Play interactive tour

Edit tour

Linux Analysis Report x86_64

Overview

General Information

Sample Name:	x86_64
Analysis ID:	512016
MD5:	7a40533ae23c9ad78f62854030cae373
SHA1:	1be1d20769e6d38dce5df729347ec73487d91bc7
SHA256:	edc6930b30ecad1c771ed2297a7633303663bbe49ee1837c57266167d532e4f7
Tags:	elf
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512016
Start date:	29.10.2021
Start time:	21:36:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 36s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	x86_64
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.troj.evad.lin@0/0@1/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

x86_64 (PID: 5247, Parent: 5116, MD5: 7a40533ae23c9ad78f62854030cae373) Arguments: /tmp/x86_64

x86_64 New Fork (PID: 5248, Parent: 5247)

x86_64 New Fork (PID: 5249, Parent: 5247)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
x86_64	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12bf8:$xo1: \x19;.=885{azd 0x12c68:$xo1: \x19;.=885{azd 0x12ccc:$xo1: \x19;.=885{azd 0x12d38:$xo1: \x19;.=885{azd 0x12da4:$xo1: \x19;.=885{azd 0x12e98:$xo1: \x19;.=885{azd 0x12f00:$xo1: \x19;.=885{azd 0x12f70:$xo1: \x19;.=885{azd 0x12fe0:$xo1: \x19;.=885{azd 0x13050:$xo1: \x19;.=885{azd 0x130c0:$xo1: \x19;.=885{azd 0x131e4:$xo1: \x175 366;uotj 0x13254:$xo1: \x175 366;uotj 0x132c4:$xo1: \x175 366;uotj 0x13334:$xo1: \x175 366;uotj 0x133a4:$xo1: \x175 366;uotj 0x1341c:$xo1: \x19;.=885{azd 0x13460:$xo1: \x19;.=885{azd 0x134ac:$xo1: \x19;.=885{azd 0x13508:$xo1: \x19;.=885{azd 0x13550:$xo1: \x19;.=885{azd

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5247.1.00000000c83f63f6.000000005310170b.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x5c8:$xo1: \x175 366;uotj 0x640:$xo1: \x175 366;uotj 0x6b8:$xo1: \x175 366;uotj 0x730:$xo1: \x175 366;uotj 0x7a8:$xo1: \x175 366;uotj 0x828:$xo1: \x19;.=885{azd 0x898:$xo1: \x19;.=885{azd 0x900:$xo1: \x19;.=885{azd 0x970:$xo1: \x19;.=885{azd 0x9e0:$xo1: \x19;.=885{azd 0xae0:$xo1: \x19;.=885{azd 0xb98:$xo1: \x19;.=885{azd 0xbe0:$xo1: \x19;.=885{azd 0xc30:$xo1: \x19;.=885{azd 0xc90:$xo1: \x19;.=885{azd 0xcd8:$xo1: \x19;.=885{azd 0xcf8:$xo1: \x19;.=885{azd 0xd48:$xo1: \x19;.=885{azd 0xd90:$xo1: \x19;.=885{azd 0xdf0:$xo1: \x19;.=885{azd 0xe60:$xo1: \x19;.=885{azd
5247.1.000000001a887bdc.000000000b831e49.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x12bf8:$xo1: \x19;.=885{azd 0x12c68:$xo1: \x19;.=885{azd 0x12ccc:$xo1: \x19;.=885{azd 0x12d38:$xo1: \x19;.=885{azd 0x12da4:$xo1: \x19;.=885{azd 0x12e98:$xo1: \x19;.=885{azd 0x12f00:$xo1: \x19;.=885{azd 0x12f70:$xo1: \x19;.=885{azd 0x12fe0:$xo1: \x19;.=885{azd 0x13050:$xo1: \x19;.=885{azd 0x130c0:$xo1: \x19;.=885{azd 0x131e4:$xo1: \x175 366;uotj 0x13254:$xo1: \x175 366;uotj 0x132c4:$xo1: \x175 366;uotj 0x13334:$xo1: \x175 366;uotj 0x133a4:$xo1: \x175 366;uotj 0x1341c:$xo1: \x19;.=885{azd 0x13460:$xo1: \x19;.=885{azd 0x134ac:$xo1: \x19;.=885{azd 0x13508:$xo1: \x19;.=885{azd 0x13550:$xo1: \x19;.=885{azd

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: x86_64	Virustotal: Detection: 50%			Perma Link
Source: x86_64	ReversingLabs: Detection: 55%

Machine Learning detection for sample

Show sources

Source: x86_64

Joe Sandbox ML: detected

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53192
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53194
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53196
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53200
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53202
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53204
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53210
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53212
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53214
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53218
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53224
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53226
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53234
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53238
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53242
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53244
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53246
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53248
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53250
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53254
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53256
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53258
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53260
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53264
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53266
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53272
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53274
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53280
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53282
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53286
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53290
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53292
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53298
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53302
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53304
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53312
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53314
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53324
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53328
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:60498
Source: Traffic	Snort IDS: 716 INFO TELNET access 152.179.110.150:23 -> 192.168.2.23:53344
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44070
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44078
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44082
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44086
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44090
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44092
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44098
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44104
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44108
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 126.73.72.82:23 -> 192.168.2.23:44110
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 37.99.89.36:23 -> 192.168.2.23:59170
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 37.99.89.36:23 -> 192.168.2.23:59170
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:60714
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55324
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.217.233.51:23 -> 192.168.2.23:40288
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55324
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55324
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55392
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55392
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55392
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 196.170.161.0:23 -> 192.168.2.23:54680
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 196.170.161.0:23 -> 192.168.2.23:54680
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.117.191.40:23 -> 192.168.2.23:37356
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55502
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55502
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55502
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:60962
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.217.233.51:23 -> 192.168.2.23:40532
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55602
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50082
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50082
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55602
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55602
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50416
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50416
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50416
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55676
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55676
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.117.191.40:23 -> 192.168.2.23:37594
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 196.170.161.0:23 -> 192.168.2.23:54986
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 196.170.161.0:23 -> 192.168.2.23:54986
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50524
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55760
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50524
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50524
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:32932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50246
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50246
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55760
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.217.233.51:23 -> 192.168.2.23:40730
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50606
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55848
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50606
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55848
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55848
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50346
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50346
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:56676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:56676
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50668
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55890
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.117.191.40:23 -> 192.168.2.23:37796
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55890
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55890
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50668
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50668
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50400
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50400
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:56750
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:56750
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:33142
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:55976
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50760
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 196.170.161.0:23 -> 192.168.2.23:55226
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 196.170.161.0:23 -> 192.168.2.23:55226
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.217.233.51:23 -> 192.168.2.23:40940
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:55976
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:55976
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50760
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:56828
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:56828
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50510
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50510
Source: Traffic	Snort IDS: 716 INFO TELNET access 115.242.8.153:23 -> 192.168.2.23:56038
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50828
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37420
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 115.242.8.153:23 -> 192.168.2.23:56038
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 115.242.8.153:23 -> 192.168.2.23:56038
Source: Traffic	Snort IDS: 716 INFO TELNET access 172.96.169.171:23 -> 192.168.2.23:60486
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50828
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50828
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37492
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:56896
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:56896
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50610
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50610
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37520
Source: Traffic	Snort IDS: 716 INFO TELNET access 122.117.191.40:23 -> 192.168.2.23:38074
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37534
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:50968
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.103.144.225:23 -> 192.168.2.23:33388
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37576
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:50968
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:50968
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:57008
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:57008
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.217.233.51:23 -> 192.168.2.23:41206
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37608
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50722
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50722
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37620
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:51066
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:55526 -> 196.170.161.0:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 196.170.161.0:23 -> 192.168.2.23:55526
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 196.170.161.0:23 -> 192.168.2.23:55526
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37640
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:57086
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:57086
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 124.33.0.120:23 -> 192.168.2.23:51066
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 124.33.0.120:23 -> 192.168.2.23:51066
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37684
Source: Traffic	Snort IDS: 716 INFO TELNET access 172.96.169.171:23 -> 192.168.2.23:60748
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.35.79.18:23 -> 192.168.2.23:50804
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.35.79.18:23 -> 192.168.2.23:50804
Source: Traffic	Snort IDS: 716 INFO TELNET access 138.97.92.131:23 -> 192.168.2.23:37738
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.33.0.120:23 -> 192.168.2.23:51206
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 73.183.73.95:23 -> 192.168.2.23:57198
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 73.183.73.95:23 -> 192.168.2.23:57198

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57064
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45198
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45208
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45228
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41408
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41410
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41412
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41416
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41424
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41426
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41442

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.95.159.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 147.69.86.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 201.47.135.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 139.8.201.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 9.81.102.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 57.125.169.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 207.249.60.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 27.205.241.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 58.17.194.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 126.210.110.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 154.249.5.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 110.60.76.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 182.23.151.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 195.138.125.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 170.19.5.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 168.104.97.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 198.84.124.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 31.69.252.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.142.169.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 118.103.193.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 23.108.156.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 87.117.16.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 91.218.231.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.50.244.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 70.214.219.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 149.223.226.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 67.155.81.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 103.225.47.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 60.239.135.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 60.89.5.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 161.231.125.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 54.190.201.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.216.195.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 155.101.174.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 171.184.31.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 84.116.249.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 209.210.222.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 136.147.131.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 145.231.138.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 48.42.162.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 35.251.62.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 51.141.34.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 80.70.85.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.233.149.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 71.74.172.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 4.230.126.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 75.75.209.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 123.139.232.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 100.0.116.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 2.18.177.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.121.207.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 53.178.138.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 34.226.245.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.123.152.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 34.189.188.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 157.169.109.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 61.70.19.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.46.250.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 124.16.144.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 85.13.26.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 91.175.86.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.245.215.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 177.23.108.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 121.163.60.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 72.227.46.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 193.255.149.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 125.247.202.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 104.19.34.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 138.225.174.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 139.65.23.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 110.2.152.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 63.63.12.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 134.113.205.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 45.36.183.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 115.185.148.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 207.124.114.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 210.173.216.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 86.98.220.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:49008 -> 107.189.1.185:9331
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 65.198.152.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 59.100.27.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 106.175.157.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 100.47.119.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 93.230.122.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.112.187.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 12.207.203.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 217.87.26.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 47.254.2.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 112.196.94.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 14.35.157.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 9.193.70.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 158.174.17.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.102.80.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 150.218.52.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 155.35.82.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.109.65.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 27.16.233.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 65.255.44.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 1.120.237.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 41.83.169.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 190.107.236.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 102.92.245.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.195.12.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 147.34.38.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.155.62.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 213.174.75.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 103.58.207.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.175.136.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 93.215.39.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 61.131.247.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 185.226.170.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 101.215.59.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 196.192.140.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 70.33.188.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.17.108.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 95.95.181.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 199.191.84.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 45.43.97.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.92.5.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 98.180.163.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 195.179.197.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 87.168.122.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.171.96.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.237.32.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.199.133.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 143.42.64.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 97.106.95.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 185.127.86.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 95.41.171.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 207.32.12.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 133.12.110.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 38.163.31.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 109.92.25.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 133.81.169.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.61.13.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 48.226.164.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 45.125.129.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 75.122.170.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.52.165.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 52.138.222.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 105.178.4.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 136.146.239.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 34.196.6.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 188.149.82.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.22.17.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 101.6.11.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 207.131.124.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 39.33.212.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 163.91.183.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 18.62.57.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 136.143.155.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 146.92.107.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 163.15.216.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 165.68.89.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 149.167.164.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.144.75.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 204.181.74.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 170.170.238.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 120.243.243.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 118.104.161.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 88.45.66.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 182.145.154.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 63.218.181.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.21.236.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 213.144.76.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.181.217.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 175.231.148.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 135.249.138.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 95.164.165.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 159.173.102.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 63.126.144.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 46.61.102.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.93.148.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.213.117.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 168.7.158.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 65.6.91.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 121.171.16.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 166.184.171.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.100.1.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 177.215.103.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 132.51.121.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 201.137.221.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 142.154.47.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 138.111.205.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 119.165.226.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 12.249.84.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 105.103.111.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 161.229.109.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 210.46.99.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 145.64.84.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 17.53.27.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 51.34.17.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 74.241.163.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 205.62.136.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 62.69.211.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 77.234.95.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 197.39.89.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 140.177.140.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 191.224.162.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 153.72.97.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 210.36.139.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 211.23.255.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 52.7.74.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 71.28.176.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 51.206.0.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.72.47.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 135.225.85.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 76.38.127.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 44.185.201.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.206.30.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 70.57.214.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 193.189.242.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 152.233.227.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 58.123.9.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 112.227.11.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 64.14.43.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 101.202.6.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 115.14.245.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 112.0.166.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 122.124.111.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 129.198.102.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 93.245.245.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.194.48.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 108.204.161.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 134.133.178.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 100.142.92.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.59.106.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 84.13.46.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 99.168.224.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.253.55.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 92.57.199.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 138.145.212.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 23.19.150.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 188.42.30.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 171.82.115.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 66.117.36.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 213.224.136.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 100.213.100.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 78.56.204.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 135.111.175.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 76.107.93.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 43.79.171.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.195.140.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 92.137.153.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 142.24.49.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 136.165.151.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 196.9.135.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 124.214.233.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 50.84.42.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.18.138.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 84.113.240.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 122.223.157.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 115.70.36.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 94.179.24.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 59.110.49.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 220.228.170.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 222.5.11.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 8.83.50.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 209.81.79.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 87.54.179.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 223.6.91.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 195.202.126.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.177.248.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 110.108.3.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 104.60.108.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 35.112.43.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 41.238.241.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 23.255.117.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 129.114.129.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 23.46.160.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 137.224.119.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 178.230.108.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.72.33.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 110.116.39.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 221.5.98.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 75.176.181.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 182.165.100.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 69.136.237.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 2.163.142.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 101.88.53.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.136.47.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 171.195.11.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 155.37.136.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 203.191.91.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 120.208.174.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 43.175.64.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 205.147.34.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 113.217.102.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 143.166.227.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 52.103.156.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 92.232.68.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 121.65.164.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.131.128.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.66.150.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 113.41.183.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 103.228.167.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.129.129.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 157.217.224.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 86.44.145.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 206.127.58.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 103.203.38.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 200.174.184.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 71.61.77.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 180.6.252.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 102.93.117.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 180.199.189.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 87.34.220.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.225.189.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 114.235.135.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 217.119.101.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 37.70.57.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 46.164.84.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 57.143.65.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 200.204.12.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 81.121.191.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 5.100.138.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.16.112.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 40.245.208.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 209.127.100.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 200.95.88.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 209.112.212.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 117.17.246.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.152.3.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 141.13.146.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 121.44.242.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 152.251.241.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.203.135.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 19.40.138.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 177.26.243.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 126.65.154.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 198.60.25.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 150.95.202.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 186.91.254.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 120.91.101.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 150.10.209.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 42.74.48.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.84.226.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 73.145.38.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 69.209.97.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 113.176.127.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 98.7.103.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 62.96.133.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 113.71.4.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 166.201.227.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 149.165.156.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 151.201.169.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 41.204.169.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 147.71.15.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 36.242.62.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 121.108.240.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 38.206.144.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 156.141.77.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 52.166.4.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.166.38.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.33.122.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 77.18.86.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 208.145.64.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 83.22.203.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 205.24.52.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 65.2.60.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 173.231.19.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 48.124.27.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 117.251.243.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 84.162.228.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 98.39.13.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 212.233.232.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 199.24.254.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 76.228.253.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 109.16.43.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 159.144.206.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 183.61.37.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.124.34.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 92.64.108.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 71.249.223.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 208.202.174.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 152.197.61.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 205.85.175.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 123.43.254.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 151.122.58.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 39.54.193.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 94.174.114.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 213.141.176.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.200.180.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.192.53.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 165.175.217.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 152.214.172.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 51.14.120.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 76.105.191.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 38.236.209.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 164.53.216.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 149.157.186.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 133.67.90.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 77.81.196.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 72.154.236.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 98.228.114.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 203.31.6.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 65.102.106.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 68.55.247.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 50.136.1.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 90.205.242.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 73.248.107.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 84.248.174.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 91.42.137.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 193.178.202.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.163.19.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.135.228.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 91.142.210.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 71.97.73.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 70.58.39.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.39.242.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 27.30.22.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 209.199.220.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 220.245.104.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 148.155.26.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 128.216.98.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 99.147.179.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.187.40.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 183.188.206.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 114.4.91.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 131.170.184.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 195.187.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 100.219.195.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 86.233.40.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 162.215.231.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 131.206.9.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 115.74.108.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.64.145.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 142.111.172.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 57.152.89.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 76.150.31.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 110.132.243.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 173.86.136.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 149.114.141.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 200.69.6.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 220.254.7.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 89.191.212.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 168.237.19.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 168.250.37.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 188.43.92.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 31.255.96.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 132.184.213.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 175.102.197.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 194.162.144.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 218.51.242.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 117.189.107.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 85.73.102.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 139.18.42.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 107.62.229.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 105.1.182.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 153.175.105.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 108.132.213.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 161.204.74.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 213.124.224.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 169.99.175.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.151.152.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 137.240.30.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 25.157.44.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 25.144.157.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 113.108.237.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.104.230.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 196.79.236.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 194.223.99.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 153.134.0.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 69.45.79.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 14.177.32.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 221.177.139.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 39.5.215.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 167.110.107.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 151.222.47.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.75.233.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 114.64.55.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 210.156.72.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 12.61.95.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 202.24.88.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 32.251.151.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 146.56.142.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 38.206.26.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 137.4.187.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 151.164.251.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 53.254.10.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 216.70.221.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 134.133.150.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 140.208.89.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 222.207.158.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 201.33.140.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 62.185.216.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 12.238.16.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 185.188.46.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 46.168.59.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 37.122.62.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.105.18.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 66.48.23.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 174.165.176.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 181.66.78.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 53.220.13.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 79.153.232.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 184.223.24.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 59.236.94.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 219.13.19.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:19446 -> 8.85.29.126:2323

Source: unknown

DNS traffic detected: queries for: bots1.firewalla1337.cc

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 174.95.159.175
Source: unknown	TCP traffic detected without corresponding DNS query: 50.188.130.215
Source: unknown	TCP traffic detected without corresponding DNS query: 103.102.131.51
Source: unknown	TCP traffic detected without corresponding DNS query: 60.9.216.105
Source: unknown	TCP traffic detected without corresponding DNS query: 35.118.53.204
Source: unknown	TCP traffic detected without corresponding DNS query: 35.28.121.131
Source: unknown	TCP traffic detected without corresponding DNS query: 91.186.34.166
Source: unknown	TCP traffic detected without corresponding DNS query: 147.69.86.29
Source: unknown	TCP traffic detected without corresponding DNS query: 73.67.67.194
Source: unknown	TCP traffic detected without corresponding DNS query: 13.119.18.50
Source: unknown	TCP traffic detected without corresponding DNS query: 112.225.140.175
Source: unknown	TCP traffic detected without corresponding DNS query: 97.8.53.202
Source: unknown	TCP traffic detected without corresponding DNS query: 203.217.167.125
Source: unknown	TCP traffic detected without corresponding DNS query: 147.254.203.192
Source: unknown	TCP traffic detected without corresponding DNS query: 203.11.140.176
Source: unknown	TCP traffic detected without corresponding DNS query: 116.73.212.243
Source: unknown	TCP traffic detected without corresponding DNS query: 197.43.230.101
Source: unknown	TCP traffic detected without corresponding DNS query: 201.47.135.71
Source: unknown	TCP traffic detected without corresponding DNS query: 176.60.26.145
Source: unknown	TCP traffic detected without corresponding DNS query: 2.129.1.95
Source: unknown	TCP traffic detected without corresponding DNS query: 213.177.198.126
Source: unknown	TCP traffic detected without corresponding DNS query: 193.155.196.105
Source: unknown	TCP traffic detected without corresponding DNS query: 51.224.29.87
Source: unknown	TCP traffic detected without corresponding DNS query: 77.57.91.252
Source: unknown	TCP traffic detected without corresponding DNS query: 72.226.34.62
Source: unknown	TCP traffic detected without corresponding DNS query: 9.19.123.101
Source: unknown	TCP traffic detected without corresponding DNS query: 64.175.181.205
Source: unknown	TCP traffic detected without corresponding DNS query: 213.58.173.236
Source: unknown	TCP traffic detected without corresponding DNS query: 139.8.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 38.82.129.76
Source: unknown	TCP traffic detected without corresponding DNS query: 46.40.47.214
Source: unknown	TCP traffic detected without corresponding DNS query: 48.5.44.126
Source: unknown	TCP traffic detected without corresponding DNS query: 90.130.14.108
Source: unknown	TCP traffic detected without corresponding DNS query: 180.162.125.133
Source: unknown	TCP traffic detected without corresponding DNS query: 189.81.139.222
Source: unknown	TCP traffic detected without corresponding DNS query: 220.1.112.95
Source: unknown	TCP traffic detected without corresponding DNS query: 200.34.155.86
Source: unknown	TCP traffic detected without corresponding DNS query: 156.178.244.153
Source: unknown	TCP traffic detected without corresponding DNS query: 48.242.28.181
Source: unknown	TCP traffic detected without corresponding DNS query: 219.244.205.158
Source: unknown	TCP traffic detected without corresponding DNS query: 114.231.175.79
Source: unknown	TCP traffic detected without corresponding DNS query: 54.57.2.168
Source: unknown	TCP traffic detected without corresponding DNS query: 9.81.102.29
Source: unknown	TCP traffic detected without corresponding DNS query: 152.20.5.205
Source: unknown	TCP traffic detected without corresponding DNS query: 57.125.169.30
Source: unknown	TCP traffic detected without corresponding DNS query: 145.183.93.193
Source: unknown	TCP traffic detected without corresponding DNS query: 207.249.60.36
Source: unknown	TCP traffic detected without corresponding DNS query: 194.119.108.59
Source: unknown	TCP traffic detected without corresponding DNS query: 71.252.176.115
Source: unknown	TCP traffic detected without corresponding DNS query: 17.183.159.17

Source: x86_64, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.00000000c83f63f6.000000005310170b.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.000000001a887bdc.000000000b831e49.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.evad.lin@0/0@1/0

Source: x86_64

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Show sources

Source: /tmp/x86_64 (PID: 5247)

File: /tmp/x86_64

Jump to behavior

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57060
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57064
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57068
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57124
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57134
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 57142
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45192
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45194
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45198
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45202
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45206
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45208
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45214
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45220
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45224
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45228
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41408
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41410
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41412
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41416
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41424
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41426
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 41442

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	File Deletion1	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
x86_64	51%	Virustotal		Browse
x86_64	56%	ReversingLabs	Linux.Trojan.Mirai
x86_64	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bots1.firewalla1337.cc	8%	Virustotal		Browse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bots1.firewalla1337.cc	107.189.1.185	true	true	8%, Virustotal, Browse	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
130.133.232.22	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
155.0.225.251	unknown	Zambia	37532	ZAMRENZM	false
198.172.66.199	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
82.221.214.204	unknown	Iceland	50613	THORDC-ASIS	false
108.11.242.13	unknown	United States	701	UUNETUS	false
120.244.148.81	unknown	China	56048	CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN	false
74.221.73.199	unknown	United States	29979	PWN-ASBLKUS	false
177.75.64.252	unknown	Brazil	53087	TELYLtdaBR	false
176.67.2.102	unknown	Ukraine	25133	MCLAUT-ASUA	false
43.118.71.45	unknown	Japan	4249	LILLY-ASUS	false
157.121.89.74	unknown	United States	2514	INFOSPHERENTTPCCommunicationsIncJP	false
210.47.182.189	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
63.77.90.121	unknown	United States	701	UUNETUS	false
196.37.208.82	unknown	South Africa	3741	ISZA	false
193.11.59.4	unknown	Sweden	1653	SUNETSUNETSwedishUniversityNetworkEU	false
87.17.178.55	unknown	Italy	3269	ASN-IBSNAZIT	false
124.51.222.169	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
57.138.213.131	unknown	Belgium	2686	ATGS-MMD-ASUS	false
13.143.18.135	unknown	United States	7018	ATT-INTERNET4US	false
103.12.43.115	unknown	Pakistan	17557	PKTELECOM-AS-PKPakistanTelecommunicationCompanyLimited	false
174.35.85.209	unknown	United States	36408	CDNETWORKSUS-02US	false
114.69.8.59	unknown	Japan	2519	VECTANTARTERIANetworksCorporationJP	false
96.223.226.155	unknown	United States	7922	COMCAST-7922US	false
115.132.18.46	unknown	Malaysia	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
154.137.125.103	unknown	Egypt	37069	MOBINILEG	false
136.209.152.247	unknown	United States	1556	DNIC-ASBLK-01550-01601US	false
186.233.176.86	unknown	Brazil	53209	MantiqueiraTecnologiaLtdaBR	false
174.167.169.170	unknown	United States	7922	COMCAST-7922US	false
117.198.255.236	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
180.251.193.119	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
78.16.135.24	unknown	Ireland	2110	AS-BTIREBTIrelandwaspreviouslyknownasEsatNetEUnet	false
179.48.52.52	unknown	unknown	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
71.244.220.141	unknown	United States	701	UUNETUS	false
91.178.161.159	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
202.92.242.39	unknown	Australia	18111	NETSPEED-AS-APNetspeedInternetCommunicationsAU	false
206.155.137.28	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
208.80.224.3	unknown	United States	33680	TELEPERFORMANCE-USAUS	false
157.71.232.72	unknown	Japan	131932	JEIS-NETJREastInformationSystemsCompanyJP	false
74.235.184.1	unknown	United States	7018	ATT-INTERNET4US	false
43.226.205.246	unknown	China	133881	RBSPL-AS-APRetracBusinessSolutionsPtyLtdAU	false
145.173.25.109	unknown	Netherlands	59524	KPN-IAASNL	false
136.171.73.191	unknown	United States	2152	CSUNET-NWUS	false
124.100.26.173	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
52.214.28.2	unknown	United States	16509	AMAZON-02US	false
77.18.134.247	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
74.160.83.161	unknown	United States	10796	TWC-10796-MIDWESTUS	false
198.137.125.185	unknown	United States	292	ESNET-WESTUS	false
17.254.82.69	unknown	United States	714	APPLE-ENGINEERINGUS	false
150.193.183.205	unknown	United States	1479	DNIC-ASBLK-01478-01479US	false
209.62.244.169	unknown	United States	32719	BEPC-ASUS	false
13.53.138.117	unknown	United States	16509	AMAZON-02US	false
150.215.62.48	unknown	United States	3680	NOVELLUS	false
76.226.188.67	unknown	United States	7018	ATT-INTERNET4US	false
191.184.76.41	unknown	Brazil	28573	CLAROSABR	false
213.198.183.242	unknown	Italy	15589	ASN-CLOUDITALIAIT	false
156.99.71.214	unknown	United States	1998	STATE-OF-MNUS	false
105.64.212.1	unknown	Morocco	36884	MAROCCONNECTMA	false
123.148.206.41	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
202.146.173.26	unknown	China	24212	JASNET-AS-IDPTJASNITATELEKOMINDOID	false
191.167.46.134	unknown	Brazil	26615	TIMSABR	false
169.18.199.22	unknown	United States	37611	AfrihostZA	false
193.23.6.28	unknown	Romania	51799	FIDELNET-ASStrIonIrimescuNr307SatSfantuIlieRO	false
135.47.229.218	unknown	United States	54614	CIKTELECOM-CABLECA	false
142.105.76.151	unknown	United States	12271	TWC-12271-NYCUS	false
193.68.159.5	unknown	Bulgaria	3245	DIGSYS-ASBG	false
37.99.130.185	unknown	Saudi Arabia	47794	ATHEEB-ASSA	false
211.57.156.75	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
141.114.210.100	unknown	United States	557	UMAINE-SYS-ASUS	false
163.185.9.187	unknown	United States	72	SCHLUMBERGER-ASUS	false
183.235.236.244	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
186.106.45.195	unknown	Chile	7418	TELEFONICACHILESACL	false
150.44.223.255	unknown	Japan	9991	SHUDO-UHiroshimaShudoUniversityJP	false
182.80.182.5	unknown	China	23771	SXBCTV-APSXBCTVInternetServiceProviderCN	false
19.125.23.83	unknown	United States	3	MIT-GATEWAYSUS	false
161.62.8.86	unknown	Switzerland	559	SWITCHPeeringrequestspeeringswitchchEU	false
187.123.195.13	unknown	Brazil	28573	CLAROSABR	false
46.79.34.204	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
159.51.229.171	unknown	Germany	20561	AS20561-INADE	false
51.44.192.155	unknown	United States	2686	ATGS-MMD-ASUS	false
160.40.127.133	unknown	Greece	47616	CERTHGR	false
94.107.201.172	unknown	Belgium	47377	ORANGE_BELGIUM_SAKPNBelgiumBusinessNVhasbeenacquired	false
152.40.102.142	unknown	United States	53785	UNC-GREENSBOROUS	false
96.138.142.23	unknown	United States	7922	COMCAST-7922US	false
108.67.11.143	unknown	United States	7018	ATT-INTERNET4US	false
44.66.151.214	unknown	United States	7377	UCSDUS	false
43.105.198.76	unknown	Japan	4249	LILLY-ASUS	false
98.160.221.119	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
64.154.123.164	unknown	United States	3356	LEVEL3US	false
126.58.120.109	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
159.51.14.151	unknown	Germany	20561	AS20561-INADE	false
129.55.204.176	unknown	United States	63	LL-MIUS	false
179.32.239.38	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
173.179.156.229	unknown	Canada	5769	VIDEOTRONCA	false
119.13.200.68	unknown	Australia	9723	ISEEK-AS-APiseekCommunicationsPtyLtdAU	false
170.255.199.23	unknown	Belgium	5400	BTGB	false
189.104.135.131	unknown	Brazil	7738	TelemarNorteLesteSABR	false
103.57.39.81	unknown	Indonesia	55699	STARNET-AS-IDPTCemerlangMultimediaID	false
189.181.130.66	unknown	Mexico	8151	UninetSAdeCVMX	false
157.62.205.22	unknown	United States	22192	SSHENETUS	false
2.160.72.2	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false

Runtime Messages

Command:	/tmp/x86_64
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	listening to tun0
Standard Error:

Joe Sandbox View / Context

IPs

No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
bots1.firewalla1337.cc	jJ6GK5qbZt	Get hash	malicious	Browse	107.189.1.185
	KPz4ERtS9a	Get hash	malicious	Browse	107.189.1.185
	UNNEIaOxVM	Get hash	malicious	Browse	107.189.1.185
	ATc5uxXlTp	Get hash	malicious	Browse	107.189.1.185
	il32XbklZm	Get hash	malicious	Browse	107.189.1.185
	IN7REq0Jv5	Get hash	malicious	Browse	107.189.1.185
	HDgtpV43hX	Get hash	malicious	Browse	107.189.1.185
	B2WBaqkm8k	Get hash	malicious	Browse	107.189.1.185
	7SerHvEAjE	Get hash	malicious	Browse	107.189.1.185
	i686	Get hash	malicious	Browse	107.189.1.185
	m5DozqUO2t	Get hash	malicious	Browse	107.189.1.185
	avxeC9Wssi	Get hash	malicious	Browse	107.189.1.185
	ayx5kFWYmZ	Get hash	malicious	Browse	107.189.1.185
	p4vXpD0P73	Get hash	malicious	Browse	107.189.1.185
	j3LQELTT0m	Get hash	malicious	Browse	107.189.1.185
	BLBHEA8knd	Get hash	malicious	Browse	107.189.1.185
	mips	Get hash	malicious	Browse	107.189.1.185
	x86_64	Get hash	malicious	Browse	107.189.1.185
	arm	Get hash	malicious	Browse	107.189.1.185
	Ynffczq7m4	Get hash	malicious	Browse	107.189.1.185

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	vEBWe85OY5	Get hash	malicious	Browse	193.174.164.2
	5mLAGfiGBf	Get hash	malicious	Browse	141.94.41.5
	Installer.exe	Get hash	malicious	Browse	141.94.188.139
	LCgNoeCOl6	Get hash	malicious	Browse	141.61.124.247
	yZ7D7o1Z7p	Get hash	malicious	Browse	149.222.208.5
	sj2211QUKu	Get hash	malicious	Browse	141.65.9.77
	P4ci8kzzCS.exe	Get hash	malicious	Browse	141.94.188.138
	dMP72tpVfm.exe	Get hash	malicious	Browse	141.94.188.138
	mdyu2wtnR8	Get hash	malicious	Browse	188.1.166.66
	GQM8qzLfFs	Get hash	malicious	Browse	192.108.25.227
	Installer.exe	Get hash	malicious	Browse	141.94.188.139
	KPz4ERtS9a	Get hash	malicious	Browse	141.30.26.199
	Cleaner.exe	Get hash	malicious	Browse	141.94.188.139
	uK570ZEpyQ	Get hash	malicious	Browse	141.9.190.205
	pLpqV3XZ76	Get hash	malicious	Browse	141.99.244.214
	b3astmode.x86	Get hash	malicious	Browse	141.35.196.152
	JYWllP5wHP	Get hash	malicious	Browse	132.199.165.171
	uwgXkY20gB	Get hash	malicious	Browse	139.21.47.133
	sora.x86	Get hash	malicious	Browse	141.99.244.226
	sora.arm7	Get hash	malicious	Browse	193.174.61.141
NTT-COMMUNICATIONS-2914US	WnhlYWJ5C5	Get hash	malicious	Browse	205.47.168.95
	RVG73cR3DP	Get hash	malicious	Browse	205.45.106.28
	2pPPNW1XSo	Get hash	malicious	Browse	168.143.4.195
	1b5356SnwB	Get hash	malicious	Browse	204.1.128.214
	yZ7D7o1Z7p	Get hash	malicious	Browse	198.247.45.180
	arm7	Get hash	malicious	Browse	209.69.48.55
	KPz4ERtS9a	Get hash	malicious	Browse	198.65.209.238
	db0fa4b8db0333367e9bda3ab68b8042.x86	Get hash	malicious	Browse	204.156.18.76
	MjqRJNVy8K	Get hash	malicious	Browse	204.141.27.195
	GvPiIhzmX1	Get hash	malicious	Browse	161.58.199.139
	gKCq4VLpjL	Get hash	malicious	Browse	207.153.208.134
	UYnpKcFZ2s	Get hash	malicious	Browse	206.54.15.11
	pLpqV3XZ76	Get hash	malicious	Browse	198.65.210.163
	b3astmode.arm7	Get hash	malicious	Browse	209.238.137.106
	arm	Get hash	malicious	Browse	104.88.11.46
	FWsCarsq8Q	Get hash	malicious	Browse	128.241.223.16
	sora.arm7	Get hash	malicious	Browse	209.70.74.37
	PFD33mzc5l	Get hash	malicious	Browse	205.47.193.77
	7qvn4qlmi3	Get hash	malicious	Browse	206.58.73.143
	JuofJwjQMT	Get hash	malicious	Browse	161.58.199.187
ZAMRENZM	2pPPNW1XSo	Get hash	malicious	Browse	155.1.97.79
	S1WMHUXAQU	Get hash	malicious	Browse	155.132.115.250
	UYnpKcFZ2s	Get hash	malicious	Browse	155.181.232.64
	dAhGa49Lql	Get hash	malicious	Browse	155.73.40.76
	kMn6L4fH2T	Get hash	malicious	Browse	155.176.102.219
	H9pX0VKTN5	Get hash	malicious	Browse	155.180.201.36
	hoho.arm7	Get hash	malicious	Browse	155.73.39.82
	jew.x86	Get hash	malicious	Browse	155.21.62.219
	7mtKAPnOCb	Get hash	malicious	Browse	155.160.190.198
	1WL2kQmrNk	Get hash	malicious	Browse	155.67.122.229
	0FPjf8qK5E	Get hash	malicious	Browse	155.17.233.118
	fK8cP1dNlv	Get hash	malicious	Browse	155.128.185.199
	5yjXpBEf1o	Get hash	malicious	Browse	155.21.178.46
	666.arm	Get hash	malicious	Browse	155.132.115.244
	hoho.x86	Get hash	malicious	Browse	155.67.50.170
	hoho.arm	Get hash	malicious	Browse	155.183.159.109
	arm7-20211013-0650	Get hash	malicious	Browse	155.176.111.219
	x86	Get hash	malicious	Browse	155.160.14.181
	ubr43ro8gn	Get hash	malicious	Browse	155.73.27.79
	yE2Dyk0Dcv	Get hash	malicious	Browse	155.181.220.25

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.436972842754819
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	x86_64
File size:	82704
MD5:	7a40533ae23c9ad78f62854030cae373
SHA1:	1be1d20769e6d38dce5df729347ec73487d91bc7
SHA256:	edc6930b30ecad1c771ed2297a7633303663bbe49ee1837c57266167d532e4f7
SHA512:	c0c5d3a170a68466ca0a2ab18f4f08639f1f9f2039b0c4909b07f436550d55def8af45e9ab0b5cffd047e0260744b13375925bbaa2db380aecdea96ad18623ae
SSDEEP:	1536:2EnSyw5t+1LeAvKwjPYZEnhuBcnWYfHGutkf/sSX+/ALeAvWlfwhU+yi5+EH:XSypKAvBjPYZsh8cnWYfHGuSsSX+/ALN
File Content Preview:	.ELF....................d...4....A......4. ...(......................;...;...............@..........@...............Q.td............................U..S.......w?...h....S...[]...$.............U......=@....t..5....$......$.......u........t....h............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048164
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	82304
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0x11f76	0x0	0x6	AX	16
.fini	PROGBITS	0x805a026	0x12026	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x805a040	0x12040	0x1b60	0x0	0x2	A	32
.ctors	PROGBITS	0x805c000	0x14000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805c008	0x14008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805c020	0x14020	0x120	0x0	0x3	WA	32
.bss	NOBITS	0x805c140	0x14140	0x840	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x14140	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x13ba0	0x13ba0	3.9183	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x14000	0x805c000	0x805c000	0x140	0x980	2.4523	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2021 21:36:54.275737047 CEST	19446	2323	192.168.2.23	174.95.159.175
Oct 29, 2021 21:36:54.275764942 CEST	19446	23	192.168.2.23	50.188.130.215
Oct 29, 2021 21:36:54.275765896 CEST	19446	23	192.168.2.23	103.102.131.51
Oct 29, 2021 21:36:54.275778055 CEST	19446	23	192.168.2.23	60.9.216.105
Oct 29, 2021 21:36:54.275780916 CEST	19446	23	192.168.2.23	35.118.53.204
Oct 29, 2021 21:36:54.275799036 CEST	19446	23	192.168.2.23	35.28.121.131
Oct 29, 2021 21:36:54.275799036 CEST	19446	23	192.168.2.23	91.186.34.166
Oct 29, 2021 21:36:54.275804996 CEST	19446	2323	192.168.2.23	147.69.86.29
Oct 29, 2021 21:36:54.275815964 CEST	19446	23	192.168.2.23	73.67.67.194
Oct 29, 2021 21:36:54.275819063 CEST	19446	23	192.168.2.23	13.119.18.50
Oct 29, 2021 21:36:54.275830984 CEST	19446	23	192.168.2.23	112.225.140.175
Oct 29, 2021 21:36:54.275834084 CEST	19446	23	192.168.2.23	97.8.53.202
Oct 29, 2021 21:36:54.275840998 CEST	19446	23	192.168.2.23	203.217.167.125
Oct 29, 2021 21:36:54.275845051 CEST	19446	23	192.168.2.23	147.254.203.192
Oct 29, 2021 21:36:54.275852919 CEST	19446	23	192.168.2.23	203.11.140.176
Oct 29, 2021 21:36:54.275852919 CEST	19446	23	192.168.2.23	116.73.212.243
Oct 29, 2021 21:36:54.275851965 CEST	19446	23	192.168.2.23	197.43.230.101
Oct 29, 2021 21:36:54.275857925 CEST	19446	2323	192.168.2.23	201.47.135.71
Oct 29, 2021 21:36:54.275860071 CEST	19446	23	192.168.2.23	176.60.26.145
Oct 29, 2021 21:36:54.275862932 CEST	19446	23	192.168.2.23	2.129.1.95
Oct 29, 2021 21:36:54.275866032 CEST	19446	23	192.168.2.23	213.177.198.126
Oct 29, 2021 21:36:54.275886059 CEST	19446	23	192.168.2.23	193.155.196.105
Oct 29, 2021 21:36:54.275890112 CEST	19446	23	192.168.2.23	51.224.29.87
Oct 29, 2021 21:36:54.275895119 CEST	19446	23	192.168.2.23	77.57.91.252
Oct 29, 2021 21:36:54.275897026 CEST	19446	23	192.168.2.23	72.226.34.62
Oct 29, 2021 21:36:54.275898933 CEST	19446	23	192.168.2.23	9.19.123.101
Oct 29, 2021 21:36:54.275901079 CEST	19446	23	192.168.2.23	64.175.181.205
Oct 29, 2021 21:36:54.275903940 CEST	19446	23	192.168.2.23	213.58.173.236
Oct 29, 2021 21:36:54.275913000 CEST	19446	2323	192.168.2.23	139.8.201.147
Oct 29, 2021 21:36:54.275924921 CEST	19446	23	192.168.2.23	38.82.129.76
Oct 29, 2021 21:36:54.275943995 CEST	19446	23	192.168.2.23	46.40.47.214
Oct 29, 2021 21:36:54.275952101 CEST	19446	23	192.168.2.23	48.5.44.126
Oct 29, 2021 21:36:54.275960922 CEST	19446	23	192.168.2.23	210.88.223.30
Oct 29, 2021 21:36:54.276094913 CEST	19446	23	192.168.2.23	90.130.14.108
Oct 29, 2021 21:36:54.276099920 CEST	19446	23	192.168.2.23	180.162.125.133
Oct 29, 2021 21:36:54.276102066 CEST	19446	23	192.168.2.23	189.81.139.222
Oct 29, 2021 21:36:54.276102066 CEST	19446	23	192.168.2.23	220.1.112.95
Oct 29, 2021 21:36:54.276103020 CEST	19446	23	192.168.2.23	200.34.155.86
Oct 29, 2021 21:36:54.276103020 CEST	19446	23	192.168.2.23	156.178.244.153
Oct 29, 2021 21:36:54.276107073 CEST	19446	23	192.168.2.23	48.242.28.181
Oct 29, 2021 21:36:54.276110888 CEST	19446	23	192.168.2.23	219.244.205.158
Oct 29, 2021 21:36:54.276113987 CEST	19446	23	192.168.2.23	114.231.175.79
Oct 29, 2021 21:36:54.276124001 CEST	19446	23	192.168.2.23	54.57.2.168
Oct 29, 2021 21:36:54.276125908 CEST	19446	2323	192.168.2.23	9.81.102.29
Oct 29, 2021 21:36:54.276130915 CEST	19446	23	192.168.2.23	152.20.5.205
Oct 29, 2021 21:36:54.276133060 CEST	19446	2323	192.168.2.23	57.125.169.30
Oct 29, 2021 21:36:54.276134968 CEST	19446	23	192.168.2.23	145.183.93.193
Oct 29, 2021 21:36:54.276138067 CEST	19446	2323	192.168.2.23	207.249.60.36
Oct 29, 2021 21:36:54.276140928 CEST	19446	23	192.168.2.23	194.119.108.59
Oct 29, 2021 21:36:54.276143074 CEST	19446	23	192.168.2.23	71.252.176.115
Oct 29, 2021 21:36:54.276145935 CEST	19446	23	192.168.2.23	17.183.159.17
Oct 29, 2021 21:36:54.276149988 CEST	19446	23	192.168.2.23	150.22.183.137
Oct 29, 2021 21:36:54.276153088 CEST	19446	23	192.168.2.23	174.91.115.88
Oct 29, 2021 21:36:54.276155949 CEST	19446	23	192.168.2.23	139.134.21.251
Oct 29, 2021 21:36:54.276158094 CEST	19446	23	192.168.2.23	14.159.81.235
Oct 29, 2021 21:36:54.276160955 CEST	19446	23	192.168.2.23	145.111.143.208
Oct 29, 2021 21:36:54.276160955 CEST	19446	23	192.168.2.23	131.208.226.35
Oct 29, 2021 21:36:54.276165009 CEST	19446	23	192.168.2.23	178.6.229.150
Oct 29, 2021 21:36:54.276165962 CEST	19446	23	192.168.2.23	46.221.6.4
Oct 29, 2021 21:36:54.276169062 CEST	19446	23	192.168.2.23	125.159.28.46
Oct 29, 2021 21:36:54.276170969 CEST	19446	23	192.168.2.23	210.180.10.41
Oct 29, 2021 21:36:54.276171923 CEST	19446	23	192.168.2.23	69.144.191.242
Oct 29, 2021 21:36:54.276174068 CEST	19446	23	192.168.2.23	117.143.168.228
Oct 29, 2021 21:36:54.276175022 CEST	19446	23	192.168.2.23	177.182.6.58
Oct 29, 2021 21:36:54.276176929 CEST	19446	23	192.168.2.23	24.28.249.245
Oct 29, 2021 21:36:54.276177883 CEST	19446	23	192.168.2.23	180.166.227.137
Oct 29, 2021 21:36:54.276177883 CEST	19446	23	192.168.2.23	120.82.204.132
Oct 29, 2021 21:36:54.276182890 CEST	19446	2323	192.168.2.23	27.205.241.171
Oct 29, 2021 21:36:54.276185989 CEST	19446	23	192.168.2.23	150.91.228.57
Oct 29, 2021 21:36:54.276185989 CEST	19446	23	192.168.2.23	2.5.87.29
Oct 29, 2021 21:36:54.276187897 CEST	19446	23	192.168.2.23	219.210.196.187
Oct 29, 2021 21:36:54.276190996 CEST	19446	23	192.168.2.23	161.56.112.52
Oct 29, 2021 21:36:54.276195049 CEST	19446	23	192.168.2.23	99.47.184.79
Oct 29, 2021 21:36:54.276196003 CEST	19446	2323	192.168.2.23	58.17.194.129
Oct 29, 2021 21:36:54.276199102 CEST	19446	2323	192.168.2.23	126.210.110.18
Oct 29, 2021 21:36:54.276201010 CEST	19446	23	192.168.2.23	19.85.195.80
Oct 29, 2021 21:36:54.276206970 CEST	19446	23	192.168.2.23	9.110.223.63
Oct 29, 2021 21:36:54.276211977 CEST	19446	23	192.168.2.23	154.54.45.212
Oct 29, 2021 21:36:54.276216984 CEST	19446	23	192.168.2.23	88.98.215.39
Oct 29, 2021 21:36:54.276221037 CEST	19446	23	192.168.2.23	82.162.39.143
Oct 29, 2021 21:36:54.276222944 CEST	19446	23	192.168.2.23	187.156.106.252
Oct 29, 2021 21:36:54.276226044 CEST	19446	23	192.168.2.23	147.112.66.5
Oct 29, 2021 21:36:54.276230097 CEST	19446	23	192.168.2.23	152.247.35.159
Oct 29, 2021 21:36:54.276235104 CEST	19446	23	192.168.2.23	155.174.19.251
Oct 29, 2021 21:36:54.276240110 CEST	19446	23	192.168.2.23	173.139.117.58
Oct 29, 2021 21:36:54.276267052 CEST	19446	23	192.168.2.23	68.32.174.196
Oct 29, 2021 21:36:54.276272058 CEST	19446	23	192.168.2.23	105.140.34.141
Oct 29, 2021 21:36:54.276273012 CEST	19446	23	192.168.2.23	34.85.98.190
Oct 29, 2021 21:36:54.276273966 CEST	19446	23	192.168.2.23	78.195.24.179
Oct 29, 2021 21:36:54.276274920 CEST	19446	2323	192.168.2.23	154.249.5.193
Oct 29, 2021 21:36:54.276276112 CEST	19446	23	192.168.2.23	187.222.134.10
Oct 29, 2021 21:36:54.276277065 CEST	19446	23	192.168.2.23	193.117.143.169
Oct 29, 2021 21:36:54.276278019 CEST	19446	23	192.168.2.23	133.130.0.107
Oct 29, 2021 21:36:54.276279926 CEST	19446	23	192.168.2.23	189.85.241.10
Oct 29, 2021 21:36:54.276281118 CEST	19446	23	192.168.2.23	130.68.136.38
Oct 29, 2021 21:36:54.276282072 CEST	19446	23	192.168.2.23	197.110.14.52
Oct 29, 2021 21:36:54.276283026 CEST	19446	23	192.168.2.23	157.60.42.116
Oct 29, 2021 21:36:54.276284933 CEST	19446	23	192.168.2.23	58.64.26.219
Oct 29, 2021 21:36:54.276284933 CEST	19446	23	192.168.2.23	181.185.89.20
Oct 29, 2021 21:36:54.276284933 CEST	19446	23	192.168.2.23	86.82.10.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 29, 2021 21:36:54.268131971 CEST	192.168.2.23	1.1.1.1	0xedca	Standard query (0)	bots1.firewalla1337.cc	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 29, 2021 21:36:54.285510063 CEST	1.1.1.1	192.168.2.23	0xedca	No error (0)	bots1.firewalla1337.cc		107.189.1.185	A (IP address)	IN (0x0001)

System Behavior

Analysis Process: x86_64 PID: 5247 Parent PID: 5116

General

Start time:	21:36:53
Start date:	29/10/2021
Path:	/tmp/x86_64
Arguments:	/tmp/x86_64
File size:	82704 bytes
MD5 hash:	7a40533ae23c9ad78f62854030cae373

Analysis Process: x86_64 PID: 5248 Parent PID: 5247

General

Start time:	21:36:53
Start date:	29/10/2021
Path:	/tmp/x86_64
Arguments:	n/a
File size:	82704 bytes
MD5 hash:	7a40533ae23c9ad78f62854030cae373

Analysis Process: x86_64 PID: 5249 Parent PID: 5247

General

Start time:	21:36:53
Start date:	29/10/2021
Path:	/tmp/x86_64
Arguments:	n/a
File size:	82704 bytes
MD5 hash:	7a40533ae23c9ad78f62854030cae373

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report x86_64

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: x86_64 PID: 5247 Parent PID: 5116

General

Analysis Process: x86_64 PID: 5248 Parent PID: 5247

General

Analysis Process: x86_64 PID: 5249 Parent PID: 5247

General