 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:32:59.699681044 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:32:59.704499960 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:00.503231049 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 18:33:00.711731911 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:00.711899996 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.712057114 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.712678909 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.717466116 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:00.717557907 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.718225002 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.723011017 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:00.723073006 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:00.727885962 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:01.746860981 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:01.746947050 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.746995926 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.747468948 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.752232075 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:01.752281904 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.752821922 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.757541895 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:01.757589102 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:01.762330055 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:05.754575014 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:05.754725933 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.754755020 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.755223036 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.760956049 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:05.760999918 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.761516094 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.767587900 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:05.767627954 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:05.772361040 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:06.785353899 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:06.785588980 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.785588980 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.786007881 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.790777922 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:06.790827036 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.791363955 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.796129942 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:06.796175957 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:06.800924063 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:07.810725927 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:07.810978889 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.811038971 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.811543941 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.816668987 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:07.816716909 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.817230940 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.822323084 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:07.822376013 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:07.827517986 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.408689976 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.413548946 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.434921980 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.435008049 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.435197115 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.435888052 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.440758944 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.440871954 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.441736937 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.446557999 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.446664095 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.451515913 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.854398966 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.854684114 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.854684114 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.855392933 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.860222101 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.860318899 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.861229897 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.866003990 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:08.866064072 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:08.870879889 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:10.545922995 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:10.546221018 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.546221018 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.546881914 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.551652908 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:10.551723003 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.552606106 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.557733059 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:10.557785988 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:10.562551975 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:12.503302097 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:12.503420115 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.503477097 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.503958941 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.508771896 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:12.508836031 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.511787891 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.516551971 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:12.516593933 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:12.521380901 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:14.581151962 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:33:15.619141102 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:15.619473934 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.619553089 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.620928049 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.625792027 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:15.625905037 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.626499891 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.631302118 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:15.631387949 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:15.636199951 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:16.549031973 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:16.549168110 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.549232006 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.550157070 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.554919958 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:16.555026054 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.555922985 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.560642004 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:16.560699940 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:16.565490961 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:19.651549101 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:19.651669025 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.651787996 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.652848005 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.657651901 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:19.657725096 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.659105062 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.663856030 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:19.663911104 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:19.668661118 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:21.310147047 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:21.310281992 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.310466051 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.311585903 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.316435099 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:21.316533089 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.317723036 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.322487116 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:21.322561979 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:21.327343941 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:22.437640905 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:22.437737942 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.437840939 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.438510895 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.443370104 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:22.443443060 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.444417000 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.449371099 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:22.449429035 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:22.454346895 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:23.688200951 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:23.688307047 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.688380003 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.689138889 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.695300102 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:23.695362091 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.696284056 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.702440023 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:23.702486038 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:23.708719015 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:24.340837002 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:24.340930939 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.341131926 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.341929913 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.346770048 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:24.346832991 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.347893953 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.352679014 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:24.352730036 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:24.357506990 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:24.819569111 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 18:33:25.339301109 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:25.339396954 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.339397907 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.339838982 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.344628096 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:25.344683886 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.345103025 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.349858999 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:25.349900007 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:25.354732037 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:26.373930931 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:26.374017954 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.374217033 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.374922991 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.379690886 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:26.379751921 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.380675077 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.385415077 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:26.385481119 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:26.390218973 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:28.577284098 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:28.577392101 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.577450991 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.578202963 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.582957983 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:28.583018064 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.583914995 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.588668108 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:28.588716030 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:28.593477011 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:29.574466944 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:29.574754953 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.574933052 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.575694084 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.580548048 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:29.580607891 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.581541061 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.586302996 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:29.586358070 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:29.591253042 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:30.398138046 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:30.398246050 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.398334980 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.399142027 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.403964043 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:30.404028893 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.404949903 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.409817934 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:30.409868002 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:30.414688110 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:30.962702036 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 18:33:31.242734909 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.242866993 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.242918015 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.243607044 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.248485088 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.248557091 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.249499083 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.254288912 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.254339933 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.259167910 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.415716887 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.415811062 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.416007042 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.416635036 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.421447992 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.421540022 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.422488928 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.427292109 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:31.427355051 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:31.432111025 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.399036884 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.399166107 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.399246931 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.399955034 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.404747963 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.404819012 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.405558109 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.410384893 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.410440922 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.415278912 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.566833973 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.566931009 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.567008018 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.567688942 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.572531939 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.572596073 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.573493004 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.578250885 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:32.578301907 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:32.583077908 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.437661886 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.437884092 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.437936068 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.438635111 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.443491936 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.443579912 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.444546938 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.449541092 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.449596882 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.454363108 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.622942924 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.623199940 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.623298883 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.623820066 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.629062891 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.629127026 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.629998922 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.635144949 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:36.635201931 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:36.639971972 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:37.467252016 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:37.467410088 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.467488050 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.468178988 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.472992897 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:37.473073959 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.473959923 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.478806019 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:37.478867054 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:37.483634949 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:41.477413893 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:41.477704048 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.477705002 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.478375912 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.483222961 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:41.483293056 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.484194994 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.488957882 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:41.489017010 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:41.493830919 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:42.509192944 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:42.509368896 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.509368896 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.509783983 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.514537096 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:42.514594078 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.515122890 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.519937992 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:42.520011902 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:42.524775982 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:43.529817104 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:43.530136108 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.530172110 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.530870914 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.535650969 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:43.535701036 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.536216021 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.540983915 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:43.541024923 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:43.546318054 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:47.584526062 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:47.584703922 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.584703922 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.585235119 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.590015888 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:47.590070963 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.590655088 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.595417976 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:47.595463991 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:47.601546049 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:48.579133034 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:48.579319000 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.579381943 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.580173016 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.584958076 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:48.585032940 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.585957050 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.590713024 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:48.590776920 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:48.595537901 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:51.165252924 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:51.165458918 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.165503025 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.166224957 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.171055079 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:51.171168089 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.172662020 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.177438974 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:51.177491903 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:51.182312012 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:52.188711882 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:52.188857079 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.188857079 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.189574957 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.194345951 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:52.194392920 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.195281029 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.200035095 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:52.200079918 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:52.204835892 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:55.535155058 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:33:56.238853931 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:56.238959074 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.239002943 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.239829063 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.244635105 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:56.244689941 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.245599985 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.250371933 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:33:56.250427008 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:33:56.255172968 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:00.735455036 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:00.735574007 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.735611916 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.736181974 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.742117882 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:00.742173910 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.742876053 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.748872995 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:00.748919010 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:00.754898071 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:02.403131008 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:02.403444052 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.403445005 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.404325962 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.409339905 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:02.409405947 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.410191059 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.415072918 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:02.415117025 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:02.419847965 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:03.430485964 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:03.430716038 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.430748940 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.431400061 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.437369108 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:03.437431097 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.438102961 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.444042921 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:03.444104910 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:03.450100899 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:05.981189013 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:05.981323957 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.981323957 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.981841087 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.986704111 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:05.986759901 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.987488985 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.992283106 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:05.992327929 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:05.997035027 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:07.004869938 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:07.005002022 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.005002975 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.005604029 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.011857986 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:07.011930943 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.012552977 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.017406940 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:07.017456055 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:07.022222996 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:08.036858082 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:08.037026882 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.037084103 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.037796974 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.042680025 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:08.042753935 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.043534040 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.048289061 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:08.048340082 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:08.053155899 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:09.052105904 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:09.052326918 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.052328110 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.052831888 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.058758974 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:09.058849096 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.059679985 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.065566063 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:09.065613985 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:09.071333885 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:10.114175081 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:10.114308119 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.114356041 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.114912033 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.120119095 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:10.120172024 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.120800018 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.125540018 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:10.125580072 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:10.130359888 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:11.140917063 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:11.141079903 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.141119003 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.141669989 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.146538973 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:11.146610975 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.147290945 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.152102947 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:11.152165890 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:11.156968117 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:12.825551033 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:12.825860023 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.825938940 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.826566935 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.831468105 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:12.831571102 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.832571030 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.837501049 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:12.837585926 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:12.842385054 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:13.839238882 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:13.839413881 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.839467049 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.840053082 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.844825029 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:13.844886065 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.845510960 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.850261927 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:13.850313902 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:13.855118036 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:14.874576092 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:14.874825001 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.875093937 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.876099110 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.883655071 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:14.883765936 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.885018110 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.889796019 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:14.889868975 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:14.894668102 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:15.903280973 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:15.903458118 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.903554916 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.904371977 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.909214020 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:15.909306049 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.910470009 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.915247917 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:15.915333033 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:15.920258045 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:16.012255907 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 18:34:16.911947966 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:16.912164927 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.912369967 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.913291931 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.918087006 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:16.918174028 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.919569969 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.924304008 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:16.924374104 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:16.929223061 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:17.968291998 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:17.968609095 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.968699932 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.969594955 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.974414110 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:17.974613905 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.975697041 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.980528116 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:17.980604887 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:17.985452890 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:19.639180899 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:19.639535904 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.639575005 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.640533924 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.645391941 CET	3778	47044	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:19.645481110 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.646394014 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.651223898 CET	3778	47044	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:19.651299000 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:19.656224966 CET	3778	47044	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:20.684462070 CET	3778	47044	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:20.684721947 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.684788942 CET	47044	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.685710907 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.690488100 CET	3778	47046	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:20.690568924 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.691653013 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.696372986 CET	3778	47046	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:20.696502924 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:20.701239109 CET	3778	47046	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:23.227978945 CET	3778	47046	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:23.228123903 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.228123903 CET	47046	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.228796959 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.233587027 CET	3778	47048	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:23.233637094 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.234682083 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.239537954 CET	3778	47048	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:23.239587069 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:23.244337082 CET	3778	47048	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:25.776949883 CET	3778	47048	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:25.777184010 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.777184010 CET	47048	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.777802944 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.782671928 CET	3778	47050	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:25.782766104 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.783545971 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.788271904 CET	3778	47050	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:25.788336992 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:25.793071985 CET	3778	47050	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:27.430313110 CET	3778	47050	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:27.430584908 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.430645943 CET	47050	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.431291103 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.436074018 CET	3778	47052	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:27.436146021 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.436863899 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.441574097 CET	3778	47052	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:27.441634893 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:27.446358919 CET	3778	47052	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:28.595511913 CET	3778	47052	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:28.595669031 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.595679998 CET	3778	47052	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:28.595705986 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.595747948 CET	47052	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.596323013 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.601181030 CET	3778	47054	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:28.601250887 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.601883888 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.606631041 CET	3778	47054	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:28.606690884 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:28.611464977 CET	3778	47054	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:29.643157005 CET	3778	47054	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:29.643307924 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.643356085 CET	47054	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.644025087 CET	47056	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.648792028 CET	3778	47056	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:29.648874044 CET	47056	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.649854898 CET	47056	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.654637098 CET	3778	47056	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:29.654700041 CET	47056	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:29.659473896 CET	3778	47056	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:36.665009022 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:36.669847012 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:37.043601036 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:37.043767929 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:39.656982899 CET	47056	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:34:39.661885023 CET	3778	47056	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:40.029084921 CET	3778	47056	141.11.33.73	192.168.2.23
Jan 3, 2025 18:34:40.029326916 CET	47056	3778	192.168.2.23	141.11.33.73

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6242, Parent PID: 6163

General

Start time (UTC):	17:32:50
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6243, Parent PID: 6242

General

Start time (UTC):	17:32:50
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6244, Parent PID: 6243

General

Start time (UTC):	17:32:50
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6245, Parent PID: 6243

General

Start time (UTC):	17:32:50
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6250, Parent PID: 6242

General

Start time (UTC):	17:32:55
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6251, Parent PID: 6242

General

Start time (UTC):	17:32:55
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.x86_64.elf
Arguments:	-
File size:	37516 bytes
MD5 hash:	a8d68db5da4f6a7a3e1deb8e215b373c

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6242, Parent PID: 6163

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6243, Parent PID: 6242

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6244, Parent PID: 6243

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6245, Parent PID: 6243

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6250, Parent PID: 6242

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.x86_64.elf PID: 6251, Parent PID: 6242

General

Chronological Activities

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.x86_64.elf