Play interactive tour

Edit tour

Linux Analysis Report V2WzER53Tt

Overview

General Information

Sample Name:	V2WzER53Tt
Analysis ID:	512648
MD5:	4b0259083c8800d18cb941c66639a2e6
SHA1:	f58aa2b927047749395a47b16b458f5220d19f3a
SHA256:	7feef5ad07bad632f6440d1fb5e0aaf9464fe27eb7ea5e489ae4f79bfee5b2ea
Tags:	32elfintelmirai
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512648
Start date:	01.11.2021
Start time:	09:42:44
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 54s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	V2WzER53Tt
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal72.troj.lin@0/0@1/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

V2WzER53Tt (PID: 5240, Parent: 5115, MD5: 4b0259083c8800d18cb941c66639a2e6) Arguments: /tmp/V2WzER53Tt

V2WzER53Tt New Fork (PID: 5241, Parent: 5240)

V2WzER53Tt New Fork (PID: 5242, Parent: 5240)

V2WzER53Tt New Fork (PID: 5243, Parent: 5242)

V2WzER53Tt New Fork (PID: 5244, Parent: 5242)

V2WzER53Tt New Fork (PID: 5245, Parent: 5242)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
V2WzER53Tt	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10ba8:$xo1: Dfs`eeh&<'9 0x10c20:$xo1: Dfs`eeh&<'9 0x10c94:$xo1: Dfs`eeh&<'9 0x10d04:$xo1: Dfs`eeh&<'9 0x10d50:$xo1: Dfs`eeh&<'9

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5241.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x6d0:$xo1: Dfs`eeh&<'9 0x750:$xo1: Dfs`eeh&<'9 0x7c8:$xo1: Dfs`eeh&<'9 0x840:$xo1: Dfs`eeh&<'9 0x890:$xo1: Dfs`eeh&<'9
5240.1.000000001a887bdc.0000000019a04c35.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10ba8:$xo1: Dfs`eeh&<'9 0x10c20:$xo1: Dfs`eeh&<'9 0x10c94:$xo1: Dfs`eeh&<'9 0x10d04:$xo1: Dfs`eeh&<'9 0x10d50:$xo1: Dfs`eeh&<'9
5243.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x6d0:$xo1: Dfs`eeh&<'9 0x750:$xo1: Dfs`eeh&<'9 0x7c8:$xo1: Dfs`eeh&<'9 0x840:$xo1: Dfs`eeh&<'9 0x890:$xo1: Dfs`eeh&<'9
5243.1.000000001a887bdc.0000000019a04c35.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10ba8:$xo1: Dfs`eeh&<'9 0x10c20:$xo1: Dfs`eeh&<'9 0x10c94:$xo1: Dfs`eeh&<'9 0x10d04:$xo1: Dfs`eeh&<'9 0x10d50:$xo1: Dfs`eeh&<'9
5240.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x6d0:$xo1: Dfs`eeh&<'9 0x750:$xo1: Dfs`eeh&<'9 0x7c8:$xo1: Dfs`eeh&<'9 0x840:$xo1: Dfs`eeh&<'9 0x890:$xo1: Dfs`eeh&<'9
5241.1.000000001a887bdc.0000000019a04c35.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x10ba8:$xo1: Dfs`eeh&<'9 0x10c20:$xo1: Dfs`eeh&<'9 0x10c94:$xo1: Dfs`eeh&<'9 0x10d04:$xo1: Dfs`eeh&<'9 0x10d50:$xo1: Dfs`eeh&<'9
Click to see the 1 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: V2WzER53Tt	Virustotal: Detection: 32%			Perma Link
Source: V2WzER53Tt	ReversingLabs: Detection: 40%

Machine Learning detection for sample

Show sources

Source: V2WzER53Tt

Joe Sandbox ML: detected

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2023442 ET TROJAN Possible Linux.Mirai Login Attempt (jvbzd) 192.168.2.23:33852 -> 185.39.46.82:23
Source: Traffic	Snort IDS: 2023436 ET TROJAN Possible Linux.Mirai Login Attempt (anko) 192.168.2.23:33866 -> 185.39.46.82:23
Source: Traffic	Snort IDS: 2025080 ET EXPLOIT Actiontec C1000A backdoor account M1 192.168.2.23:33876 -> 185.39.46.82:23
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:33986 -> 185.39.46.82:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 190.15.248.60:23 -> 192.168.2.23:42578
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 190.15.248.60:23 -> 192.168.2.23:42578
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38026
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38046
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 190.15.248.60:23 -> 192.168.2.23:42676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 190.15.248.60:23 -> 192.168.2.23:42676
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38088
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38122
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38150
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38166
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 190.15.248.60:23 -> 192.168.2.23:42768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 190.15.248.60:23 -> 192.168.2.23:42768
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38176
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38190
Source: Traffic	Snort IDS: 716 INFO TELNET access 59.11.190.116:23 -> 192.168.2.23:57452
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38266
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 190.15.248.60:23 -> 192.168.2.23:42844
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 190.15.248.60:23 -> 192.168.2.23:42844
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.11.190.116:23 -> 192.168.2.23:57452
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.11.190.116:23 -> 192.168.2.23:57452
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38386
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38536
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38614
Source: Traffic	Snort IDS: 716 INFO TELNET access 59.11.190.116:23 -> 192.168.2.23:57858
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 190.15.248.60:23 -> 192.168.2.23:43250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 190.15.248.60:23 -> 192.168.2.23:43250
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38680
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.11.190.116:23 -> 192.168.2.23:57858
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.11.190.116:23 -> 192.168.2.23:57858
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38748
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:56502 -> 73.222.54.242:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 190.167.54.164:23 -> 192.168.2.23:38754

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46376
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46380
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46386
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46390
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46396
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46410
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46424
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46448
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46458
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46476
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46490
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46492
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46496
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46500
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46504
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46510
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46514
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46516
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46520
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46522
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46524
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46528
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46532
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46536
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46540
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46544
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46546

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 65.76.10.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 165.114.154.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 123.237.191.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 83.117.106.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 97.203.48.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 109.40.137.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 37.52.25.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 203.161.129.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 196.2.10.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 218.131.219.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 202.79.107.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 66.22.135.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 35.200.224.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 101.53.9.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 105.211.70.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 71.221.179.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:60692 -> 37.0.10.67:11199
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 207.144.169.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 183.170.11.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.4.243.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 116.241.74.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 23.246.65.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 159.149.105.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 27.33.205.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 117.221.60.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 59.19.40.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 79.136.134.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 9.90.137.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 63.3.167.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 114.1.76.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 194.47.176.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.188.203.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 199.62.227.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 200.57.216.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 32.209.212.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 154.177.29.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 168.44.23.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.125.149.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 200.56.74.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.50.187.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.186.12.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 145.184.127.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 150.216.210.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.129.82.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 23.22.55.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 179.227.239.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 104.123.15.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 75.39.28.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 57.52.163.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 174.201.137.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 210.67.45.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 74.246.114.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 146.163.132.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 164.152.174.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 148.145.81.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 58.147.143.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 63.27.44.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 8.55.233.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 208.126.224.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 138.247.188.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 102.129.135.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.143.20.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 70.43.43.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 204.17.234.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 218.2.33.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 190.174.61.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 117.15.100.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 152.35.148.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 14.83.182.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 170.186.60.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 48.190.228.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 149.83.197.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 82.151.48.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 158.204.117.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 204.96.192.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 163.115.111.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 31.149.45.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 133.33.180.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 23.29.105.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 124.72.58.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 193.77.103.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 14.1.4.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 113.139.214.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 1.43.238.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 18.77.20.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 167.98.13.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 146.215.192.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 150.1.192.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 47.116.84.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 115.228.86.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 120.109.8.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 159.190.219.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 47.213.133.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 191.222.64.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.97.35.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 111.22.195.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 70.138.137.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 98.10.102.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 209.208.85.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 71.119.79.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 119.227.148.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 210.184.29.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 112.237.207.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 12.119.80.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 66.112.164.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 23.235.13.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.74.178.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 17.126.20.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 114.7.181.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 161.151.95.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 4.127.79.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 152.4.231.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 108.115.191.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.23.204.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 153.165.107.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 110.21.4.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 158.48.126.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 18.231.131.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 198.249.146.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 217.207.74.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 146.51.182.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 195.123.14.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 79.215.144.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 39.241.91.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 111.166.55.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 44.42.192.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 106.120.22.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 200.87.115.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 20.61.158.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 81.59.196.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 13.69.244.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 169.35.221.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 129.20.217.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 197.117.105.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 95.102.165.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 115.150.130.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 2.198.60.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 32.196.117.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 182.217.191.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 109.27.200.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 42.214.24.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 120.227.141.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 198.74.227.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 118.103.154.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 152.182.104.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 8.56.9.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.157.180.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 210.240.34.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 165.40.57.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.224.4.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 201.109.167.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 210.168.11.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 198.22.227.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 74.129.206.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 70.61.31.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 57.157.146.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 86.111.234.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 112.159.128.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.32.200.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 209.167.211.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 194.170.231.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.5.218.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 186.108.42.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 212.73.174.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 199.6.122.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.22.20.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 96.224.163.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 18.159.5.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 114.161.88.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 90.67.77.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 46.146.141.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 62.239.250.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 27.89.110.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.83.154.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 183.207.230.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 165.87.219.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 173.161.220.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 100.247.153.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 136.53.213.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 205.129.161.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 81.168.208.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 185.113.18.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 31.248.224.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 126.183.192.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 124.78.0.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 95.167.189.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 75.3.190.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 45.215.191.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.70.60.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.207.146.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.150.192.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 117.196.169.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 143.8.157.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 152.6.12.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 208.15.98.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 164.80.226.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 135.94.138.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 47.194.146.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 123.54.199.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 38.209.244.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 204.133.219.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 116.20.236.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 182.27.197.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 213.88.77.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 103.169.82.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 223.82.84.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 135.216.163.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 89.22.48.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.109.43.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 159.199.171.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 198.194.108.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 101.239.25.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 143.15.89.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 4.154.206.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 58.2.215.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.79.119.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 66.240.86.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 208.250.114.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 111.210.127.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 82.131.27.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 81.28.55.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 61.14.235.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 81.164.63.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 45.60.70.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 208.94.77.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 206.122.50.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.61.176.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 191.78.70.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 95.203.143.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 141.144.227.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 73.158.8.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 168.225.138.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 120.166.59.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 81.85.61.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 68.53.181.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.60.147.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 100.225.249.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 39.83.70.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 142.109.19.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 82.61.172.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 174.190.163.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 175.137.11.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 93.152.46.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 108.91.8.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.49.19.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 180.213.17.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.8.172.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 173.84.6.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 95.73.199.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 5.64.67.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 124.14.139.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 158.147.114.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 111.15.155.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 80.83.52.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 86.242.21.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 186.189.83.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 91.7.11.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 59.52.63.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.205.78.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 150.94.6.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 105.186.240.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 209.239.139.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 168.202.83.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 122.230.150.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 156.231.243.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 220.112.198.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 114.223.153.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 123.170.237.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.63.123.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 75.61.7.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 145.128.53.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 110.58.217.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 108.34.220.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 169.60.112.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 173.191.147.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.43.244.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.184.125.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 72.113.79.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.208.39.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 5.121.41.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.75.7.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 164.36.211.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 110.213.167.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.20.164.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 156.218.158.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 189.66.30.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.33.192.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 73.105.249.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 93.192.217.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 194.48.108.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 142.46.246.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 58.213.40.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 183.215.194.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 48.8.254.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 175.46.235.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.39.88.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 40.136.33.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 185.250.11.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 40.99.118.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 60.92.25.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 105.76.57.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 98.133.228.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 58.0.165.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 136.119.128.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 78.216.176.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 48.201.213.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.124.102.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 194.126.197.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 159.206.71.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 217.48.65.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 130.210.252.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 97.181.93.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 117.37.143.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 78.222.39.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 117.14.114.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.178.136.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 32.54.156.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 181.250.225.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 85.132.37.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 166.213.222.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 158.203.113.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.242.108.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 145.11.190.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 194.24.29.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 179.45.19.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 216.130.19.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 152.127.232.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 105.49.17.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 44.177.6.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 80.33.45.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 126.22.159.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 34.170.68.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 75.16.73.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 96.151.219.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 43.14.161.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 185.54.34.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 115.170.206.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 179.41.233.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.46.19.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 38.251.105.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 201.245.42.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 161.27.177.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 196.18.240.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 191.72.43.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 165.132.158.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 83.74.252.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.76.152.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 102.39.253.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 119.21.150.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.80.255.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 210.194.144.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 103.220.103.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.194.231.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 146.150.114.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 104.130.141.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 95.59.74.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 197.198.212.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 212.91.131.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 45.85.126.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 2.183.236.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 82.93.184.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 43.107.236.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 88.27.227.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 220.168.194.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 53.199.224.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 113.9.221.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 150.216.4.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 162.33.93.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 48.254.28.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 181.154.254.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 212.154.126.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 59.30.48.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 150.208.20.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 45.92.221.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 156.229.64.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.0.5.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 60.145.238.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 126.41.198.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 38.121.126.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 65.184.73.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 156.237.17.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 207.187.40.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 74.236.93.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 82.86.217.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 110.149.49.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 18.28.43.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 96.237.200.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 219.105.248.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 188.13.139.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 159.61.48.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 188.237.94.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.41.246.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 124.167.72.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 164.196.89.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 161.138.241.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 169.234.94.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 148.108.101.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 187.68.47.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 67.145.52.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 4.224.226.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 116.222.75.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 196.160.180.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 104.103.170.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 122.182.218.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 145.89.169.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 126.55.13.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 88.87.134.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 13.64.131.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 77.196.229.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 139.193.141.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 146.202.89.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 104.140.237.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 121.46.65.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 13.205.133.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 160.128.120.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 68.207.149.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 174.42.166.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 166.28.58.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 1.18.133.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 216.212.78.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 205.230.107.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 86.93.47.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 212.163.140.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 1.64.64.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 77.178.201.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 62.47.152.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 31.178.86.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 118.42.71.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 176.102.70.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.125.123.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 41.13.105.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 191.94.55.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 85.203.218.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 62.30.0.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 147.68.89.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 14.130.109.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 63.229.112.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 43.51.43.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 199.62.90.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 202.67.81.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 217.183.240.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 193.107.222.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 165.108.255.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 9.234.36.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 177.98.192.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.171.238.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 60.114.105.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 97.128.136.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 179.26.249.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 151.31.91.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 44.88.159.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 1.253.7.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.19.70.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 31.157.248.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 201.192.221.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 18.237.63.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 109.250.191.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 188.70.123.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 123.220.19.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 40.188.6.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 74.223.9.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 178.72.170.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 157.145.177.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 163.79.102.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 179.93.184.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 27.12.195.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 68.191.123.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 173.134.60.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 149.59.255.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 196.129.79.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 94.195.154.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 102.209.169.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 13.230.170.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 85.90.180.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 71.213.42.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 222.106.15.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 68.210.226.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 109.187.92.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 166.21.229.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 60.13.48.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 211.215.86.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 206.206.190.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 153.36.91.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 47.238.47.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 121.133.13.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 108.230.103.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 70.237.139.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 24.108.145.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 69.169.81.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 122.125.153.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 57.3.233.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 113.79.225.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 73.64.36.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 221.53.243.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 53.220.208.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 102.187.248.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 99.60.194.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 24.176.72.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 205.188.196.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63108 -> 100.52.31.140:2323

Source: unknown

DNS traffic detected: queries for: z0x3n.cf

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 68.151.86.156
Source: unknown	TCP traffic detected without corresponding DNS query: 1.31.45.62
Source: unknown	TCP traffic detected without corresponding DNS query: 124.50.255.107
Source: unknown	TCP traffic detected without corresponding DNS query: 187.200.47.75
Source: unknown	TCP traffic detected without corresponding DNS query: 96.27.91.97
Source: unknown	TCP traffic detected without corresponding DNS query: 54.141.130.19
Source: unknown	TCP traffic detected without corresponding DNS query: 156.232.194.44
Source: unknown	TCP traffic detected without corresponding DNS query: 14.60.219.36
Source: unknown	TCP traffic detected without corresponding DNS query: 80.66.92.95
Source: unknown	TCP traffic detected without corresponding DNS query: 121.11.62.135
Source: unknown	TCP traffic detected without corresponding DNS query: 165.114.154.251
Source: unknown	TCP traffic detected without corresponding DNS query: 77.197.61.153
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.179.179
Source: unknown	TCP traffic detected without corresponding DNS query: 47.78.75.38
Source: unknown	TCP traffic detected without corresponding DNS query: 159.147.207.244
Source: unknown	TCP traffic detected without corresponding DNS query: 24.74.123.108
Source: unknown	TCP traffic detected without corresponding DNS query: 144.62.250.181
Source: unknown	TCP traffic detected without corresponding DNS query: 160.96.29.164
Source: unknown	TCP traffic detected without corresponding DNS query: 183.2.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 161.89.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 4.215.32.161
Source: unknown	TCP traffic detected without corresponding DNS query: 53.222.122.229
Source: unknown	TCP traffic detected without corresponding DNS query: 186.217.153.216
Source: unknown	TCP traffic detected without corresponding DNS query: 126.175.225.244
Source: unknown	TCP traffic detected without corresponding DNS query: 95.136.38.80
Source: unknown	TCP traffic detected without corresponding DNS query: 84.23.168.34
Source: unknown	TCP traffic detected without corresponding DNS query: 149.141.117.70
Source: unknown	TCP traffic detected without corresponding DNS query: 123.237.191.254
Source: unknown	TCP traffic detected without corresponding DNS query: 159.45.79.76
Source: unknown	TCP traffic detected without corresponding DNS query: 118.70.160.208
Source: unknown	TCP traffic detected without corresponding DNS query: 83.117.106.174
Source: unknown	TCP traffic detected without corresponding DNS query: 160.130.94.1
Source: unknown	TCP traffic detected without corresponding DNS query: 188.214.26.137
Source: unknown	TCP traffic detected without corresponding DNS query: 186.99.167.244
Source: unknown	TCP traffic detected without corresponding DNS query: 121.69.134.116
Source: unknown	TCP traffic detected without corresponding DNS query: 148.34.102.50
Source: unknown	TCP traffic detected without corresponding DNS query: 99.207.115.45
Source: unknown	TCP traffic detected without corresponding DNS query: 216.90.237.233
Source: unknown	TCP traffic detected without corresponding DNS query: 212.145.133.178
Source: unknown	TCP traffic detected without corresponding DNS query: 123.202.34.22
Source: unknown	TCP traffic detected without corresponding DNS query: 77.125.22.168
Source: unknown	TCP traffic detected without corresponding DNS query: 4.1.161.43
Source: unknown	TCP traffic detected without corresponding DNS query: 198.35.117.70
Source: unknown	TCP traffic detected without corresponding DNS query: 190.230.90.182
Source: unknown	TCP traffic detected without corresponding DNS query: 122.175.224.219
Source: unknown	TCP traffic detected without corresponding DNS query: 192.48.51.176
Source: unknown	TCP traffic detected without corresponding DNS query: 191.1.143.85
Source: unknown	TCP traffic detected without corresponding DNS query: 158.50.209.210
Source: unknown	TCP traffic detected without corresponding DNS query: 74.221.3.251
Source: unknown	TCP traffic detected without corresponding DNS query: 97.203.48.33

Source: V2WzER53Tt, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5241.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5240.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5243.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5243.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5240.1.000000007fd4a080.0000000002b07ef2.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5241.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal72.troj.lin@0/0@1/0

Source: V2WzER53Tt

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1582/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2033/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1612/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1579/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1699/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1335/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1698/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2028/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1334/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1576/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2025/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2146/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/910/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/912/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/517/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/759/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/918/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1594/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1349/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1623/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/761/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1622/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/884/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1983/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2038/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1344/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1465/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1586/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1860/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1463/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/800/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/801/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1629/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1627/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1900/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/491/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2050/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1877/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/772/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1633/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1599/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1632/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/774/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1477/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/654/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/896/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1476/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1872/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2048/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/655/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1475/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/656/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/777/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/657/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/658/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/419/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/936/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1639/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1638/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1809/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1494/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1890/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2063/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2062/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1888/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1886/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/420/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1489/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/785/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1642/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/788/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/667/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/789/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1648/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2078/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2077/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2074/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/670/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/793/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1656/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1654/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/674/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1532/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/796/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/675/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/797/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/676/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/677/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2069/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2102/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/799/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2080/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2084/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2083/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1668/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1664/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1389/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/720/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2114/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/721/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/1661/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2079/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/847/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2097/maps
Source: /tmp/V2WzER53Tt (PID: 5244)	File opened: /proc/2096/maps

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46368
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46372
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46376
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46380
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46386
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46390
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46396
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46400
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46406
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46410
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46418
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46424
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46428
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46432
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46438
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46442
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46448
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46454
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46458
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46466
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46472
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46476
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46490
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46492
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46496
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46500
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46504
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46510
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46514
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46516
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46520
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46522
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46524
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46528
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46532
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46536
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46540
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46544
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46546

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping1	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
V2WzER53Tt	32%	Virustotal		Browse
V2WzER53Tt	40%	ReversingLabs	Linux.Trojan.Mirai
V2WzER53Tt	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
z0x3n.cf	37.0.10.67	true	false		unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
72.61.165.33	unknown	United States	10507	SPCSUS	false
174.231.28.33	unknown	United States	22394	CELLCOUS	false
39.24.241.136	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
80.182.138.23	unknown	Italy	3269	ASN-IBSNAZIT	false
204.251.17.168	unknown	United States	22713	CAC-HQ2US	false
219.172.230.13	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
126.124.161.79	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
37.136.71.101	unknown	Finland	16086	DNAFI	false
138.209.196.84	unknown	United States	21727	HAMLINE-EDUUS	false
43.241.121.32	unknown	India	134033	HIREACH-BROADBAND-ASHIREACHBROADBANDPRIVATELTDIN	false
54.44.16.34	unknown	United States	14618	AMAZON-AESUS	false
80.169.192.37	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
181.211.64.123	unknown	Ecuador	28006	CORPORACIONNACIONALDETELECOMUNICACIONES-CNTEPEC	false
70.59.57.90	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
43.95.13.184	unknown	Japan	4249	LILLY-ASUS	false
182.227.223.141	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
4.44.140.137	unknown	United States	3356	LEVEL3US	false
196.127.145.120	unknown	Morocco	36925	ASMediMA	false
17.116.204.52	unknown	United States	714	APPLE-ENGINEERINGUS	false
38.52.8.233	unknown	United States	174	COGENT-174US	false
105.151.162.125	unknown	Morocco	6713	IAM-ASMA	false
51.0.250.204	unknown	United Kingdom	2686	ATGS-MMD-ASUS	false
45.254.230.231	unknown	China	132116	ANINETWORK-INAniNetworkPvtLtdIN	false
41.123.244.87	unknown	South Africa	16637	MTNNS-ASZA	false
195.6.129.86	unknown	France	3215	FranceTelecom-OrangeFR	false
58.219.212.189	unknown	China	134769	CHINANET-JIANGSU-CHANGZHOU-IDCChinaNetJiangsuChangzhouID	false
175.75.234.174	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
153.157.16.253	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
64.26.154.152	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
69.119.10.251	unknown	United States	6128	CABLE-NET-1US	false
39.89.3.190	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
37.159.88.153	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
216.8.206.18	unknown	United States	8008	ETC-60-ASUS	false
112.98.49.112	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
19.129.23.236	unknown	United States	3	MIT-GATEWAYSUS	false
73.174.67.125	unknown	United States	7922	COMCAST-7922US	false
48.227.10.242	unknown	United States	2686	ATGS-MMD-ASUS	false
112.85.157.26	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
212.103.208.192	unknown	Italy	12481	TRIVENETTELECOMUNICAZIONIIT	false
185.247.249.224	unknown	France	16347	RMI-FITECHFR	false
95.69.98.131	unknown	Portugal	42863	MEO-MOVELPT	false
180.205.175.239	unknown	Taiwan; Republic of China (ROC)	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
193.7.233.94	unknown	Germany	12680	GRUNER-UND-JAHR-AS1HamburgGermanyDE	false
186.121.83.11	unknown	Colombia	28118	ALTICEDOMINICANASADO	false
38.148.28.63	unknown	United States	174	COGENT-174US	false
115.202.233.11	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
80.71.44.37	unknown	Canada	395965	CARRY-TELECOMCA	false
46.34.19.139	unknown	United Kingdom	8190	MDNXGB	false
150.4.28.217	unknown	Japan	6400	CompaniaDominicanadeTelefonosSADO	false
92.228.85.84	unknown	Germany	6805	TDDE-ASN1DE	false
153.198.14.200	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
45.174.220.33	unknown	Brazil	268869	FIBRAPLUSTELECOMUNICACOESLTDAEPPBR	false
201.209.195.191	unknown	Venezuela	8048	CANTVServiciosVenezuelaVE	false
54.140.16.174	unknown	United States	14618	AMAZON-AESUS	false
83.82.205.155	unknown	Netherlands	33915	TNF-ASNL	false
62.34.235.245	unknown	France	5410	BOUYGTEL-ISPFR	false
109.52.47.222	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
91.105.101.213	unknown	Latvia	12578	APOLLO-ASLatviaLV	false
103.71.132.236	unknown	Singapore	45062	NETEASE-ASGuangzhouNetEaseComputerSystemCoLtdCN	false
24.95.244.76	unknown	United States	33363	BHN-33363US	false
201.99.236.86	unknown	Mexico	8151	UninetSAdeCVMX	false
174.174.228.191	unknown	United States	7922	COMCAST-7922US	false
206.101.65.213	unknown	United States	7991	CENTURYLINK-LEGACY-SAVVIS-ASIA-TRANSITUS	false
110.135.70.133	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
201.218.134.124	unknown	Chile	52439	OPTICCL	false
161.51.59.122	unknown	United States	16525	KBRUS	false
81.177.17.65	unknown	Russian Federation	8342	RTCOMM-ASRU	false
141.70.176.199	unknown	Germany	553	BELWUEBelWue-KoordinationEU	false
48.172.161.127	unknown	United States	2686	ATGS-MMD-ASUS	false
206.106.173.7	unknown	United States	1239	SPRINTLINKUS	false
204.98.5.51	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
40.1.113.122	unknown	United States	4249	LILLY-ASUS	false
142.84.38.207	unknown	Canada	11489	BACICA	false
78.111.77.240	unknown	Germany	33984	SURFPLANET-ASDE	false
196.86.138.209	unknown	Morocco	6713	IAM-ASMA	false
107.185.34.158	unknown	United States	20001	TWC-20001-PACWESTUS	false
124.225.246.124	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
176.50.235.57	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
61.89.86.94	unknown	Japan	18081	KCNKintetsuCableNetworkCoLtdJP	false
175.85.234.246	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
210.69.66.11	unknown	Taiwan; Republic of China (ROC)	4782	GSNETDataCommunicationBusinessGroupTW	false
160.87.222.141	unknown	United States	299	UCINET-ASUS	false
19.207.207.91	unknown	United States	3	MIT-GATEWAYSUS	false
37.155.95.200	unknown	Turkey	20978	TT_MOBILIstanbulTR	false
35.82.186.28	unknown	United States	237	MERIT-AS-14US	false
145.82.121.128	unknown	Saudi Arabia	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
19.21.250.153	unknown	United States	3	MIT-GATEWAYSUS	false
108.29.81.107	unknown	United States	701	UUNETUS	false
110.63.108.249	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
32.105.99.166	unknown	United States	2688	ATGS-MMD-ASUS	false
146.87.199.178	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
82.32.160.125	unknown	United Kingdom	5089	NTLGB	false
164.150.162.231	unknown	South Africa	37130	SITA-ASZA	false
206.176.163.168	unknown	United States	18818	LSUHSCS-NET2US	false
31.169.33.111	unknown	United Kingdom	60194	VTG-ASGB	false
74.166.99.108	unknown	United States	7018	ATT-INTERNET4US	false
207.177.239.150	unknown	United States	7735	REDSHIFTUS	false
159.222.210.23	unknown	United States	26395	JOHNSON-CONTROLSUS	false
200.183.188.183	unknown	Brazil	4230	CLAROSABR	false
4.143.28.65	unknown	United States	3356	LEVEL3US	false

Runtime Messages

Command:	/tmp/V2WzER53Tt
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	0G0dn3t Got To Ya!
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
58.219.212.189	jew.arm7	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
z0x3n.cf	1bL17EUgTk	Get hash	malicious	Browse	37.0.10.67
	pTF1iICUEm	Get hash	malicious	Browse	37.0.10.67
	z0x3n.arm7	Get hash	malicious	Browse	37.0.10.67
	z0x3n.x86	Get hash	malicious	Browse	37.0.10.67

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
SPCSUS	032k4JmR0U	Get hash	malicious	Browse	108.113.255.159
	arm	Get hash	malicious	Browse	173.135.71.137
	x86	Get hash	malicious	Browse	70.9.116.82
	arm7	Get hash	malicious	Browse	68.26.166.237
	z0x3n.arm7	Get hash	malicious	Browse	108.124.110.113
	z0x3n.x86	Get hash	malicious	Browse	72.59.167.134
	arm	Get hash	malicious	Browse	174.151.241.175
	QtNnZoNz75	Get hash	malicious	Browse	184.207.33.128
	S13B4aCa4E	Get hash	malicious	Browse	184.209.111.81
	gbk4XWulUo	Get hash	malicious	Browse	184.205.51.89
	QZ2CN6CUyv	Get hash	malicious	Browse	184.251.25.180
	8MPbeDAwwZ	Get hash	malicious	Browse	184.243.41.199
	HgTC70XRum	Get hash	malicious	Browse	184.239.67.225
	Xs0PMn85CN	Get hash	malicious	Browse	108.110.174.155
	Tsunami.x86	Get hash	malicious	Browse	184.223.137.41
	Tsunami.arm7	Get hash	malicious	Browse	184.253.108.231
	Tsunami.arm	Get hash	malicious	Browse	184.245.8.26
	x86	Get hash	malicious	Browse	184.216.124.79
	KXAJjgoH22	Get hash	malicious	Browse	173.152.132.234
	0r73kbzSGC	Get hash	malicious	Browse	184.192.179.21
CELLCOUS	a5nulABeSk	Get hash	malicious	Browse	72.109.28.224
	032k4JmR0U	Get hash	malicious	Browse	97.45.108.79
	arm	Get hash	malicious	Browse	70.221.126.72
	x86	Get hash	malicious	Browse	166.159.16.21
	z0x3n.arm7	Get hash	malicious	Browse	75.235.188.204
	QZ2CN6CUyv	Get hash	malicious	Browse	97.56.241.131
	x86	Get hash	malicious	Browse	174.219.17.232
	arm7	Get hash	malicious	Browse	174.237.27.157
	WnhlYWJ5C5	Get hash	malicious	Browse	72.127.172.19
	dqnskKAmQq	Get hash	malicious	Browse	72.104.231.57
	jJ6GK5qbZt	Get hash	malicious	Browse	166.145.186.136
	x86	Get hash	malicious	Browse	166.239.43.208
	JUZVpUSH0W	Get hash	malicious	Browse	174.239.100.9
	07xBxVsvEn	Get hash	malicious	Browse	166.140.14.127
	5mLAGfiGBf	Get hash	malicious	Browse	72.115.215.214
	wannacry.exe	Get hash	malicious	Browse	72.105.156.213
	wTFR3LK4Mo	Get hash	malicious	Browse	174.192.243.230
	yZ7D7o1Z7p	Get hash	malicious	Browse	70.201.163.147
	eNrYzJWFvB	Get hash	malicious	Browse	166.161.44.184
	IcwrPqGkXP	Get hash	malicious	Browse	72.113.124.144

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.203678716949746
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	V2WzER53Tt
File size:	71312
MD5:	4b0259083c8800d18cb941c66639a2e6
SHA1:	f58aa2b927047749395a47b16b458f5220d19f3a
SHA256:	7feef5ad07bad632f6440d1fb5e0aaf9464fe27eb7ea5e489ae4f79bfee5b2ea
SHA512:	d72d40832e31803a73d1615ffc6eb6b6e046d36afac6cb1d4462b3dc50dd5a8ebce10c5ba4d44fb4fad8f6760167d3c219fecfe6c65359d07226b8e1199555d7
SSDEEP:	1536:bWscjmrfvWdHCX9hGnYtWQgJIY3pp6mqOj:bWirfvWxCXGYtFcpImH
File Content Preview:	.ELF....................h...4...........4. ...(.....................`...`...............d...d...d...\...\...........Q.td............................U..S........"...h........[]...$.............U......=.....t..1...................u........t...$`............

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048168
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	70912
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8048094	0x94	0x1c	0x0	0x6	AX	1
.text	PROGBITS	0x80480b0	0xb0	0x10401	0x0	0x6	AX	16
.fini	PROGBITS	0x80584b1	0x104b1	0x17	0x0	0x6	AX	1
.rodata	PROGBITS	0x80584e0	0x104e0	0xe80	0x0	0x2	A	32
.ctors	PROGBITS	0x805a364	0x11364	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x805a36c	0x1136c	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x805a3a0	0x113a0	0x120	0x0	0x3	WA	32
.bss	NOBITS	0x805a4c0	0x114c0	0x800	0x0	0x3	WA	32
.shstrtab	STRTAB	0x0	0x114c0	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x11360	0x11360	3.5001	0x5	R E	0x1000	.init .text .fini .rodata
LOAD	0x11364	0x805a364	0x805a364	0x15c	0x95c	2.4364	0x6	RW	0x1000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2021 09:43:28.392122030 CET	63108	23	192.168.2.23	68.151.86.156
Nov 1, 2021 09:43:28.392126083 CET	63108	2323	192.168.2.23	65.76.10.157
Nov 1, 2021 09:43:28.392153025 CET	63108	23	192.168.2.23	1.31.45.62
Nov 1, 2021 09:43:28.392158031 CET	63108	23	192.168.2.23	124.50.255.107
Nov 1, 2021 09:43:28.392158985 CET	63108	23	192.168.2.23	187.200.47.75
Nov 1, 2021 09:43:28.392162085 CET	63108	23	192.168.2.23	96.27.91.97
Nov 1, 2021 09:43:28.392160892 CET	63108	23	192.168.2.23	54.141.130.19
Nov 1, 2021 09:43:28.392172098 CET	63108	23	192.168.2.23	156.232.194.44
Nov 1, 2021 09:43:28.392183065 CET	63108	23	192.168.2.23	14.60.219.36
Nov 1, 2021 09:43:28.392184973 CET	63108	23	192.168.2.23	80.66.92.95
Nov 1, 2021 09:43:28.392184019 CET	63108	23	192.168.2.23	121.11.62.135
Nov 1, 2021 09:43:28.392191887 CET	63108	2323	192.168.2.23	165.114.154.251
Nov 1, 2021 09:43:28.392194033 CET	63108	23	192.168.2.23	77.197.61.153
Nov 1, 2021 09:43:28.392199993 CET	63108	23	192.168.2.23	104.125.179.179
Nov 1, 2021 09:43:28.392200947 CET	63108	23	192.168.2.23	47.78.75.38
Nov 1, 2021 09:43:28.392205954 CET	63108	23	192.168.2.23	159.147.207.244
Nov 1, 2021 09:43:28.392211914 CET	63108	23	192.168.2.23	24.74.123.108
Nov 1, 2021 09:43:28.392226934 CET	63108	23	192.168.2.23	101.138.110.71
Nov 1, 2021 09:43:28.392230034 CET	63108	23	192.168.2.23	144.62.250.181
Nov 1, 2021 09:43:28.392234087 CET	63108	23	192.168.2.23	160.96.29.164
Nov 1, 2021 09:43:28.392235994 CET	63108	23	192.168.2.23	183.2.65.125
Nov 1, 2021 09:43:28.392237902 CET	63108	23	192.168.2.23	161.89.115.135
Nov 1, 2021 09:43:28.392241001 CET	63108	23	192.168.2.23	4.215.32.161
Nov 1, 2021 09:43:28.392240047 CET	63108	23	192.168.2.23	53.222.122.229
Nov 1, 2021 09:43:28.392251015 CET	63108	23	192.168.2.23	186.217.153.216
Nov 1, 2021 09:43:28.392265081 CET	63108	23	192.168.2.23	126.175.225.244
Nov 1, 2021 09:43:28.392266989 CET	63108	23	192.168.2.23	95.136.38.80
Nov 1, 2021 09:43:28.392275095 CET	63108	23	192.168.2.23	84.23.168.34
Nov 1, 2021 09:43:28.392281055 CET	63108	23	192.168.2.23	149.141.117.70
Nov 1, 2021 09:43:28.392283916 CET	63108	2323	192.168.2.23	123.237.191.254
Nov 1, 2021 09:43:28.392292023 CET	63108	23	192.168.2.23	159.45.79.76
Nov 1, 2021 09:43:28.392294884 CET	63108	23	192.168.2.23	118.70.160.208
Nov 1, 2021 09:43:28.392306089 CET	63108	2323	192.168.2.23	83.117.106.174
Nov 1, 2021 09:43:28.392307043 CET	63108	23	192.168.2.23	160.130.94.1
Nov 1, 2021 09:43:28.392307043 CET	63108	23	192.168.2.23	188.214.26.137
Nov 1, 2021 09:43:28.392309904 CET	63108	23	192.168.2.23	186.99.167.244
Nov 1, 2021 09:43:28.392318010 CET	63108	23	192.168.2.23	121.69.134.116
Nov 1, 2021 09:43:28.392318964 CET	63108	23	192.168.2.23	148.34.102.50
Nov 1, 2021 09:43:28.392323971 CET	63108	23	192.168.2.23	99.207.115.45
Nov 1, 2021 09:43:28.392327070 CET	63108	23	192.168.2.23	216.90.237.233
Nov 1, 2021 09:43:28.392332077 CET	63108	23	192.168.2.23	212.145.133.178
Nov 1, 2021 09:43:28.392333031 CET	63108	23	192.168.2.23	123.202.34.22
Nov 1, 2021 09:43:28.392334938 CET	63108	23	192.168.2.23	77.125.22.168
Nov 1, 2021 09:43:28.392340899 CET	63108	23	192.168.2.23	4.1.161.43
Nov 1, 2021 09:43:28.392344952 CET	63108	23	192.168.2.23	198.35.117.70
Nov 1, 2021 09:43:28.392348051 CET	63108	23	192.168.2.23	190.230.90.182
Nov 1, 2021 09:43:28.392352104 CET	63108	23	192.168.2.23	122.175.224.219
Nov 1, 2021 09:43:28.392354012 CET	63108	23	192.168.2.23	192.48.51.176
Nov 1, 2021 09:43:28.392357111 CET	63108	23	192.168.2.23	191.1.143.85
Nov 1, 2021 09:43:28.392358065 CET	63108	23	192.168.2.23	158.50.209.210
Nov 1, 2021 09:43:28.392357111 CET	63108	23	192.168.2.23	74.221.3.251
Nov 1, 2021 09:43:28.392362118 CET	63108	2323	192.168.2.23	97.203.48.33
Nov 1, 2021 09:43:28.392364025 CET	63108	23	192.168.2.23	94.214.56.208
Nov 1, 2021 09:43:28.392381907 CET	63108	2323	192.168.2.23	109.40.137.123
Nov 1, 2021 09:43:28.392385960 CET	63108	23	192.168.2.23	176.98.193.48
Nov 1, 2021 09:43:28.392393112 CET	63108	23	192.168.2.23	125.145.255.200
Nov 1, 2021 09:43:28.393428087 CET	63108	23	192.168.2.23	149.122.176.153
Nov 1, 2021 09:43:28.393454075 CET	63108	23	192.168.2.23	85.44.247.148
Nov 1, 2021 09:43:28.393454075 CET	63108	23	192.168.2.23	139.146.180.153
Nov 1, 2021 09:43:28.393455029 CET	63108	2323	192.168.2.23	37.52.25.160
Nov 1, 2021 09:43:28.393455982 CET	63108	23	192.168.2.23	40.86.54.101
Nov 1, 2021 09:43:28.393456936 CET	63108	23	192.168.2.23	35.220.219.139
Nov 1, 2021 09:43:28.393471956 CET	63108	2323	192.168.2.23	203.161.129.188
Nov 1, 2021 09:43:28.393481970 CET	63108	23	192.168.2.23	220.146.253.173
Nov 1, 2021 09:43:28.393484116 CET	63108	23	192.168.2.23	125.202.19.188
Nov 1, 2021 09:43:28.393484116 CET	63108	23	192.168.2.23	126.102.158.248
Nov 1, 2021 09:43:28.393491030 CET	63108	23	192.168.2.23	80.31.101.77
Nov 1, 2021 09:43:28.393491983 CET	63108	23	192.168.2.23	106.159.75.32
Nov 1, 2021 09:43:28.393493891 CET	63108	23	192.168.2.23	70.157.219.236
Nov 1, 2021 09:43:28.393496037 CET	63108	23	192.168.2.23	179.65.55.26
Nov 1, 2021 09:43:28.393498898 CET	63108	23	192.168.2.23	5.137.107.55
Nov 1, 2021 09:43:28.393502951 CET	63108	23	192.168.2.23	31.125.138.5
Nov 1, 2021 09:43:28.393507004 CET	63108	23	192.168.2.23	65.207.252.26
Nov 1, 2021 09:43:28.393510103 CET	63108	23	192.168.2.23	93.157.224.194
Nov 1, 2021 09:43:28.393513918 CET	63108	23	192.168.2.23	44.166.252.183
Nov 1, 2021 09:43:28.393515110 CET	63108	23	192.168.2.23	118.89.92.173
Nov 1, 2021 09:43:28.393524885 CET	63108	23	192.168.2.23	53.165.234.253
Nov 1, 2021 09:43:28.393529892 CET	63108	23	192.168.2.23	4.246.182.218
Nov 1, 2021 09:43:28.393547058 CET	63108	23	192.168.2.23	46.67.218.96
Nov 1, 2021 09:43:28.393558979 CET	63108	23	192.168.2.23	176.86.7.178
Nov 1, 2021 09:43:28.393567085 CET	63108	23	192.168.2.23	67.64.173.71
Nov 1, 2021 09:43:28.393568993 CET	63108	23	192.168.2.23	66.165.41.101
Nov 1, 2021 09:43:28.393569946 CET	63108	23	192.168.2.23	119.132.178.213
Nov 1, 2021 09:43:28.393570900 CET	63108	23	192.168.2.23	76.85.24.35
Nov 1, 2021 09:43:28.393570900 CET	63108	23	192.168.2.23	163.103.10.168
Nov 1, 2021 09:43:28.393573999 CET	63108	23	192.168.2.23	123.236.171.176
Nov 1, 2021 09:43:28.393579006 CET	63108	2323	192.168.2.23	196.2.10.111
Nov 1, 2021 09:43:28.393585920 CET	63108	23	192.168.2.23	58.187.239.49
Nov 1, 2021 09:43:28.393591881 CET	63108	23	192.168.2.23	171.42.68.154
Nov 1, 2021 09:43:28.393598080 CET	63108	2323	192.168.2.23	218.131.219.131
Nov 1, 2021 09:43:28.393600941 CET	63108	2323	192.168.2.23	202.79.107.76
Nov 1, 2021 09:43:28.393601894 CET	63108	23	192.168.2.23	34.15.13.148
Nov 1, 2021 09:43:28.393604040 CET	63108	23	192.168.2.23	39.112.89.36
Nov 1, 2021 09:43:28.393610001 CET	63108	23	192.168.2.23	118.200.253.176
Nov 1, 2021 09:43:28.393611908 CET	63108	23	192.168.2.23	200.208.76.140
Nov 1, 2021 09:43:28.393619061 CET	63108	23	192.168.2.23	89.41.212.167
Nov 1, 2021 09:43:28.393624067 CET	63108	23	192.168.2.23	148.17.17.112
Nov 1, 2021 09:43:28.393631935 CET	63108	23	192.168.2.23	38.235.34.123
Nov 1, 2021 09:43:28.393634081 CET	63108	23	192.168.2.23	37.54.211.4
Nov 1, 2021 09:43:28.393645048 CET	63108	23	192.168.2.23	154.198.168.159

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 1, 2021 09:43:28.390194893 CET	192.168.2.23	8.8.8.8	0x4f2d	Standard query (0)	z0x3n.cf	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 1, 2021 09:43:28.426201105 CET	8.8.8.8	192.168.2.23	0x4f2d	No error (0)	z0x3n.cf		37.0.10.67	A (IP address)	IN (0x0001)

System Behavior

Analysis Process: V2WzER53Tt PID: 5240 Parent PID: 5115

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	/tmp/V2WzER53Tt
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Analysis Process: V2WzER53Tt PID: 5241 Parent PID: 5240

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	n/a
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Analysis Process: V2WzER53Tt PID: 5242 Parent PID: 5240

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	n/a
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Analysis Process: V2WzER53Tt PID: 5243 Parent PID: 5242

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	n/a
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Analysis Process: V2WzER53Tt PID: 5244 Parent PID: 5242

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	n/a
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Analysis Process: V2WzER53Tt PID: 5245 Parent PID: 5242

General

Start time:	09:43:27
Start date:	01/11/2021
Path:	/tmp/V2WzER53Tt
Arguments:	n/a
File size:	71312 bytes
MD5 hash:	4b0259083c8800d18cb941c66639a2e6

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report V2WzER53Tt

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: V2WzER53Tt PID: 5240 Parent PID: 5115

General

Analysis Process: V2WzER53Tt PID: 5241 Parent PID: 5240

General

Analysis Process: V2WzER53Tt PID: 5242 Parent PID: 5240

General

Analysis Process: V2WzER53Tt PID: 5243 Parent PID: 5242

General

Analysis Process: V2WzER53Tt PID: 5244 Parent PID: 5242

General

Analysis Process: V2WzER53Tt PID: 5245 Parent PID: 5242

General