Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mpsl.elf

Overview

General Information

Sample name:	ub8ehJSePAfc9FYqZIT6.mpsl.elf
Analysis ID:	1631566
MD5:	37e3f1e3faf28800d5d6e75a7ab8c39a
SHA1:	c3e2b8841298415d70333c2ef1351c5b27afc45e
SHA256:	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1631566
Start date and time:	2025-03-07 10:52:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	ub8ehJSePAfc9FYqZIT6.mpsl.elf
Detection:	MAL
Classification:	mal68.evad.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
PID:	6236
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236, Parent: 6160, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf

ub8ehJSePAfc9FYqZIT6.mpsl.elf New Fork (PID: 6238, Parent: 6236)

ub8ehJSePAfc9FYqZIT6.mpsl.elf New Fork (PID: 6240, Parent: 6238)

ub8ehJSePAfc9FYqZIT6.mpsl.elf New Fork (PID: 6242, Parent: 6238)

ub8ehJSePAfc9FYqZIT6.mpsl.elf New Fork (PID: 6250, Parent: 6236)

ub8ehJSePAfc9FYqZIT6.mpsl.elf New Fork (PID: 6252, Parent: 6236)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6250.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6240.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6236.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6238.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x2739c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x273ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27400:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27414:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27428:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2743c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27450:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27464:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27478:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2748c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x274f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27504:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x27518:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2752c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x775c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7798:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x77fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7810:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7824:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7838:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x784c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7860:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7874:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7888:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x789c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x78b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x78c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x78d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x78ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x75b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x75cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x75e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x75f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7609:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x761d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7631:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7645:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7659:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x766d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7681:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7695:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76a9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76bd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76d1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76e5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x76f9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x770d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7721:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7735:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x7749:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6240	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x6955:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6969:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x697d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6991:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x69a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x69b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x69cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x69e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x69f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6a95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6aa9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6abd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6ad1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6ae5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6250	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x63a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6406:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x641a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x642e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6442:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6456:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x646a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x647e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6492:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x650a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x651e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6532:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf

ReversingLabs: Detection: 44%

Source: global traffic

TCP traffic: 192.168.2.23:34666 -> 61.7.209.115:3778

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115
Source: unknown	TCP traffic detected without corresponding DNS query: 61.7.209.115

Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6250.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6240.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6236.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6238.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6240, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x100000

Source: 6250.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6240.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6236.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6238.1.00007ffb5c400000.00007ffb5c42a000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6240, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6250, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal68.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/6236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/6242/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/4509/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1809/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/1494/status	Jump to behavior
Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)	File opened: /proc/260/status	Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf

Submission file: segment LOAD with 7.9469 entropy (max. 8.0)

Source: /tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf (PID: 6236)

Queries kernel information via 'uname':

Jump to behavior

Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6240.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6250.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6240.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6250.1.0000558fbcd8f000.0000558fbce37000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6240.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6250.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel
Source: ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6236.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6238.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6240.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.mpsl.elf, 6250.1.00007fff9efe4000.00007fff9f005000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ub8ehJSePAfc9FYqZIT6.mpsl.elf	45%	ReversingLabs	Linux.Trojan.Mirai
ub8ehJSePAfc9FYqZIT6.mpsl.elf	100%	Avira	EXP/ELF.Agent.M.28

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	ub8ehJSePAfc9FYqZIT6.mpsl.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
61.7.209.115	unknown	Thailand	9931	CAT-APTheCommunicationAuthoityofThailandCATTH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
61.7.209.115	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.ppc.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	ub8ehJSePAfc9FYqZIT6.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
91.189.91.42	ub8ehJSePAfc9FYqZIT6.arm5.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	ub8ehJSePAfc9FYqZIT6.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
CANONICAL-ASGB	ub8ehJSePAfc9FYqZIT6.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	185.125.190.26
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
CAT-APTheCommunicationAuthoityofThailandCATTH	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	61.7.209.115
	splmpsl.elf	Get hash	malicious	Unknown	Browse	110.78.78.218
	sys.x86_64.elf	Get hash	malicious	Xmrig	Browse	61.7.203.9
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.ppc.elf	Get hash	malicious	Unknown	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse	61.7.209.115
	ub8ehJSePAfc9FYqZIT6.x86.elf	Get hash	malicious	Unknown	Browse	61.7.209.115
INIT7CH	ub8ehJSePAfc9FYqZIT6.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.94414745953277
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	ub8ehJSePAfc9FYqZIT6.mpsl.elf
File size:	44'332 bytes
MD5:	37e3f1e3faf28800d5d6e75a7ab8c39a
SHA1:	c3e2b8841298415d70333c2ef1351c5b27afc45e
SHA256:	90d543a1027b33b457f943571be902751cdc9b60a86ac9eacde19843e34ca8c2
SHA512:	ab1397c7bd0ebe4ee76e16177adbc3ce5b2437b7f4ff68911cf1d07b7f11cb7556ab5dffe51e761169ec91df767d766360b376051afdfc7a46c8fd25850d6164
SSDEEP:	768:E1jRTSWuPUdOfcVy3t9g44uuyBDmzii5HaPSkIx9RIXvtTPsAb3bqOWS:E1dTSlYvVMt9gtuSNaKBx9RYdbrN
TLSH:	8C13E12DF48EEF4ACE9D0AB7139FC6D2828CB453738D4B84077E5614BD5698AA84C474
File Content Preview:	.ELF........................4...........4. ...(...............................................C...C.....................UPX!`...................T..........?.E.h;....#......b.L.1-......./5.....U....A...?....3M $Ie.K9..M.C...D-.......\...l..............p?.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x1098c8
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x100000	0x100000	0xac05	0xac05	7.9469	0x5	R E	0x10000
LOAD	0xac0c	0x43ac0c	0x43ac0c	0x0	0x0	0.0000	0x6	RW	0x10000

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 404
• 3778 undefined
• 443 (HTTPS)
• 80 (HTTP)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 7, 2025 10:53:18.955796003 CET	43928	443	192.168.2.23	91.189.91.42
Mar 7, 2025 10:53:18.976324081 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:18.981426001 CET	3778	34666	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:18.981489897 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:19.007011890 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:19.012147903 CET	3778	34666	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:19.012196064 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:19.017266989 CET	3778	34666	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:19.996681929 CET	3778	34666	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:19.996798038 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:19.997134924 CET	34666	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:19.998090029 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.003129959 CET	3778	34668	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:20.003432035 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.004419088 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.009381056 CET	3778	34668	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:20.009434938 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.014458895 CET	3778	34668	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:20.997338057 CET	3778	34668	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:20.997642040 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.997642040 CET	34668	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:20.998191118 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.003366947 CET	3778	34670	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:21.003426075 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.004125118 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.009319067 CET	3778	34670	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:21.009371996 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.014466047 CET	3778	34670	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:21.994898081 CET	3778	34670	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:21.995187998 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.995187998 CET	34670	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:21.995825052 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.001014948 CET	3778	34672	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:22.001087904 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.001844883 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.006948948 CET	3778	34672	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:22.007009029 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.012090921 CET	3778	34672	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:22.996124029 CET	3778	34672	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:22.996414900 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.996414900 CET	34672	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:22.996937990 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.002796888 CET	3778	34674	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.002865076 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.003586054 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.008688927 CET	3778	34674	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.008759975 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.013828039 CET	3778	34674	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.987354040 CET	3778	34674	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.987508059 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.987601042 CET	34674	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.988207102 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.993244886 CET	3778	34676	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.993313074 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.993995905 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:23.999011993 CET	3778	34676	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:23.999080896 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:24.004126072 CET	3778	34676	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:24.587105036 CET	42836	443	192.168.2.23	91.189.91.43
Mar 7, 2025 10:53:24.655097008 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:24.660268068 CET	3778	34678	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:24.660378933 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:24.676636934 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:24.682374954 CET	3778	34678	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:24.682444096 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:24.687954903 CET	3778	34678	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.008297920 CET	3778	34676	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.008503914 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.008584976 CET	34676	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.009185076 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.014312983 CET	3778	34680	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.014374971 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.015845060 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.020978928 CET	3778	34680	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.021027088 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.026130915 CET	3778	34680	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.637306929 CET	3778	34678	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.637435913 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.637826920 CET	34678	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.638520002 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.643598080 CET	3778	34682	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.643662930 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.644505978 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.649542093 CET	3778	34682	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.649594069 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:25.654613018 CET	3778	34682	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:25.866863012 CET	42516	80	192.168.2.23	109.202.202.202
Mar 7, 2025 10:53:26.007895947 CET	3778	34680	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.008088112 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.008147001 CET	34680	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.009012938 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.014141083 CET	3778	34684	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.014223099 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.016006947 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.021612883 CET	3778	34684	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.021657944 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.027707100 CET	3778	34684	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.636938095 CET	3778	34682	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.637201071 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.637202024 CET	34682	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.637676001 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.645258904 CET	3778	34686	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.645329952 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.646750927 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.651941061 CET	3778	34686	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:26.651999950 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:26.657114029 CET	3778	34686	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.002763987 CET	3778	34684	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.002863884 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.002912998 CET	34684	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.003420115 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.008518934 CET	3778	34688	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.008594036 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.009356976 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.014395952 CET	3778	34688	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.014451981 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.019509077 CET	3778	34688	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.626508951 CET	3778	34686	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.626704931 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.626836061 CET	34686	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.627404928 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.632447004 CET	3778	34690	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.632529020 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.633167028 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.638231993 CET	3778	34690	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.638293028 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.643315077 CET	3778	34690	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.995414019 CET	3778	34688	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:27.995592117 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.995637894 CET	34688	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:27.996285915 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.001581907 CET	3778	34692	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.001643896 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.002440929 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.007599115 CET	3778	34692	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.007658958 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.012752056 CET	3778	34692	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.624300957 CET	3778	34690	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.624469042 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.624510050 CET	34690	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.625233889 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.630436897 CET	3778	34694	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.630542994 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.631274939 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.636379957 CET	3778	34694	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.636588097 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.641652107 CET	3778	34694	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.992516994 CET	3778	34692	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.992661953 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.992722988 CET	34692	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.993632078 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.998706102 CET	3778	34696	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:28.998774052 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:28.999522924 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.004612923 CET	3778	34696	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.004687071 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.009774923 CET	3778	34696	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.614178896 CET	3778	34694	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.614312887 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.614398003 CET	34694	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.614953041 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.620342016 CET	3778	34698	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.620430946 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.621085882 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.626455069 CET	3778	34698	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.626522064 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.631599903 CET	3778	34698	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.987086058 CET	3778	34696	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.987340927 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.987426996 CET	34696	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.988080978 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.993213892 CET	3778	34700	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.993280888 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.994080067 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:29.999135971 CET	3778	34700	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:29.999213934 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.004286051 CET	3778	34700	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.629051924 CET	3778	34698	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.629151106 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.629343033 CET	34698	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.629862070 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.634975910 CET	3778	34702	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.635072947 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.635790110 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.640925884 CET	3778	34702	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.641005993 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.646105051 CET	3778	34702	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.977386951 CET	3778	34700	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.977555990 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.977642059 CET	34700	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.978564024 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.983628035 CET	3778	34704	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.983716965 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.984868050 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.989943981 CET	3778	34704	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:30.990005970 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:30.995016098 CET	3778	34704	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.644443989 CET	3778	34702	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.644690037 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.644790888 CET	34702	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.645567894 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.650719881 CET	3778	34706	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.650823116 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.652321100 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.657370090 CET	3778	34706	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.657758951 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.662916899 CET	3778	34706	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.986066103 CET	3778	34704	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.986296892 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.986392021 CET	34704	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.987175941 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.992278099 CET	3778	34708	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.992348909 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.993159056 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:31.998260021 CET	3778	34708	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:31.998312950 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.003396988 CET	3778	34708	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.640386105 CET	3778	34706	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.640687943 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.640748978 CET	34706	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.641480923 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.646625042 CET	3778	34710	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.646687031 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.647428036 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.652559996 CET	3778	34710	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.652609110 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.657670021 CET	3778	34710	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.987246037 CET	3778	34708	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.987504005 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.987643957 CET	34708	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.988498926 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.993561029 CET	3778	34712	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.993643999 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.994611025 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:32.999664068 CET	3778	34712	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:32.999716043 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.005171061 CET	3778	34712	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.641941071 CET	3778	34710	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.642332077 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.642432928 CET	34710	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.643295050 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.648442984 CET	3778	34714	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.648511887 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.649210930 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.654416084 CET	3778	34714	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.654465914 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.659533978 CET	3778	34714	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.983355045 CET	3778	34712	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.983519077 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.983550072 CET	34712	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.984155893 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.989280939 CET	3778	34716	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.989358902 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.990273952 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:33.995404959 CET	3778	34716	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:33.995465040 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.000579119 CET	3778	34716	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.653565884 CET	3778	34714	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.653835058 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.653867960 CET	34714	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.654460907 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.660490990 CET	3778	34718	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.660559893 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.661892891 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.667315960 CET	3778	34718	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.667401075 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.672462940 CET	3778	34718	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.976114988 CET	3778	34716	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.976263046 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.976320982 CET	34716	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.976973057 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.982096910 CET	3778	34720	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.982213020 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.983064890 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.988122940 CET	3778	34720	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:34.988187075 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:34.993285894 CET	3778	34720	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.672148943 CET	3778	34718	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.672431946 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.672463894 CET	34718	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.673059940 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.678205013 CET	3778	34722	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.678333044 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.678961039 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.684004068 CET	3778	34722	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.684091091 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.689157009 CET	3778	34722	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.978673935 CET	3778	34720	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.978799105 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.978847027 CET	34720	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.979495049 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.984646082 CET	3778	34724	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.984719038 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.985685110 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.990783930 CET	3778	34724	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:35.990865946 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:35.995920897 CET	3778	34724	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:36.675856113 CET	3778	34722	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:36.676239014 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.676239014 CET	34722	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.677022934 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.682090998 CET	3778	34726	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:36.682199955 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.683146000 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.688155890 CET	3778	34726	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:36.688262939 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:36.693300962 CET	3778	34726	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.009639978 CET	3778	34724	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.009882927 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.009953976 CET	34724	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.010966063 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.016036987 CET	3778	34728	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.016120911 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.018493891 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.023638964 CET	3778	34728	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.023716927 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.028784037 CET	3778	34728	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.685239077 CET	3778	34726	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.685456991 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.685661077 CET	34726	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.686500072 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.691592932 CET	3778	34730	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.691677094 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.692353010 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.697397947 CET	3778	34730	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:37.697490931 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:37.702529907 CET	3778	34730	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.020143986 CET	3778	34728	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.020339966 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.020397902 CET	34728	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.021209002 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.026258945 CET	3778	34732	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.026340008 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.027257919 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.032365084 CET	3778	34732	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.032443047 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.037543058 CET	3778	34732	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.713596106 CET	3778	34730	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.713773012 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.713924885 CET	34730	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.714459896 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.719490051 CET	3778	34734	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.719594955 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.720264912 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.725337029 CET	3778	34734	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:38.725409031 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:38.730498075 CET	3778	34734	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.039762974 CET	3778	34732	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.040107012 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.040107012 CET	34732	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.040847063 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.045984030 CET	3778	34736	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.046065092 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.047319889 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.052422047 CET	3778	34736	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.052493095 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.057610989 CET	3778	34736	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.725826979 CET	3778	34734	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.726037979 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.726140022 CET	34734	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.726907015 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.733011961 CET	3778	34738	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.733149052 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.734181881 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.739181042 CET	3778	34738	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:39.739238024 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:39.744251013 CET	3778	34738	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.055788040 CET	3778	34736	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.055948019 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.056221962 CET	34736	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.056945086 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.061984062 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.062068939 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.062885046 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.067938089 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.068006039 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.073097944 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.701689959 CET	3778	34738	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.701873064 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.702119112 CET	34738	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.702589989 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.707678080 CET	3778	34742	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.707734108 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.708414078 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.712826967 CET	43928	443	192.168.2.23	91.189.91.42
Mar 7, 2025 10:53:40.713453054 CET	3778	34742	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:40.713516951 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:40.718595982 CET	3778	34742	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.240269899 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.240412951 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.240530968 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.240533113 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.240600109 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.241489887 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.243592978 CET	3778	34740	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.243653059 CET	34740	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.246696949 CET	3778	34744	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.246810913 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.248357058 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.253443956 CET	3778	34744	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.253501892 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.258682013 CET	3778	34744	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.720285892 CET	3778	34742	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.720515013 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.720515013 CET	34742	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.721242905 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.726845026 CET	3778	34746	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.726995945 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.728301048 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.733400106 CET	3778	34746	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:41.733475924 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:41.738535881 CET	3778	34746	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.390428066 CET	3778	34744	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.390655041 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.390686035 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.391416073 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.392065048 CET	3778	34744	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.392190933 CET	34744	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.396498919 CET	3778	34748	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.396593094 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.397808075 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.403992891 CET	3778	34748	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.404077053 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.409177065 CET	3778	34748	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.717312098 CET	3778	34746	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.717495918 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.717607975 CET	34746	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.718405962 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.723433018 CET	3778	34750	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.723514080 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.724606037 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.729623079 CET	3778	34750	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:42.729685068 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:42.734741926 CET	3778	34750	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.394934893 CET	3778	34748	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.395241976 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.395241976 CET	34748	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.395880938 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.401282072 CET	3778	34752	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.401376009 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.403095007 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.408162117 CET	3778	34752	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.408216000 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.413336039 CET	3778	34752	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.725100040 CET	3778	34750	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.725454092 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.725454092 CET	34750	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.726617098 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.731794119 CET	3778	34754	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.731944084 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.733248949 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.738343000 CET	3778	34754	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:43.738455057 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:43.743527889 CET	3778	34754	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.389946938 CET	3778	34752	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.390290976 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.390291929 CET	34752	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.390913010 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.396018028 CET	3778	34756	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.396085978 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.396893978 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.402035952 CET	3778	34756	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.402223110 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.407383919 CET	3778	34756	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.732413054 CET	3778	34754	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.732656956 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.732732058 CET	34754	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.733393908 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.738514900 CET	3778	34758	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.738599062 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.739413977 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.744481087 CET	3778	34758	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:44.744554996 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:44.749797106 CET	3778	34758	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.374541998 CET	3778	34756	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.374748945 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.374866009 CET	34756	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.375761986 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.380855083 CET	3778	34760	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.380934000 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.381885052 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.386990070 CET	3778	34760	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.387053967 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.392225027 CET	3778	34760	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.722652912 CET	3778	34758	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.722800970 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.723011017 CET	34758	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.724015951 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.729162931 CET	3778	34762	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.729353905 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.730132103 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.735302925 CET	3778	34762	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:45.735497952 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:45.740586996 CET	3778	34762	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.384733915 CET	3778	34760	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.384891987 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.385008097 CET	34760	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.385886908 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.390997887 CET	3778	34764	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.391081095 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.392268896 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.397469997 CET	3778	34764	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.397536993 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.402614117 CET	3778	34764	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.712954998 CET	3778	34762	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.713190079 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.713219881 CET	34762	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.713939905 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.718988895 CET	3778	34766	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.719177008 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.720321894 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.725392103 CET	3778	34766	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:46.725596905 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:46.730679989 CET	3778	34766	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.376846075 CET	3778	34764	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.377007961 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.377091885 CET	34764	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.377954960 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.383546114 CET	3778	34768	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.383668900 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.384860992 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.390248060 CET	3778	34768	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.390319109 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.395382881 CET	3778	34768	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.701360941 CET	3778	34766	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.701565981 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.701736927 CET	34766	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.702405930 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.707448006 CET	3778	34770	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.707549095 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.708564997 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.713581085 CET	3778	34770	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:47.713644981 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:47.718687057 CET	3778	34770	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.374325037 CET	3778	34768	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.374769926 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.374769926 CET	34768	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.375540972 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.380650997 CET	3778	34772	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.380775928 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.382117987 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.387264967 CET	3778	34772	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.387342930 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.392402887 CET	3778	34772	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.710768938 CET	3778	34770	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.711098909 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.711200953 CET	34770	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.712171078 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.717253923 CET	3778	34774	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.717335939 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.718966961 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.724049091 CET	3778	34774	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:48.724112988 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:48.729163885 CET	3778	34774	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.374142885 CET	3778	34772	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.374294043 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.374382019 CET	34772	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.375037909 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.380172014 CET	3778	34776	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.380239010 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.381066084 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.386127949 CET	3778	34776	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.386234045 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.391318083 CET	3778	34776	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.729317904 CET	3778	34774	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.729597092 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.729597092 CET	34774	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.730173111 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.736422062 CET	3778	34778	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.736484051 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.737302065 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.743406057 CET	3778	34778	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:49.743463993 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:49.749531984 CET	3778	34778	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.360372066 CET	3778	34776	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.360615969 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.360709906 CET	34776	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.361465931 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.366775036 CET	3778	34780	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.366867065 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.367928028 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.373446941 CET	3778	34780	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.373518944 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.378968954 CET	3778	34780	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.741486073 CET	3778	34778	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.741861105 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.741861105 CET	34778	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.742330074 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.747396946 CET	3778	34782	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.747451067 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.748095036 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.753151894 CET	3778	34782	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.753212929 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:50.758315086 CET	3778	34782	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:50.951471090 CET	42836	443	192.168.2.23	91.189.91.43
Mar 7, 2025 10:53:51.351095915 CET	3778	34780	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.351406097 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.351406097 CET	34780	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.352164984 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.357338905 CET	3778	34784	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.357486963 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.358773947 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.363945961 CET	3778	34784	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.364016056 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.369083881 CET	3778	34784	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.747699976 CET	3778	34782	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.747991085 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.748167038 CET	34782	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.749145985 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.754314899 CET	3778	34786	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.754400015 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.755611897 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.760721922 CET	3778	34786	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:51.760796070 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:51.765898943 CET	3778	34786	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.370589972 CET	3778	34784	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.371190071 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.371190071 CET	34784	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.371655941 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.376702070 CET	3778	34788	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.376763105 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.377841949 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.383526087 CET	3778	34788	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.384078026 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.389086008 CET	3778	34788	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.761214972 CET	3778	34786	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.761533022 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.761533022 CET	34786	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.762284994 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.768379927 CET	3778	34790	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.768487930 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.769438028 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.775593996 CET	3778	34790	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:52.775667906 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:52.783673048 CET	3778	34790	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.388744116 CET	3778	34788	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.389065981 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.389065981 CET	34788	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.389991045 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.395071983 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.395153999 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.396439075 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.401438951 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.401510954 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.406605005 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.763272047 CET	3778	34790	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.763487101 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.763525963 CET	34790	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.764085054 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.769131899 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.769231081 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.769942999 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.774940014 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:53.775012970 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:53:53.780086040 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:53:57.094660044 CET	42516	80	192.168.2.23	109.202.202.202
Mar 7, 2025 10:54:03.410975933 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:54:03.416102886 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:54:03.770221949 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:54:03.770405054 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:54:03.779090881 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:54:03.784198999 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:54:04.140964985 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:54:04.141300917 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:54:21.667464972 CET	43928	443	192.168.2.23	91.189.91.42
Mar 7, 2025 10:55:03.823187113 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:55:03.828349113 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:55:04.181854010 CET	3778	34792	61.7.209.115	192.168.2.23
Mar 7, 2025 10:55:04.182123899 CET	34792	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:55:04.194456100 CET	34794	3778	192.168.2.23	61.7.209.115
Mar 7, 2025 10:55:04.199608088 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:55:04.557054043 CET	3778	34794	61.7.209.115	192.168.2.23
Mar 7, 2025 10:55:04.557477951 CET	34794	3778	192.168.2.23	61.7.209.115

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, Parent PID: 6160

General

Start time (UTC):	09:53:18
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, Parent PID: 6236

General

Start time (UTC):	09:53:18
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6240, Parent PID: 6238

General

Start time (UTC):	09:53:18
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

File Activities

File Opened

Process Activities

Thread Sleep

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6242, Parent PID: 6238

General

Start time (UTC):	09:53:18
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Process Activities

Thread Sleep

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6250, Parent PID: 6236

General

Start time (UTC):	09:53:24
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

File Activities

File Opened

Process Activities

Thread Sleep

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6252, Parent PID: 6236

General

Start time (UTC):	09:53:24
Start date (UTC):	07/03/2025
Path:	/tmp/ub8ehJSePAfc9FYqZIT6.mpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report ub8ehJSePAfc9FYqZIT6.mpsl.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6236, Parent PID: 6160

General

File Activities

File Opened

File Read

Directory Enumerated

Process Activities

Process Forked

Thread Sleep

System Activities

Query System Information (uname)

Network Activities

Socket Connecting

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6238, Parent PID: 6236

General

Process Activities

Process Forked

Thread Sleep

Chronological Activities

Analysis Process: ub8ehJSePAfc9FYqZIT6.mpsl.elf PID: 6240, Parent PID: 6238

General

File Activities

File Opened

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.mpsl.elf