Linux Analysis Report z0x3n.x86

Overview

General Information

Sample Name:	z0x3n.x86
Analysis ID:	512619
MD5:	c2c1c54bbc5f372df082aebc0d983716
SHA1:	2c9ebbad068ea09d2fcf7cfff48608a8abdf4337
SHA256:	dd9c8a7d71f944ded984394fcc021043403e3a39ef424d70d2a3a18c3b58b69d
Infos:

Detection

Mirai

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: z0x3n.x86

Virustotal: Detection: 41%

Perma Link

Machine Learning detection for sample

Source: z0x3n.x86

Joe Sandbox ML: detected

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46804
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46812
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46814
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46816
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46820
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46868
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46918
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42324
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42324
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46936
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46954
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46990
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47048
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:47048 -> 177.126.89.178:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47088
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47128
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47168
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42604
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42604
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47198
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47206
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47214
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47222
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47228
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47236
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47282
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47342
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42760
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47356
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 103.192.76.235:23 -> 192.168.2.23:43346
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47364

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.1.101.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.229.138.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.13.231.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.147.72.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.37.20.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.70.39.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.190.30.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 156.58.60.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.159.209.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.0.55.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.44.145.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.121.47.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.227.190.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.126.58.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.246.158.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:60692 -> 37.0.10.67:11199
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.33.62.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 92.9.54.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 88.169.66.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.107.27.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.78.150.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.92.133.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.220.47.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 67.216.157.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.94.166.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.141.44.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 90.34.76.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.165.130.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.22.31.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.90.136.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.169.44.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.135.162.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 79.161.77.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.230.104.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.245.106.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.170.200.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.88.84.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.195.222.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.13.221.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.188.18.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.81.180.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 171.99.64.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.149.111.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.36.233.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.13.104.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.147.64.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 163.71.180.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.22.251.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.110.47.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.107.192.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.245.254.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.236.225.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.232.170.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 85.196.240.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.122.73.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.49.62.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 58.230.50.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.199.112.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.187.246.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.67.77.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.17.125.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.51.108.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 145.24.171.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.140.85.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 104.68.237.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.161.152.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 175.79.101.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 216.197.142.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 143.253.25.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.231.190.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.155.48.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.167.46.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.12.160.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.85.221.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.15.174.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.239.79.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.32.196.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.140.54.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.185.139.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.248.84.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.177.116.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.145.186.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 179.67.250.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.139.215.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.67.167.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.73.29.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 166.118.94.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.183.116.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 76.154.80.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.165.32.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.5.99.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.190.65.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 118.226.196.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.140.74.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 84.164.182.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 75.22.228.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 166.241.67.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.145.157.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.91.115.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.34.11.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.19.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.80.25.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 122.184.234.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.31.192.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.214.20.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.241.91.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.83.6.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.43.136.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 123.74.18.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.91.202.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.114.152.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 218.140.168.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.181.112.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 17.119.83.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.181.249.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.150.225.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.234.100.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.12.34.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.240.84.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.75.125.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.93.211.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.185.39.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.225.49.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.201.245.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.177.181.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 36.98.187.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.242.48.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 129.8.101.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 149.194.60.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 48.118.100.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 186.225.134.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 110.52.205.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 155.63.4.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.206.56.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.208.172.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.30.37.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.127.5.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 195.143.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.46.144.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 190.127.105.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.29.163.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 59.124.112.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 63.251.42.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.83.19.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.101.137.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 67.155.200.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.171.41.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 154.199.17.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.161.22.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.58.182.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.128.25.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.31.35.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.18.124.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.100.149.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 145.254.198.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 171.52.71.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.193.135.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.99.234.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.133.53.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.200.172.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.140.73.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.10.92.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 69.90.181.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.128.81.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.225.149.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 210.210.209.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 18.33.216.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.205.147.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.110.183.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.59.94.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 121.229.132.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 148.14.93.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.1.152.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.232.21.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.52.205.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.95.95.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.29.156.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.248.75.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.243.243.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.4.255.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.113.110.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.145.44.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.152.196.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 209.137.225.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.237.29.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.98.75.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.186.163.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.113.181.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.41.25.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.43.103.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.176.105.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 74.20.29.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.32.46.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.67.219.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.117.53.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.73.95.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 218.161.230.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.40.58.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.190.253.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.98.139.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.39.90.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.253.15.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.117.8.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.76.175.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.3.137.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.221.20.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.31.225.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.162.93.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.60.176.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.79.59.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 81.90.105.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 69.245.252.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.59.251.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.205.220.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 40.126.29.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.36.117.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.243.228.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 211.157.150.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.173.156.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 176.1.204.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 135.141.0.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 120.70.217.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.140.2.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.77.29.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 57.44.137.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.102.62.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 116.119.175.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.40.45.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 189.11.34.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.103.17.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.177.18.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.14.90.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.71.46.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.185.152.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.165.211.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 174.236.86.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.120.47.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 9.191.85.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 106.88.129.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 31.105.253.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.163.28.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.115.111.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 164.14.148.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 82.210.60.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.145.103.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.79.229.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 19.198.251.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.29.176.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.213.127.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.40.194.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.102.155.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 130.223.218.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.55.168.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 88.156.149.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.10.226.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.56.137.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 162.245.157.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 136.139.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.123.247.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.106.132.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.9.68.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.0.172.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.252.140.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 174.169.241.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.104.195.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.100.163.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 149.192.217.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.107.252.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.200.82.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 154.130.142.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.121.90.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.140.17.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.219.49.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 167.87.231.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 99.202.69.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.24.131.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 54.122.83.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.211.37.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.199.97.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.205.77.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.13.203.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 163.17.54.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.93.103.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.218.81.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.91.237.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.210.7.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.253.74.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.111.15.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.117.25.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 209.73.10.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.99.174.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.196.148.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.134.228.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.153.164.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.92.32.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.13.156.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.217.205.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.21.223.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.141.45.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.30.225.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.163.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.206.96.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.194.249.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.104.57.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.43.35.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.205.105.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.30.215.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.31.210.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 136.52.96.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.55.110.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.80.206.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 54.62.168.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.227.154.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.145.169.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.52.215.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.230.28.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.149.40.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 167.236.190.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.190.220.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.141.255.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.64.38.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.152.104.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.5.229.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 59.58.176.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.117.228.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.166.177.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.241.59.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.147.185.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 123.246.37.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.31.128.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.234.159.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.141.131.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.39.223.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.253.241.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.217.22.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.51.111.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 62.243.169.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.130.204.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.185.94.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 76.76.26.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 117.170.226.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.45.166.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.224.50.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 43.5.182.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.183.241.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.134.125.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.104.42.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.25.90.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 206.205.232.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.170.18.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 216.216.124.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.133.114.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 148.118.118.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.33.10.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.161.70.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 177.88.230.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.65.13.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 14.151.27.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.43.242.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.196.21.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.240.46.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.212.80.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.207.147.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.119.22.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.77.182.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.35.80.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.61.152.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.116.56.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 222.184.178.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 45.181.53.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.207.55.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.70.95.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.93.11.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.133.116.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 165.206.138.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 204.121.184.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.30.195.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.69.163.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.158.72.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 90.116.127.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 100.221.213.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.9.94.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.72.214.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.23.201.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.149.204.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.206.145.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.105.234.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.75.107.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 78.54.211.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.241.227.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.229.251.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 79.172.103.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 57.147.191.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 175.84.244.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.124.111.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.4.108.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.126.231.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 198.127.110.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.169.146.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.245.162.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.219.54.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 43.110.33.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 106.44.67.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.79.220.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.30.128.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.18.196.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.26.23.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 170.27.217.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.210.103.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.44.79.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.159.255.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 183.68.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.79.203.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 27.169.24.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.99.161.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.255.81.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 14.169.2.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.9.143.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.37.38.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.138.151.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.118.145.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.220.166.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.82.82.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 121.196.27.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.110.150.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.71.24.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 34.98.22.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 53.187.127.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.69.21.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.20.66.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 62.4.185.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.144.122.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.254.213.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.53.150.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.29.250.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.128.141.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.236.3.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.118.235.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.110.177.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.117.148.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.184.49.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.230.70.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.31.20.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.2.243.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 210.215.231.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.55.87.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.16.140.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.183.103.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 195.81.195.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.118.108.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.68.221.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.199.15.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.77.17.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.101.218.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.201.126.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 31.230.227.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.58.153.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 58.210.71.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.132.216.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.109.52.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.10.251.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.233.194.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 156.154.198.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.183.211.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 203.242.2.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.34.73.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.90.55.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.103.254.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.115.182.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.175.48.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 92.24.86.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.101.89.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 164.128.223.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.86.107.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.38.116.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.152.43.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 189.162.9.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.210.143.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.135.133.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 117.41.17.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.82.4.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.46.144.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.110.163.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.194.79.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.45.158.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.173.48.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.217.230.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.74.116.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.170.91.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.125.255.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.187.214.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 84.70.233.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 135.254.189.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.160.67.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.190.26.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 183.157.170.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.179.219.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 211.167.230.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.159.48.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 155.158.127.144:2323

Source: unknown

DNS traffic detected: queries for: z0x3n.cf

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 103.61.176.109
Source: unknown	TCP traffic detected without corresponding DNS query: 47.1.101.157
Source: unknown	TCP traffic detected without corresponding DNS query: 182.193.240.200
Source: unknown	TCP traffic detected without corresponding DNS query: 84.203.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 149.100.205.117
Source: unknown	TCP traffic detected without corresponding DNS query: 36.119.11.175
Source: unknown	TCP traffic detected without corresponding DNS query: 125.229.138.235
Source: unknown	TCP traffic detected without corresponding DNS query: 77.163.249.232
Source: unknown	TCP traffic detected without corresponding DNS query: 196.101.75.42
Source: unknown	TCP traffic detected without corresponding DNS query: 54.128.144.224
Source: unknown	TCP traffic detected without corresponding DNS query: 95.44.64.51
Source: unknown	TCP traffic detected without corresponding DNS query: 62.169.67.211
Source: unknown	TCP traffic detected without corresponding DNS query: 87.194.59.225
Source: unknown	TCP traffic detected without corresponding DNS query: 67.228.183.69
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.179.71
Source: unknown	TCP traffic detected without corresponding DNS query: 102.71.3.185
Source: unknown	TCP traffic detected without corresponding DNS query: 91.111.19.201
Source: unknown	TCP traffic detected without corresponding DNS query: 57.236.55.216
Source: unknown	TCP traffic detected without corresponding DNS query: 166.150.88.190
Source: unknown	TCP traffic detected without corresponding DNS query: 94.231.7.73
Source: unknown	TCP traffic detected without corresponding DNS query: 114.112.47.159
Source: unknown	TCP traffic detected without corresponding DNS query: 117.90.192.120
Source: unknown	TCP traffic detected without corresponding DNS query: 135.2.225.206
Source: unknown	TCP traffic detected without corresponding DNS query: 168.144.25.169
Source: unknown	TCP traffic detected without corresponding DNS query: 71.158.19.146
Source: unknown	TCP traffic detected without corresponding DNS query: 208.151.213.102
Source: unknown	TCP traffic detected without corresponding DNS query: 81.95.135.55
Source: unknown	TCP traffic detected without corresponding DNS query: 169.26.177.164
Source: unknown	TCP traffic detected without corresponding DNS query: 99.11.81.41
Source: unknown	TCP traffic detected without corresponding DNS query: 105.13.231.165
Source: unknown	TCP traffic detected without corresponding DNS query: 90.180.225.184
Source: unknown	TCP traffic detected without corresponding DNS query: 213.147.72.17
Source: unknown	TCP traffic detected without corresponding DNS query: 88.133.77.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.144.12.20
Source: unknown	TCP traffic detected without corresponding DNS query: 9.113.2.215
Source: unknown	TCP traffic detected without corresponding DNS query: 192.182.27.143
Source: unknown	TCP traffic detected without corresponding DNS query: 93.147.13.9
Source: unknown	TCP traffic detected without corresponding DNS query: 157.248.119.132
Source: unknown	TCP traffic detected without corresponding DNS query: 41.244.119.157
Source: unknown	TCP traffic detected without corresponding DNS query: 38.231.100.31
Source: unknown	TCP traffic detected without corresponding DNS query: 177.126.89.178
Source: unknown	TCP traffic detected without corresponding DNS query: 175.29.25.120
Source: unknown	TCP traffic detected without corresponding DNS query: 168.96.135.118
Source: unknown	TCP traffic detected without corresponding DNS query: 79.144.135.159
Source: unknown	TCP traffic detected without corresponding DNS query: 192.39.107.5
Source: unknown	TCP traffic detected without corresponding DNS query: 207.200.60.116
Source: unknown	TCP traffic detected without corresponding DNS query: 106.9.22.179
Source: unknown	TCP traffic detected without corresponding DNS query: 168.188.118.67
Source: unknown	TCP traffic detected without corresponding DNS query: 172.101.143.80
Source: unknown	TCP traffic detected without corresponding DNS query: 90.36.198.213

System Summary:

Yara signature match

Source: z0x3n.x86, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5231.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5234.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5232.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5232.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5231.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5234.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.linX86@0/0@1/0

Source: z0x3n.x86

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1582/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2033/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1612/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1579/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1699/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1335/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1698/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2028/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1334/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1576/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2025/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2146/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/910/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/912/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/517/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/759/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/918/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1594/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1349/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1623/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/761/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1622/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/884/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1983/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2038/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1344/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1465/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1586/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1860/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1463/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/801/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1629/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1627/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1900/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/491/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2050/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1877/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/772/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1633/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1599/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1632/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/774/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1477/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/654/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/896/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1476/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1872/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2048/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/655/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1475/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/656/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/777/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/657/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/658/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/419/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/936/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1639/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1638/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1809/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1494/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1890/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2063/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2062/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1888/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1886/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/420/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1489/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/785/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1642/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/788/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/667/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/789/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1648/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2078/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2077/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2074/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/670/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/793/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1656/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1654/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/674/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1532/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/796/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/675/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/797/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/676/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/677/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2069/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2102/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/799/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2080/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2084/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2083/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1668/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1664/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1389/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/720/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2114/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/721/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1661/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2079/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/847/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2097/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2096/maps	Jump to behavior

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
111.12.128.239	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
8.102.49.78	unknown	United States	3356	LEVEL3US	false
192.77.169.162	unknown	United States	394008	DBI-ASUS	false
57.111.236.183	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
191.255.128.161	unknown	Brazil	27699	TELEFONICABRASILSABR	false
178.22.52.188	unknown	Russian Federation	44943	RAMNET-ASInternetServiceProviderRamNetRU	false
91.156.163.171	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
179.67.250.16	unknown	Brazil	7738	TelemarNorteLesteSABR	false
113.133.36.115	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
195.89.233.144	unknown	United Kingdom	1273	CWVodafoneGroupPLCEU	false
130.223.218.209	unknown	Switzerland	559	SWITCHPeeringrequestspeeringswitchchEU	false
106.44.67.176	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
181.28.71.103	unknown	Argentina	10318	TelecomArgentinaSAAR	false
112.246.77.240	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
73.180.82.168	unknown	United States	7922	COMCAST-7922US	false
213.202.53.40	unknown	Switzerland	21466	ASQUICKNETKabelfernsehnBoedeliinInterlakenSwitzerland	false
146.190.146.173	unknown	United States	702	UUNETUS	false
89.27.99.244	unknown	Finland	16086	DNAFI	false
20.73.200.192	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
169.64.152.199	unknown	United States	37611	AfrihostZA	false
210.200.107.2	unknown	Taiwan; Republic of China (ROC)	9311	HITRON-AS-APHITRONTECHNOLOGYINCTW	false
200.64.54.219	unknown	Mexico	8151	UninetSAdeCVMX	false
173.225.75.100	unknown	United States	26878	TWRS-NYCUS	false
94.43.140.207	unknown	Georgia	35805	SILKNET-ASGE	false
111.253.7.151	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
1.81.74.63	unknown	China	134768	CHINANET-SHAANXI-CLOUD-BASECHINANETSHAANXIprovinceCloud	false
98.225.187.150	unknown	United States	7922	COMCAST-7922US	false
183.91.246.58	unknown	Korea Republic of	9976	ICNDP-AS-KRNamincheonBrodcastingCoLtdKR	false
200.98.94.223	unknown	Brazil	7162	UniversoOnlineSABR	false
177.247.199.47	unknown	Mexico	13999	MegaCableSAdeCVMX	false
125.51.30.130	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
185.151.99.5	unknown	Iran (ISLAMIC Republic Of)	62153	PANAIR	false
42.68.109.132	unknown	Taiwan; Republic of China (ROC)	4249	LILLY-ASUS	false
76.0.12.143	unknown	United States	18494	CENTURYLINK-LEGACY-EMBARQ-WRBGUS	false
83.80.167.254	unknown	Netherlands	33915	TNF-ASNL	false
120.20.106.82	unknown	Australia	133612	VODAFONE-AS-APVodafoneAustraliaPtyLtdAU	false
82.76.185.25	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
205.194.107.171	unknown	Canada	3356	LEVEL3US	false
119.63.255.29	unknown	Korea Republic of	17577	GIGAPASS-AS-KRLGHelloVisionCorpKR	false
95.19.35.69	unknown	Spain	12479	UNI2-ASES	false
169.144.15.17	unknown	United States	158	ERI-ASUS	false
8.55.105.60	unknown	United States	3356	LEVEL3US	false
107.209.55.138	unknown	United States	7018	ATT-INTERNET4US	false
202.102.100.47	unknown	China	137702	CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince	false
161.152.120.87	unknown	Australia	9328	DATACOM-AUDATACOMSYSTEMSAUPTYLTDAU	false
54.21.179.8	unknown	United States	14618	AMAZON-AESUS	false
12.101.24.89	unknown	United States	7018	ATT-INTERNET4US	false
170.12.117.113	unknown	United States	27283	RJF-INTERNETUS	false
88.58.19.233	unknown	Italy	3269	ASN-IBSNAZIT	false
125.48.186.209	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
140.234.210.128	unknown	United States	6932	EBSCOPUBUS	false
165.245.232.222	unknown	United States	4668	LGNET-AS-KRLGCNSKR	false
171.253.42.137	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
200.7.36.227	unknown	Sint Maarten	27734	NewTechnologiesGroupNVSX	false
156.186.86.117	unknown	Egypt	36992	ETISALAT-MISREG	false
195.135.1.151	unknown	France	8399	SEWAN-FR	false
207.197.1.26	unknown	United States	3851	NSHE-NEVADANETUS	false
186.58.217.66	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
154.56.2.191	unknown	United States	174	COGENT-174US	false
62.212.29.71	unknown	Italy	9026	ULI-MAINULIIT	false
97.121.96.184	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
68.89.131.171	unknown	United States	7018	ATT-INTERNET4US	false
116.17.39.25	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
14.166.103.211	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
150.227.240.141	unknown	Sweden	3246	TDCSONGTele2BusinessTDCSwedenSE	false
91.113.151.22	unknown	Austria	8447	TELEKOM-ATA1TelekomAustriaAGAT	false
4.44.24.55	unknown	United States	3356	LEVEL3US	false
156.169.238.165	unknown	Egypt	36992	ETISALAT-MISREG	false
163.141.21.203	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
93.120.179.216	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
47.0.120.15	unknown	United States	34533	ESAMARA-ASRU	false
114.170.2.111	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
66.212.66.237	unknown	United States	21525	AS-SPLUS	false
196.80.15.132	unknown	Morocco	6713	IAM-ASMA	false
23.253.210.18	unknown	United States	19994	RACKSPACEUS	false
151.226.142.75	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
101.7.232.251	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
117.176.199.169	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
185.92.209.62	unknown	Switzerland	200879	SWISSBROTHERSCH	false
160.172.146.38	unknown	Morocco	6713	IAM-ASMA	false
39.89.15.205	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
219.17.70.121	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
168.154.89.155	unknown	Korea Republic of	10049	SKNET-ASSKCoKR	false
40.71.135.48	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
212.22.221.83	unknown	Ukraine	31148	FREENET_LLCUA	false
202.238.46.90	unknown	Japan	10001	MICSNETMicsNetworkCorporationJP	false
152.11.76.235	unknown	United States	81	NCRENUS	false
81.222.210.53	unknown	Russian Federation	20597	ELTEL-ASRU	false
192.30.221.157	unknown	United States	23275	LM-USAUS	false
74.140.211.129	unknown	United States	10796	TWC-10796-MIDWESTUS	false
97.78.71.158	unknown	United States	33363	BHN-33363US	false
184.142.114.154	unknown	United States	5778	CENTURYLINK-LEGACY-EMBARQ-RCMTUS	false
93.32.193.143	unknown	Italy	12874	FASTWEBIT	false
93.50.106.246	unknown	Italy	12874	FASTWEBIT	false
45.143.235.203	unknown	Estonia	39855	MOD-EUNL	false
72.59.167.134	unknown	United States	10507	SPCSUS	false
38.200.160.186	unknown	United States	174	COGENT-174US	false
70.131.55.48	unknown	United States	7018	ATT-INTERNET4US	false
24.194.248.225	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
8.166.90.215	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false

Contacted Domains

Name	IP	Active
z0x3n.cf	37.0.10.67	true

AV Detection:

Multi AV Scanner detection for submitted file

Source: z0x3n.x86

Virustotal: Detection: 41%

Perma Link

Machine Learning detection for sample

Source: z0x3n.x86

Joe Sandbox ML: detected

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46804
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46812
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46814
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46816
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46820
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46868
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46918
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42324
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42324
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46936
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46954
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:46990
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47048
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:47048 -> 177.126.89.178:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47088
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47128
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47168
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42604
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42604
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47198
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47206
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47214
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47222
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47228
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47236
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47282
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47342
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.242.254.71:23 -> 192.168.2.23:42760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.242.254.71:23 -> 192.168.2.23:42760
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47356
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 103.192.76.235:23 -> 192.168.2.23:43346
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.126.89.178:23 -> 192.168.2.23:47364

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.1.101.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.229.138.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.13.231.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.147.72.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.37.20.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.70.39.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.190.30.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 156.58.60.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.159.209.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.0.55.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.44.145.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.121.47.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.227.190.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.126.58.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.246.158.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:60692 -> 37.0.10.67:11199
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.33.62.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 92.9.54.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 88.169.66.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.107.27.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.78.150.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.92.133.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.220.47.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 67.216.157.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.94.166.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.141.44.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 90.34.76.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.165.130.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.22.31.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.90.136.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.169.44.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.135.162.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 79.161.77.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.230.104.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.245.106.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.170.200.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.88.84.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.195.222.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.13.221.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.188.18.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.81.180.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 171.99.64.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.149.111.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.36.233.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.13.104.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.147.64.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 163.71.180.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.22.251.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.110.47.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.107.192.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.245.254.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.236.225.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.232.170.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 85.196.240.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.122.73.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.49.62.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 58.230.50.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.199.112.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.187.246.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.67.77.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.17.125.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.51.108.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 145.24.171.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.140.85.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 104.68.237.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.161.152.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 175.79.101.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 216.197.142.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 143.253.25.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.231.190.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.155.48.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.167.46.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.12.160.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.85.221.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.15.174.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.239.79.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.32.196.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.140.54.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.185.139.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.248.84.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.177.116.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.145.186.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 179.67.250.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.139.215.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.67.167.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.73.29.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 166.118.94.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.183.116.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 76.154.80.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.165.32.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.5.99.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.190.65.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 118.226.196.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.140.74.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 84.164.182.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 75.22.228.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 166.241.67.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.145.157.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.91.115.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.34.11.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.19.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.80.25.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 122.184.234.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.31.192.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.214.20.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.241.91.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.83.6.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.43.136.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 123.74.18.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.91.202.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.114.152.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 218.140.168.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.181.112.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 17.119.83.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.181.249.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.150.225.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.234.100.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.12.34.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.240.84.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.75.125.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.93.211.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.185.39.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.225.49.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.201.245.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.177.181.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 36.98.187.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.242.48.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 129.8.101.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 149.194.60.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 48.118.100.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 186.225.134.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 110.52.205.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 155.63.4.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.206.56.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.208.172.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.30.37.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.127.5.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 195.143.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.46.144.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 190.127.105.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.29.163.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 59.124.112.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 63.251.42.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.83.19.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.101.137.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 67.155.200.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.171.41.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 154.199.17.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.161.22.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.58.182.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.128.25.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.31.35.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.18.124.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.100.149.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 145.254.198.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 171.52.71.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.193.135.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.99.234.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.133.53.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.200.172.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.140.73.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.10.92.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 69.90.181.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.128.81.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.225.149.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 210.210.209.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 18.33.216.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.205.147.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.110.183.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.59.94.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 121.229.132.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 148.14.93.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.1.152.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.232.21.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.52.205.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.95.95.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.29.156.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.248.75.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.243.243.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.4.255.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 217.113.110.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.145.44.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.152.196.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 209.137.225.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.237.29.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.98.75.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.186.163.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 181.113.181.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.41.25.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.43.103.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.176.105.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 74.20.29.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.32.46.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.67.219.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.117.53.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.73.95.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 218.161.230.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.40.58.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.190.253.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.98.139.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 89.39.90.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.253.15.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.117.8.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.76.175.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.3.137.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.221.20.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.31.225.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.162.93.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.60.176.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.79.59.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 81.90.105.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 69.245.252.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.59.251.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.205.220.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 40.126.29.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.36.117.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.243.228.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 211.157.150.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.173.156.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 176.1.204.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 135.141.0.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 120.70.217.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.140.2.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.77.29.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 57.44.137.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.102.62.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 116.119.175.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.40.45.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 189.11.34.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.103.17.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.177.18.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.14.90.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.71.46.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.185.152.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.165.211.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 174.236.86.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.120.47.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 9.191.85.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 106.88.129.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 31.105.253.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 213.163.28.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.115.111.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 164.14.148.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 82.210.60.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.145.103.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.79.229.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 19.198.251.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.29.176.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.213.127.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.40.194.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.102.155.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 130.223.218.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.55.168.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 88.156.149.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.10.226.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.56.137.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 162.245.157.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 136.139.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.123.247.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.106.132.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 151.9.68.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.0.172.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 197.252.140.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 174.169.241.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.104.195.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.100.163.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 149.192.217.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.107.252.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.200.82.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 154.130.142.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.121.90.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 141.140.17.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 39.219.49.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 167.87.231.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 99.202.69.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.24.131.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 54.122.83.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.211.37.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.199.97.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.205.77.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.13.203.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 163.17.54.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.93.103.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.218.81.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.91.237.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.210.7.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.253.74.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.111.15.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.117.25.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 209.73.10.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.99.174.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.196.148.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.134.228.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.153.164.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 115.92.32.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.13.156.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.217.205.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.21.223.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.141.45.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.30.225.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.163.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 147.206.96.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.194.249.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.104.57.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.43.35.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.205.105.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.30.215.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.31.210.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 136.52.96.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.55.110.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 169.80.206.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 54.62.168.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.227.154.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.145.169.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.52.215.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.230.28.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.149.40.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 167.236.190.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 103.190.220.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.141.255.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 38.64.38.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.152.104.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 111.5.229.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 59.58.176.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.117.228.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.166.177.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.241.59.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.147.185.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 123.246.37.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.31.128.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 86.234.159.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.141.131.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.39.223.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.253.241.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 159.217.22.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.51.111.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 62.243.169.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.130.204.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.185.94.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 76.76.26.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 117.170.226.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.45.166.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.224.50.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 43.5.182.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.183.241.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.134.125.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.104.42.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 8.25.90.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 206.205.232.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 113.170.18.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 216.216.124.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.133.114.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 148.118.118.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.33.10.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.161.70.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 177.88.230.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 23.65.13.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 14.151.27.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.43.242.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 178.196.21.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.240.46.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.212.80.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 1.207.147.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 184.119.22.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.77.182.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.35.80.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.61.152.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.116.56.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 222.184.178.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 45.181.53.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.207.55.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 91.70.95.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.93.11.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 119.133.116.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 165.206.138.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 204.121.184.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.30.195.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.69.163.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 2.158.72.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 90.116.127.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 100.221.213.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 152.9.94.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 219.72.214.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.23.201.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.149.204.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.206.145.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 47.105.234.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 208.75.107.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 78.54.211.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.241.227.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 46.229.251.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 79.172.103.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 57.147.191.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 175.84.244.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.124.111.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 114.4.108.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.126.231.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 198.127.110.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 97.169.146.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.245.162.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 107.219.54.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 43.110.33.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 106.44.67.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 185.79.220.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.30.128.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 146.18.196.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.26.23.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 170.27.217.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 157.210.103.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.44.79.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.159.255.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 183.68.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.79.203.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 27.169.24.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 142.99.161.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.255.81.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 14.169.2.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 196.9.143.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 93.37.38.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 70.138.151.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 109.118.145.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 102.220.166.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 105.82.82.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 121.196.27.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 194.110.150.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 68.71.24.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 34.98.22.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 53.187.127.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 13.69.21.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.20.66.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 62.4.185.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 42.144.122.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.254.213.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 153.53.150.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 95.29.250.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 60.128.141.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.236.3.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.118.235.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 87.110.177.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 220.117.148.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 158.184.49.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.230.70.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 65.31.20.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.2.243.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 210.215.231.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.55.87.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 5.16.140.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 98.183.103.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 195.81.195.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 126.118.108.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 41.68.221.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.199.15.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.77.17.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 73.101.218.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 223.201.126.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 31.230.227.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.58.153.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 58.210.71.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 124.132.216.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 201.109.52.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 80.10.251.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 173.233.194.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 156.154.198.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 112.183.211.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 203.242.2.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 72.34.73.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 61.90.55.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 168.103.254.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 4.115.182.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 221.175.48.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 92.24.86.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 12.101.89.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 164.128.223.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 37.86.107.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 83.38.116.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 212.152.43.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 189.162.9.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 101.210.143.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 193.135.133.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 117.41.17.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 125.82.4.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 94.46.144.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 161.110.163.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 188.194.79.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 200.45.158.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 20.173.48.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 96.217.230.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.74.116.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 108.170.91.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 182.125.255.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 180.187.214.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 84.70.233.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 135.254.189.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 66.160.67.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 44.190.26.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 183.157.170.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 207.179.219.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 211.167.230.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 202.159.48.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:23086 -> 155.158.127.144:2323

Source: unknown

DNS traffic detected: queries for: z0x3n.cf

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 103.61.176.109
Source: unknown	TCP traffic detected without corresponding DNS query: 47.1.101.157
Source: unknown	TCP traffic detected without corresponding DNS query: 182.193.240.200
Source: unknown	TCP traffic detected without corresponding DNS query: 84.203.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 149.100.205.117
Source: unknown	TCP traffic detected without corresponding DNS query: 36.119.11.175
Source: unknown	TCP traffic detected without corresponding DNS query: 125.229.138.235
Source: unknown	TCP traffic detected without corresponding DNS query: 77.163.249.232
Source: unknown	TCP traffic detected without corresponding DNS query: 196.101.75.42
Source: unknown	TCP traffic detected without corresponding DNS query: 54.128.144.224
Source: unknown	TCP traffic detected without corresponding DNS query: 95.44.64.51
Source: unknown	TCP traffic detected without corresponding DNS query: 62.169.67.211
Source: unknown	TCP traffic detected without corresponding DNS query: 87.194.59.225
Source: unknown	TCP traffic detected without corresponding DNS query: 67.228.183.69
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.179.71
Source: unknown	TCP traffic detected without corresponding DNS query: 102.71.3.185
Source: unknown	TCP traffic detected without corresponding DNS query: 91.111.19.201
Source: unknown	TCP traffic detected without corresponding DNS query: 57.236.55.216
Source: unknown	TCP traffic detected without corresponding DNS query: 166.150.88.190
Source: unknown	TCP traffic detected without corresponding DNS query: 94.231.7.73
Source: unknown	TCP traffic detected without corresponding DNS query: 114.112.47.159
Source: unknown	TCP traffic detected without corresponding DNS query: 117.90.192.120
Source: unknown	TCP traffic detected without corresponding DNS query: 135.2.225.206
Source: unknown	TCP traffic detected without corresponding DNS query: 168.144.25.169
Source: unknown	TCP traffic detected without corresponding DNS query: 71.158.19.146
Source: unknown	TCP traffic detected without corresponding DNS query: 208.151.213.102
Source: unknown	TCP traffic detected without corresponding DNS query: 81.95.135.55
Source: unknown	TCP traffic detected without corresponding DNS query: 169.26.177.164
Source: unknown	TCP traffic detected without corresponding DNS query: 99.11.81.41
Source: unknown	TCP traffic detected without corresponding DNS query: 105.13.231.165
Source: unknown	TCP traffic detected without corresponding DNS query: 90.180.225.184
Source: unknown	TCP traffic detected without corresponding DNS query: 213.147.72.17
Source: unknown	TCP traffic detected without corresponding DNS query: 88.133.77.153
Source: unknown	TCP traffic detected without corresponding DNS query: 13.144.12.20
Source: unknown	TCP traffic detected without corresponding DNS query: 9.113.2.215
Source: unknown	TCP traffic detected without corresponding DNS query: 192.182.27.143
Source: unknown	TCP traffic detected without corresponding DNS query: 93.147.13.9
Source: unknown	TCP traffic detected without corresponding DNS query: 157.248.119.132
Source: unknown	TCP traffic detected without corresponding DNS query: 41.244.119.157
Source: unknown	TCP traffic detected without corresponding DNS query: 38.231.100.31
Source: unknown	TCP traffic detected without corresponding DNS query: 177.126.89.178
Source: unknown	TCP traffic detected without corresponding DNS query: 175.29.25.120
Source: unknown	TCP traffic detected without corresponding DNS query: 168.96.135.118
Source: unknown	TCP traffic detected without corresponding DNS query: 79.144.135.159
Source: unknown	TCP traffic detected without corresponding DNS query: 192.39.107.5
Source: unknown	TCP traffic detected without corresponding DNS query: 207.200.60.116
Source: unknown	TCP traffic detected without corresponding DNS query: 106.9.22.179
Source: unknown	TCP traffic detected without corresponding DNS query: 168.188.118.67
Source: unknown	TCP traffic detected without corresponding DNS query: 172.101.143.80
Source: unknown	TCP traffic detected without corresponding DNS query: 90.36.198.213

System Summary:

Yara signature match

Source: z0x3n.x86, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5231.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5234.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5232.1.0000000019671de5.00000000c7254e12.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5232.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5231.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5234.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.linX86@0/0@1/0

Source: z0x3n.x86

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1582/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2033/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1612/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1579/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1699/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1335/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1698/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2028/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1334/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1576/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2025/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2146/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/910/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/912/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/517/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/759/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/918/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1594/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1349/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1623/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/761/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1622/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/884/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1983/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2038/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1344/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1465/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1586/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1860/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1463/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/801/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1629/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1627/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1900/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/491/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2050/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1877/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/772/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1633/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1599/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1632/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/774/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1477/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/654/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/896/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1476/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1872/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2048/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/655/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1475/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/656/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/777/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/657/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/658/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/419/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/936/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1639/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1638/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1809/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1494/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1890/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2063/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2062/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1888/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1886/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/420/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1489/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/785/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1642/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/788/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/667/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/789/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1648/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2078/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2077/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2074/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/670/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/793/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1656/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1654/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/674/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1532/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/796/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/675/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/797/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/676/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/677/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2069/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2102/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/799/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2080/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2084/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2083/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1668/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1664/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1389/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/720/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2114/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/721/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/1661/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2079/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/847/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2097/maps	Jump to behavior
Source: /tmp/z0x3n.x86 (PID: 5235)	File opened: /proc/2096/maps	Jump to behavior

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	512619
Product:	CloudBasic
Start time:	08:54:01
Start date:	01.11.2021
Sample:	z0x3n.x86
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	c2c1c54bbc5f372df082aebc0d983716
SHA1:	2c9ebbad068ea09d2fcf7cfff48608a8abdf4337
SHA256:	dd9c8a7d71f944ded984394fcc021043403e3a39ef424d70d2a3a18c3b58b69d
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report z0x3n.x86

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs

Contacted Domains