Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.i686.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.i686.elf
Analysis ID:	1583855
MD5:	b5f71d173c24de88a6d47faeac0ece91
SHA1:	c03bf31317e6b26e428bfd7d600cc3060919ee88
SHA256:	3ef4071f6400e80f9fe2cc0b73f4753887cf67baf991c7d6379f4a3a6057646e
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample contains only a LOAD segment without any section mappings

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583855
Start date and time:	2025-01-03 18:40:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.i686.elf
Detection:	MAL
Classification:	mal64.evad.linELF@0/0@0/0

Warnings

VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.i686.elf

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
PID:	6250
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250, Parent: 6172, MD5: b5f71d173c24de88a6d47faeac0ece91) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf

ub8ehJSePAfc9FYqZIT6.i686.elf New Fork (PID: 6251, Parent: 6250)

ub8ehJSePAfc9FYqZIT6.i686.elf New Fork (PID: 6252, Parent: 6251)

ub8ehJSePAfc9FYqZIT6.i686.elf New Fork (PID: 6253, Parent: 6251)

ub8ehJSePAfc9FYqZIT6.i686.elf New Fork (PID: 6256, Parent: 6250)

ub8ehJSePAfc9FYqZIT6.i686.elf New Fork (PID: 6257, Parent: 6250)

dash New Fork (PID: 6293, Parent: 4331)

rm (PID: 6293, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC

dash New Fork (PID: 6294, Parent: 4331)

rm (PID: 6294, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6256.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6256.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6256.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
6251.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6251.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6251.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
6252.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6252.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6252.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
6250.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6250.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
6250.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6250	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x802:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x816:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x82a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x83e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x852:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x866:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x87a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x88e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x906:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x91a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x92e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x942:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x956:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x96a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x97e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x992:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6251	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xbf6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc0a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc32:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc46:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc6e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc82:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc96:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcaa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcbe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcd2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xce6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcfa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd0e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd72:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd86:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6252	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1246:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x126e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1282:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1296:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x130e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1322:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1336:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x134a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x135e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1372:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1386:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x139a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x13d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6256	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x17fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1824:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1838:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x184c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1860:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x189c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x18ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 11 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.i686.elf

ReversingLabs: Detection: 47%

Machine Learning detection for sample

Source: ub8ehJSePAfc9FYqZIT6.i686.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.23:46924 -> 141.11.33.73:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73

Source: ub8ehJSePAfc9FYqZIT6.i686.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33606
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6252, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6256, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0xc01000

Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6252.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 6250.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6252, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6256, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/6232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/6233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/6253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/6250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/4508/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.i686.elf (PID: 6250)	File opened: /proc/1809/status	Jump to behavior

Source: /usr/bin/dash (PID: 6293)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC			Jump to behavior
Source: /usr/bin/dash (PID: 6294)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC			Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.i686.elf

Submission file: segment LOAD with 7.9623 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ub8ehJSePAfc9FYqZIT6.i686.elf	47%	ReversingLabs	Linux.Backdoor.Mirai
ub8ehJSePAfc9FYqZIT6.i686.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	ub8ehJSePAfc9FYqZIT6.i686.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.171.230.55	unknown	United States	16509	AMAZON-02US	false
141.11.33.73	unknown	United Kingdom	553	BELWUEBelWue-KoordinationEU	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54.171.230.55	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	x86_64.elf	Get hash	malicious	Mirai	Browse
	MIPS.elf	Get hash	malicious	Unknown	Browse
	MIPSEL.elf	Get hash	malicious	Unknown	Browse
	I686.elf	Get hash	malicious	Unknown	Browse
	wind.mpsl.elf	Get hash	malicious	Mirai	Browse
	ZohoAssistURS	Get hash	malicious	Unknown	Browse
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse
	x86_64.elf	Get hash	malicious	Unknown	Browse
141.11.33.73	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse
	nova2.elf	Get hash	malicious	Unknown	Browse
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	g.elf	Get hash	malicious	Unknown	Browse
	aarch643308.elf	Get hash	malicious	Unknown	Browse
	ARMV7L.elf	Get hash	malicious	Unknown	Browse
	bash.elf	Get hash	malicious	Unknown	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BELWUEBelWue-KoordinationEU	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	141.11.33.73
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
CANONICAL-ASGB	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse	91.189.91.42
	nova2.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	g.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	aarch643308.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bash.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
AMAZON-02US	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	http://www.cipassoitalia.it/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	3.124.71.130
	nv8401986_110422.exe	Get hash	malicious	Qjwmonkey	Browse	18.244.18.122
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	http://www.klim.com	Get hash	malicious	Unknown	Browse	3.64.24.94
	l3v0.exe	Get hash	malicious	Unknown	Browse	3.107.255.174
	1111.hta	Get hash	malicious	Unknown	Browse	185.166.143.50
	https://d25mwe2145ri5.cloudfront.net/installer/33365003/2056290341532614624	Get hash	malicious	Unknown	Browse	18.239.15.218
	Payment Receipt.exe	Get hash	malicious	FormBook	Browse	13.228.81.39
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
INIT7CH	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	UDMp3dZ7nc.elf	Get hash	malicious	XorDDoS	Browse	109.202.202.202
	nova2.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	g.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	aarch643308.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	bash.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.960332392934226
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	ub8ehJSePAfc9FYqZIT6.i686.elf
File size:	38'304 bytes
MD5:	b5f71d173c24de88a6d47faeac0ece91
SHA1:	c03bf31317e6b26e428bfd7d600cc3060919ee88
SHA256:	3ef4071f6400e80f9fe2cc0b73f4753887cf67baf991c7d6379f4a3a6057646e
SHA512:	c0a5d1641888473b8ff85a1f1534da77fd5165245db02fa9ae7b9e073515f4ec2531e17c065d94e742f341f5e25bf8f26be94cd0ce9e52ca294f820fe24984bc
SSDEEP:	768:XgpHcj1yjMvzgQOPzIcAJYQxTQnxk12AHeiwwL66Q63WssBqhnbcuyD7UHQRjx:Xg+1yjMOPzfkTae8St66QSnouy8Hy1
TLSH:	F403F192859C46A0E1967B3CD9AD7819341CCD3AFDC8BEFADDC4627F0579E222010BD2
File Content Preview:	.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.\|.>#.....{~vx...A.Zg..3~........2..R.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc092b0
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x94a4	0x94a4	7.9623	0x5	R E	0x1000
LOAD	0xc08	0x805cc08	0x805cc08	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 18:41:34.942969084 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:34.949767113 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:34.949826956 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:34.949841022 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:34.956386089 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:34.956423044 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:34.963150978 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:35.997591019 CET	3778	46924	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:35.997792006 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:35.997792006 CET	46924	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:35.997833014 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:36.002598047 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:36.002686024 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:36.002686024 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:36.007437944 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:36.007497072 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:36.012254953 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:36.104551077 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 18:41:36.360502958 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:41:40.410768032 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:40.415579081 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:40.415668011 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:40.415716887 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:40.420408010 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:40.420456886 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:40.425220013 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:41.432492018 CET	3778	46928	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:41.432615995 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.432638884 CET	46928	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.432696104 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.437963009 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:41.438030005 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.438066006 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.443401098 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:41.443456888 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:41.449647903 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:41.735760927 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 18:41:43.754961967 CET	3778	46926	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:43.755305052 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.755305052 CET	46926	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.755325079 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.760240078 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:43.760298967 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.760329008 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.765089035 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:43.765152931 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:43.769901991 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:44.797399998 CET	3778	46932	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:44.797533035 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.797581911 CET	46932	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.797636986 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.803033113 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:44.803088903 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.803114891 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.808234930 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:44.808279037 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:44.813016891 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.487962008 CET	3778	46930	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.488171101 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.488171101 CET	46930	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.488295078 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.493052006 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.493104935 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.493136883 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.497984886 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.498056889 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.502855062 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.847837925 CET	3778	46934	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.848062038 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.848059893 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.848059893 CET	46934	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.852910995 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.852956057 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.852992058 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.857794046 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:45.857831955 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:45.862605095 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.507770061 CET	3778	46936	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.507988930 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.507988930 CET	46936	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.508002996 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.512792110 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.512845993 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.512873888 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.517632961 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.517692089 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.524050951 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.893213034 CET	3778	46938	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.893331051 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.893491983 CET	46938	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.893495083 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.898284912 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.898336887 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.898363113 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.903093100 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:46.903126001 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:46.907886028 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:47.915606976 CET	3778	46942	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:47.915832043 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.915832043 CET	46942	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.915838957 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.920663118 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:47.920784950 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.920804977 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.925549030 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:47.925628901 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:47.930419922 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:48.208890915 CET	3778	46940	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:48.208998919 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.209038019 CET	46940	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.209176064 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.213951111 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:48.214061975 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.214082003 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.218818903 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:48.218875885 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:48.223722935 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:57.861603022 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:41:57.908745050 CET	3778	46944	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:57.909020901 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.909060001 CET	46944	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.909095049 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.913867950 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:57.913958073 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.913974047 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.918700933 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:57.918766975 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:57.923563957 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:58.222775936 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:41:58.227633953 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:58.608340979 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:41:58.608472109 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.501733065 CET	3778	46948	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:02.501899004 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.501940966 CET	46948	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.501996040 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.506756067 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:02.506819963 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.506844997 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.511544943 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:02.511596918 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:02.516335964 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:03.567132950 CET	3778	46950	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:03.567476034 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.567504883 CET	46950	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.567596912 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.572396994 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:03.572525024 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.572578907 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.577356100 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:03.577446938 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:03.582216978 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:05.217382908 CET	3778	46952	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:05.217670918 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.217710018 CET	46952	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.217710018 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.222723007 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:05.222819090 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.222875118 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.227631092 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:05.227698088 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:05.232489109 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:06.052400112 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 18:42:06.246270895 CET	3778	46954	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:06.246436119 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.246484995 CET	46954	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.246531963 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.251358032 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:06.251452923 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.251463890 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.256202936 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:06.256268978 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:06.260986090 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:07.307656050 CET	3778	46956	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:07.307892084 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.307933092 CET	46956	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.307933092 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.312820911 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:07.312935114 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.312958002 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.317898035 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:07.317969084 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:07.322818995 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:08.100039959 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 18:42:11.331882954 CET	3778	46958	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:11.332072020 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.332106113 CET	46958	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.332142115 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.337981939 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:11.338043928 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.338068962 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.343997955 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:11.344044924 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:11.349863052 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:14.602361917 CET	33606	443	192.168.2.23	54.171.230.55
Jan 3, 2025 18:42:14.607348919 CET	443	33606	54.171.230.55	192.168.2.23
Jan 3, 2025 18:42:14.607413054 CET	33606	443	192.168.2.23	54.171.230.55
Jan 3, 2025 18:42:15.387518883 CET	3778	46960	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:15.387681007 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.387751102 CET	46960	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.387851000 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.392607927 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:15.392724037 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.392813921 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.397598028 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:15.397701979 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:15.402462006 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:16.414324999 CET	3778	46962	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:16.414493084 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.414549112 CET	46962	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.414618969 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.419379950 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:16.419454098 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.419529915 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.424274921 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:16.424331903 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:16.429059982 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:26.428348064 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.433113098 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:26.456923008 CET	3778	46964	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:26.457143068 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.457240105 CET	46964	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.457346916 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.462165117 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:26.462271929 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.462317944 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.467103958 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:26.467190027 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:26.471937895 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:27.499125004 CET	3778	46966	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:27.499315977 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.499366045 CET	46966	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.499456882 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.504400969 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:27.504502058 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.504564047 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.509322882 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:27.509413958 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:27.514214993 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:28.537662983 CET	3778	46968	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:28.537955999 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.538213968 CET	46968	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.538316011 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.543217897 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:28.543293953 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.543348074 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.548417091 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:28.548474073 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:28.554605007 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:29.551115036 CET	3778	46970	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:29.551402092 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.551461935 CET	46970	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.551552057 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.556852102 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:29.556941986 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.557061911 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.561825037 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:29.561887980 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:29.569180965 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:33.591715097 CET	3778	46972	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:33.592031956 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.592094898 CET	46972	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.592186928 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.597229958 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:33.597307920 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.597383976 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.602089882 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:33.602155924 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:33.606930971 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:34.635869026 CET	3778	46974	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:34.636153936 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.636287928 CET	46974	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.636393070 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.641235113 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:34.641314030 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.641387939 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.646181107 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:34.646245003 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:34.651084900 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:35.678391933 CET	3778	46976	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:35.679167032 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.679236889 CET	46976	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.679322958 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.684056997 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:35.684226990 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.684246063 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.688981056 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:35.689053059 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:35.693800926 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:37.362607002 CET	3778	46978	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:37.362792969 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.362961054 CET	46978	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.363045931 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.367832899 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:37.367932081 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.367984056 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.372735023 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:37.372800112 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:37.377625942 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:38.815783024 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 18:42:41.799180984 CET	3778	46980	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:41.799294949 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.799295902 CET	46980	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.799338102 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.804162025 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:41.804219007 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.804344893 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.809076071 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:41.809140921 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:41.813891888 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:43.409987926 CET	3778	46982	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:43.410126925 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.410258055 CET	46982	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.410358906 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.415155888 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:43.415244102 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.415307045 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.420072079 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:43.420146942 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:43.424963951 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:44.411799908 CET	3778	46984	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:44.411933899 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.411998987 CET	46984	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.412079096 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.416912079 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:44.417056084 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.417110920 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.421901941 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:44.421958923 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:44.426820040 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:45.434575081 CET	3778	46986	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:45.434880972 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.434919119 CET	46986	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.434993982 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.439791918 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:45.439897060 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.439946890 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.444719076 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:45.444796085 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:45.449635029 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:46.450767994 CET	3778	46988	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:46.451003075 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.451046944 CET	46988	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.451090097 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.455912113 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:46.456007004 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.456052065 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.460865021 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:46.460937023 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:46.465711117 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:47.466720104 CET	3778	46990	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:47.467032909 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.467073917 CET	46990	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.467143059 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.471986055 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:47.472103119 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.472150087 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.476922035 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:47.476989985 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:47.481774092 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:49.140724897 CET	3778	46992	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:49.140841961 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.140883923 CET	46992	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.140964031 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.146236897 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:49.146306038 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.146330118 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.152285099 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:49.152388096 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:49.157773972 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:50.190726995 CET	3778	46994	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:50.190915108 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.190915108 CET	46994	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.190952063 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.195760012 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:50.195848942 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.195861101 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.200637102 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:50.200704098 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:50.205511093 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:54.322662115 CET	3778	46996	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:54.322777987 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.322777987 CET	46996	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.322822094 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.327585936 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:54.327651024 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.327666998 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.332987070 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:54.333066940 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:54.338598013 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:58.645931005 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.650856018 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:58.862972975 CET	3778	46998	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:58.863064051 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.863065004 CET	46998	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.863112926 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.867923021 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:58.867974997 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.868174076 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.872991085 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:58.873070002 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:58.877918959 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:59.031244993 CET	3778	46946	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:59.031326056 CET	46946	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.885610104 CET	3778	47000	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:59.885704994 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.885831118 CET	47000	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.885905981 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.890662909 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:59.890722036 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.890779972 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.895620108 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:42:59.895692110 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:42:59.900504112 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:00.922432899 CET	3778	47002	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:00.922544956 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.922544956 CET	47002	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.922597885 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.927377939 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:00.927447081 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.927464962 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.932279110 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:00.932362080 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:00.937186956 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:01.919409037 CET	3778	47004	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:01.919512033 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.919555902 CET	47004	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.919564962 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.924385071 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:01.924478054 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.924521923 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.929296970 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:01.929358959 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:01.934185982 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:02.961911917 CET	3778	47006	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:02.962351084 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.962354898 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.962354898 CET	47006	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.967242956 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:02.967338085 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.967389107 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.972091913 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:02.972153902 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:02.976984024 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:04.000157118 CET	3778	47008	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:04.000377893 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.000466108 CET	47008	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.000546932 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.005340099 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:04.005435944 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.005496979 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.010298967 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:04.010366917 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:04.015140057 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:05.674468994 CET	3778	47010	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:05.674837112 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.674838066 CET	47010	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.674849033 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.679660082 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:05.679750919 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.679853916 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.684612989 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:05.684694052 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:05.689501047 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:09.730024099 CET	3778	47012	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:09.730285883 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.730345011 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.730345011 CET	47012	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.737255096 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:09.737308025 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.737320900 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.744152069 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:09.744198084 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:09.751063108 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:10.786438942 CET	3778	47014	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:10.786674976 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.786674976 CET	47014	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.786688089 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.791507959 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:10.791563988 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.791580915 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.796380997 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:10.796439886 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:10.801251888 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:20.845829010 CET	3778	47016	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:20.846128941 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.846195936 CET	47016	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.846292019 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.851080894 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:20.851164103 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.851214886 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.855952978 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:20.856015921 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:20.860775948 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:21.865988970 CET	3778	47018	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:21.866276979 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.866333961 CET	47018	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.866413116 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.871208906 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:21.871293068 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.871366024 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.876504898 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:21.876599073 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:21.881433964 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:22.892100096 CET	3778	47020	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:22.892399073 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.892472029 CET	47020	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.892568111 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.897310019 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:22.897399902 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.897481918 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.902723074 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:22.902781963 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:22.908854008 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:24.583175898 CET	3778	47022	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:24.583240986 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.583276033 CET	47022	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.583323002 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.588135004 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:24.588263035 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.588298082 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.593559980 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:24.593625069 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:24.598984957 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:28.632796049 CET	3778	47024	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:28.633199930 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.633199930 CET	47024	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.633199930 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.638051033 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:28.638148069 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.638169050 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.642935991 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:28.643001080 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:28.647794962 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:32.668889046 CET	3778	47026	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:32.669281006 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.669429064 CET	47026	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.669528008 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.674274921 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:32.674365044 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.674416065 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.679209948 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:32.679291010 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:32.684075117 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:36.701493979 CET	3778	47028	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:36.701632023 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.701632023 CET	47028	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.701677084 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.706432104 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:36.706526995 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.706598997 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.712033033 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:36.712101936 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:36.716875076 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:39.253449917 CET	3778	47030	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:39.253566980 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.253611088 CET	47030	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.253618956 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.258451939 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:39.258518934 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.258533001 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.263331890 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:39.263382912 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:39.268178940 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:40.280632019 CET	3778	47032	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:40.280766010 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.280883074 CET	47032	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.280930042 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.285679102 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:40.285772085 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.285824060 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.290565014 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:40.290642977 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:40.295378923 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:41.279067993 CET	3778	47034	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:41.279201984 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.279242039 CET	47034	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.279263973 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.284046888 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:41.284156084 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.284171104 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.288947105 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:41.289000034 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:41.293801069 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:42.276670933 CET	3778	47036	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:42.276787043 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.276923895 CET	47036	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.277019024 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.281745911 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:42.281812906 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.281883001 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.286638975 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:42.286696911 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:42.291462898 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:43.324991941 CET	3778	47038	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:43.325143099 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.325362921 CET	47038	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.325506926 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.330337048 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:43.330430031 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.330529928 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.335357904 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:43.335422039 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:43.340277910 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:44.375853062 CET	3778	47040	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:44.375994921 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.376043081 CET	47040	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.376076937 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.380897999 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:44.380970955 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.380999088 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.385765076 CET	3778	47042	141.11.33.73	192.168.2.23
Jan 3, 2025 18:43:44.385818958 CET	47042	3778	192.168.2.23	141.11.33.73
Jan 3, 2025 18:43:44.390602112 CET	3778	47042	141.11.33.73	192.168.2.23

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6250, Parent PID: 6172

General

Start time (UTC):	17:41:33
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6251, Parent PID: 6250

General

Start time (UTC):	17:41:33
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	-
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6252, Parent PID: 6251

General

Start time (UTC):	17:41:33
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	-
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6253, Parent PID: 6251

General

Start time (UTC):	17:41:33
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	-
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6256, Parent PID: 6250

General

Start time (UTC):	17:41:39
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	-
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6257, Parent PID: 6250

General

Start time (UTC):	17:41:39
Start date (UTC):	03/01/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.i686.elf
Arguments:	-
File size:	38304 bytes
MD5 hash:	b5f71d173c24de88a6d47faeac0ece91

Analysis Process: dash PID: 6293, Parent PID: 4331

General

Start time (UTC):	17:42:13
Start date (UTC):	03/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6293, Parent PID: 4331

General

Start time (UTC):	17:42:13
Start date (UTC):	03/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6294, Parent PID: 4331

General

Start time (UTC):	17:42:13
Start date (UTC):	03/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6294, Parent PID: 4331

General

Start time (UTC):	17:42:13
Start date (UTC):	03/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.Oy9c0ManrL /tmp/tmp.Dp0pPoX4Ft /tmp/tmp.fsD48ipTxC
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.i686.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6250, Parent PID: 6172

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6251, Parent PID: 6250

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6252, Parent PID: 6251

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6253, Parent PID: 6251

General

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6256, Parent PID: 6250

General

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.i686.elf PID: 6257, Parent PID: 6250

General

Analysis Process: dash PID: 6293, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6293, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6294, Parent PID: 4331

General

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.i686.elf