Play interactive tour

Edit tour

Linux Analysis Report QX4Kudvf1x

Overview

General Information

Sample Name:	QX4Kudvf1x
Analysis ID:	514643
MD5:	5fe33cf30e900cb2903960d16f1f3ace
SHA1:	92f9cdbf6ca4efdb09a48714907913a74b70bf9e
SHA256:	5be14a462004f551c39bae8155098090695e6dc2ad48219a7792bf4d28a364f9
Tags:	32elfmiraimotorola
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	514643
Start date:	03.11.2021
Start time:	14:01:57
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 17s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	QX4Kudvf1x
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal64.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

QX4Kudvf1x (PID: 5239, Parent: 5115, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/QX4Kudvf1x

QX4Kudvf1x New Fork (PID: 5241, Parent: 5239)

QX4Kudvf1x New Fork (PID: 5242, Parent: 5239)

QX4Kudvf1x New Fork (PID: 5244, Parent: 5242)

QX4Kudvf1x New Fork (PID: 5246, Parent: 5242)

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: QX4Kudvf1x	Virustotal: Detection: 49%			Perma Link
Source: QX4Kudvf1x	ReversingLabs: Detection: 48%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39740
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39774
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45424
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39816
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45466
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45516
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39888
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:39960
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45576
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 91.98.120.172:23 -> 192.168.2.23:40012
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 220.133.51.9:23 -> 192.168.2.23:45662
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.98.120.172:23 -> 192.168.2.23:40098

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.129.54.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.7.152.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.61.106.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.167.40.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.248.147.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.181.200.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.177.191.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.92.228.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.238.144.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.198.166.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.102.148.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.37.111.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 20.141.6.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.6.236.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 221.255.236.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.246.54.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.130.31.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 34.48.255.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 148.65.79.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.228.111.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.118.214.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.118.11.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 36.97.22.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.22.141.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.185.63.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.230.50.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 61.173.82.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 76.19.124.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.174.218.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.123.28.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.137.98.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.22.72.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.152.38.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.39.236.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.250.171.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.251.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.163.130.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.169.110.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.220.82.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.132.248.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.239.132.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.156.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.146.215.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 144.67.148.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.106.65.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.239.90.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.68.55.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.96.34.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.101.81.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.51.2.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.138.71.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.198.197.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.215.75.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.189.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.120.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 85.44.210.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.11.179.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.133.254.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.36.134.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.226.201.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.205.211.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.137.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.42.24.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.18.25.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.154.6.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.41.136.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.183.70.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.22.77.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.194.141.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 49.148.227.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.189.185.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.4.108.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.178.245.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.213.15.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.239.149.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.177.143.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.189.126.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.247.104.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.3.38.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.177.126.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 186.203.158.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.152.90.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.30.112.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.31.5.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.28.124.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.228.155.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.160.22.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.149.171.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.253.99.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.90.36.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 119.226.5.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.123.166.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.115.185.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.37.120.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.25.27.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.21.84.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.162.243.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.57.137.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.251.59.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.4.130.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.148.172.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.70.147.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.152.50.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 109.179.10.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.134.90.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.81.220.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.32.158.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.143.103.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.104.163.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.87.76.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.202.169.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.221.34.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.21.196.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.103.162.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.55.225.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.188.244.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.7.126.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.239.61.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 95.200.7.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.173.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 135.65.79.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 179.227.76.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.187.222.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.227.43.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 83.22.231.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.128.219.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 132.6.95.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.119.74.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.20.54.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 199.227.143.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.76.53.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 212.43.243.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.218.123.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.124.207.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.114.88.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.254.85.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.234.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.144.68.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.49.184.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.42.91.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.7.49.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.82.254.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 19.55.6.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.171.15.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.62.10.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 133.231.168.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.242.214.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.155.95.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.160.165.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.30.138.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.41.152.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.179.249.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.206.72.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.249.226.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.102.113.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.0.177.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.25.235.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.186.189.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.192.166.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.211.55.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.94.197.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 203.197.36.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.58.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.200.197.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.153.105.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.81.244.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.77.72.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.205.30.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.126.16.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 102.3.160.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.202.44.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 121.29.2.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 120.2.100.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.23.78.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.220.215.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.119.95.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.170.27.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.202.194.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.44.78.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.24.188.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.124.186.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 50.190.242.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.254.235.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.48.212.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.82.132.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.0.138.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.9.206.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.150.30.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 183.53.145.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.116.31.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 100.234.113.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.38.208.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.250.156.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.132.197.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.244.30.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.251.233.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.112.140.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.218.152.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.246.164.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.242.71.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.230.113.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.11.144.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.132.170.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.18.179.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.215.63.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 193.211.69.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.253.77.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.63.17.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.46.235.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.54.128.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 180.238.242.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.242.212.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.14.117.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.183.33.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.163.43.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 117.216.146.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 150.6.153.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.79.146.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 145.183.216.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.209.94.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.80.134.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.188.90.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.129.126.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.38.213.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 188.30.138.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 146.19.236.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.143.110.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.223.75.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.6.217.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.196.211.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.243.193.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.219.131.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.49.133.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 141.210.111.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.130.81.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 189.58.65.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.67.240.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 111.112.92.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 58.57.177.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.255.26.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.198.234.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.120.217.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.243.122.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.75.240.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 162.231.167.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.114.35.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.77.23.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.194.57.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.19.137.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.78.204.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.19.84.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.11.131.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.121.227.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 108.24.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.61.132.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.84.52.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.39.66.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.109.229.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 72.229.0.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 68.237.138.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 38.214.98.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.251.249.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.140.183.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 128.88.228.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 12.188.80.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.189.120.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.215.96.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 47.103.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.13.184.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 54.156.208.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 208.60.53.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.34.215.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.199.158.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.21.39.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 200.30.145.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.143.5.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 151.240.94.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 211.216.5.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.128.230.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.186.64.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 74.223.94.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.149.19.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.201.60.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 174.200.185.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.46.163.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.58.182.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.232.63.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.77.133.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.157.59.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.202.235.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.213.214.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.38.55.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.114.217.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.100.243.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.105.161.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 201.151.2.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.105.52.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.29.71.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 210.217.9.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 105.68.55.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 123.234.234.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 191.201.115.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 106.124.95.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.133.75.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 73.202.80.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 57.194.41.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.48.68.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 136.163.220.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 13.139.28.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.187.229.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.8.115.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.83.253.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 70.20.94.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.182.86.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 170.187.178.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.18.144.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.126.53.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.173.55.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 204.95.244.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 207.38.53.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 53.216.88.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 98.85.163.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 39.179.11.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 1.128.71.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.47.210.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.96.85.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.75.232.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.68.253.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.177.28.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 161.115.17.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.10.152.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 171.86.63.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.137.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 118.139.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 218.58.48.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.75.173.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.0.25.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.83.59.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.238.15.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 86.1.81.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.67.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 59.73.241.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 25.184.188.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 97.194.14.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 223.30.124.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.192.60.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.87.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.165.179.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.107.177.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.61.91.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 107.205.164.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 42.197.169.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 9.97.40.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 24.56.30.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.14.189.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.173.58.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.122.243.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.252.29.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.250.94.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.83.157.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.230.6.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 17.28.114.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 140.213.8.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 219.155.152.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.80.140.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 125.247.88.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.141.51.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 80.187.62.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.171.240.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 197.55.225.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.194.63.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 41.99.142.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 122.151.100.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 165.176.106.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.211.72.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 48.136.219.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.14.188.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.55.83.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.74.107.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.59.20.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 52.14.195.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.199.111.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 134.76.154.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.216.160.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.66.106.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.84.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.81.195.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 182.167.254.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.136.72.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 37.225.229.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.240.10.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.137.24.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 126.121.218.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 206.91.247.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 160.208.196.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.134.98.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 131.105.241.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.199.150.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 169.117.152.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.33.37.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 51.143.208.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 195.97.132.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 147.11.106.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 222.175.83.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 23.151.73.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 163.147.113.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 14.17.22.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 88.219.53.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.122.204.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 94.131.175.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.126.234.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 152.117.172.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.69.75.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 114.88.247.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 185.221.65.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.38.122.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 181.207.11.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 87.199.87.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 67.212.106.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 44.2.19.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 130.76.62.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.187.35.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 92.195.176.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 196.98.207.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.159.239.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 77.116.203.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.121.250.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.91.150.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 142.169.244.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 43.104.202.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 115.85.33.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 113.34.69.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.27.91.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 209.229.36.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 32.62.27.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 35.12.182.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 103.114.230.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.164.166.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 93.252.3.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 205.100.51.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.140.205.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 154.132.131.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 168.230.70.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 158.191.164.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 104.160.49.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 65.7.231.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 178.181.233.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 78.192.166.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 46.9.148.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 139.197.69.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 91.143.236.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 40.187.66.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.44.91.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 8.60.171.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 64.48.37.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 177.186.71.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 60.22.185.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.41.46.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 2.203.99.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 217.142.155.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 198.83.210.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 159.231.161.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 5.53.140.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 45.137.208.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 4.28.187.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 184.35.225.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 84.131.38.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 137.111.223.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 176.255.43.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 79.201.182.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 194.112.8.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 149.136.209.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.226.125.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 63.112.182.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 112.61.97.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.186.27.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 187.248.102.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 62.116.95.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 82.42.214.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.42.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 90.153.35.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 31.74.183.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 216.209.158.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.143.34.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 155.94.64.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 175.157.61.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 69.170.197.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 220.24.150.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 153.207.26.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 157.94.206.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 89.196.81.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 18.151.218.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 173.96.134.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 27.231.42.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 101.163.75.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 143.62.31.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 167.235.85.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 166.59.245.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:47113 -> 110.161.137.147:2323

Source: /tmp/QX4Kudvf1x (PID: 5239)

Socket: 127.0.0.1::1926

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 126.129.54.116
Source: unknown	TCP traffic detected without corresponding DNS query: 129.182.67.117
Source: unknown	TCP traffic detected without corresponding DNS query: 64.77.18.238
Source: unknown	TCP traffic detected without corresponding DNS query: 88.170.214.34
Source: unknown	TCP traffic detected without corresponding DNS query: 134.238.52.231
Source: unknown	TCP traffic detected without corresponding DNS query: 87.211.153.91
Source: unknown	TCP traffic detected without corresponding DNS query: 39.147.216.157
Source: unknown	TCP traffic detected without corresponding DNS query: 81.239.255.217
Source: unknown	TCP traffic detected without corresponding DNS query: 124.225.101.187
Source: unknown	TCP traffic detected without corresponding DNS query: 187.189.89.209
Source: unknown	TCP traffic detected without corresponding DNS query: 177.7.152.225
Source: unknown	TCP traffic detected without corresponding DNS query: 173.100.96.103
Source: unknown	TCP traffic detected without corresponding DNS query: 183.37.79.101
Source: unknown	TCP traffic detected without corresponding DNS query: 18.170.40.192
Source: unknown	TCP traffic detected without corresponding DNS query: 9.179.173.172
Source: unknown	TCP traffic detected without corresponding DNS query: 156.49.205.211
Source: unknown	TCP traffic detected without corresponding DNS query: 90.179.51.76
Source: unknown	TCP traffic detected without corresponding DNS query: 70.233.104.243
Source: unknown	TCP traffic detected without corresponding DNS query: 113.63.36.247
Source: unknown	TCP traffic detected without corresponding DNS query: 185.61.106.134
Source: unknown	TCP traffic detected without corresponding DNS query: 68.134.119.133
Source: unknown	TCP traffic detected without corresponding DNS query: 51.100.89.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.54.56.224
Source: unknown	TCP traffic detected without corresponding DNS query: 153.86.43.142
Source: unknown	TCP traffic detected without corresponding DNS query: 136.180.153.166
Source: unknown	TCP traffic detected without corresponding DNS query: 169.173.220.49
Source: unknown	TCP traffic detected without corresponding DNS query: 201.205.149.128
Source: unknown	TCP traffic detected without corresponding DNS query: 192.213.191.12
Source: unknown	TCP traffic detected without corresponding DNS query: 79.201.148.209
Source: unknown	TCP traffic detected without corresponding DNS query: 111.32.117.47
Source: unknown	TCP traffic detected without corresponding DNS query: 212.167.40.170
Source: unknown	TCP traffic detected without corresponding DNS query: 212.83.218.70
Source: unknown	TCP traffic detected without corresponding DNS query: 9.25.123.233
Source: unknown	TCP traffic detected without corresponding DNS query: 200.176.255.75
Source: unknown	TCP traffic detected without corresponding DNS query: 51.48.54.114
Source: unknown	TCP traffic detected without corresponding DNS query: 178.37.70.8
Source: unknown	TCP traffic detected without corresponding DNS query: 105.212.80.4
Source: unknown	TCP traffic detected without corresponding DNS query: 112.199.11.131
Source: unknown	TCP traffic detected without corresponding DNS query: 62.163.134.138
Source: unknown	TCP traffic detected without corresponding DNS query: 213.203.45.233
Source: unknown	TCP traffic detected without corresponding DNS query: 155.248.147.70
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.69.240
Source: unknown	TCP traffic detected without corresponding DNS query: 88.42.70.73
Source: unknown	TCP traffic detected without corresponding DNS query: 102.45.103.110
Source: unknown	TCP traffic detected without corresponding DNS query: 193.173.101.66
Source: unknown	TCP traffic detected without corresponding DNS query: 32.253.4.10
Source: unknown	TCP traffic detected without corresponding DNS query: 90.195.25.133
Source: unknown	TCP traffic detected without corresponding DNS query: 34.225.21.165
Source: unknown	TCP traffic detected without corresponding DNS query: 91.98.197.117

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/0@0/0

Source: QX4Kudvf1x

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/QX4Kudvf1x (PID: 5239)

Queries kernel information via 'uname':

Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: QX4Kudvf1x, 5239.1.0000000071255f45.00000000d77771f1.rw-.sdmp	Binary or memory string: Gx86_64/usr/bin/qemu-m68k/tmp/QX4Kudvf1xSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/QX4Kudvf1x
Source: QX4Kudvf1x, 5239.1.00000000389dc556.00000000c6185993.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
QX4Kudvf1x	49%	Virustotal		Browse
QX4Kudvf1x	49%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
207.252.253.15	unknown	United States	10844	VASTNETUS	false
87.174.170.218	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
170.215.1.123	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
64.215.59.186	unknown	United States	3549	LVLT-3549US	false
209.188.192.81	unknown	United States	2152	CSUNET-NWUS	false
12.248.178.247	unknown	United States	7018	ATT-INTERNET4US	false
69.8.94.83	unknown	United States	8025	BRIGHTOK-ASUS	false
42.93.143.143	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
71.9.12.218	unknown	United States	20115	CHARTER-20115US	false
19.113.39.80	unknown	United States	3	MIT-GATEWAYSUS	false
140.12.77.152	unknown	United States	23700	FASTNET-AS-IDLinknet-FastnetASNID	false
187.114.120.15	unknown	Brazil	18881	TELEFONICABRASILSABR	false
99.207.129.35	unknown	United States	10507	SPCSUS	false
104.144.45.85	unknown	Canada	55286	SERVER-MANIACA	false
186.27.91.17	unknown	Bolivia	28024	NuevatelPCSdeBoliviaSABO	false
150.163.105.17	unknown	Brazil	1916	AssociacaoRedeNacionaldeEnsinoePesquisaBR	false
194.136.239.177	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
93.173.196.81	unknown	Israel	1680	NV-ASNCELLCOMltdIL	false
149.209.248.84	unknown	Norway	2830	MCI-DUAL-HOMED-CUSTOMERSGB	false
161.108.200.86	unknown	United States	3955	WANG-US-1US	false
46.172.91.173	unknown	Ukraine	48422	IT-STARCOM-AShttpwwwitstarcomnetUA	false
61.179.183.141	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
82.239.146.208	unknown	France	12322	PROXADFR	false
17.153.147.49	unknown	United States	714	APPLE-ENGINEERINGUS	false
1.61.30.168	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
36.212.52.156	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
90.17.49.162	unknown	France	3215	FranceTelecom-OrangeFR	false
219.47.227.225	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
178.192.115.23	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
153.14.218.209	unknown	United States	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
82.27.173.98	unknown	United Kingdom	5089	NTLGB	false
84.46.182.188	unknown	Lithuania	15419	LRTC-ASLT	false
92.117.4.8	unknown	Germany	8881	VERSATELDE	false
106.117.45.97	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
143.146.199.87	unknown	United States	399	AFCONC-BLOCK1-ASUS	false
37.177.110.215	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
178.24.145.59	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
212.79.253.142	unknown	Germany	203507	AVIRADEKaplaneiweg1DE	false
210.48.212.143	unknown	Australia	38084	ETHAN-AU-APEthanGroupAU	false
94.241.196.54	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
165.166.229.161	unknown	United States	2711	SPIRITTEL-ASUS	false
139.39.35.7	unknown	United States	5972	DNIC-ASBLK-05800-06055US	false
138.185.157.196	unknown	Brazil	264342	UPNETPROVEDORDEACESSOETELECOMBR	false
24.142.43.136	unknown	Canada	32233	PERSONACA	false
86.210.197.248	unknown	France	3215	FranceTelecom-OrangeFR	false
125.136.218.237	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
192.36.40.33	unknown	Sweden	25176	AC-NETSE	false
173.25.184.131	unknown	United States	30036	MEDIACOM-ENTERPRISE-BUSINESSUS	false
57.249.89.90	unknown	Belgium	2686	ATGS-MMD-ASUS	false
110.19.130.27	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
150.142.226.27	unknown	United States	14223	NYSDOHUS	false
14.1.253.124	unknown	Malaysia	45960	YTLCOMMS-AS-APYTLCOMMUNICATIONSSDNBHDMY	false
31.40.126.0	unknown	Russian Federation	56761	MULTINEX-MIASS-ASRU	false
213.5.165.223	unknown	Russian Federation	15673	TELESETI-PLUS-ASRU	false
135.248.152.229	unknown	United States	10455	LUCENT-CIOUS	false
46.215.117.92	unknown	Poland	8374	PLUSNETPlusnetworkoperatorinPolandPL	false
118.123.103.213	unknown	China	38283	CHINANET-SCIDC-AS-APCHINANETSiChuanTelecomInternetData	false
209.15.189.55	unknown	Canada	11290	CC-3272CA	false
191.160.73.87	unknown	Brazil	26615	TIMSABR	false
206.116.23.4	unknown	Canada	852	ASN852CA	false
36.173.8.143	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
122.202.143.12	unknown	Korea Republic of	9946	CABLENET-AS-KRKCTVJEJUBROADCASTINGKR	false
172.132.121.255	unknown	United States	7018	ATT-INTERNET4US	false
125.227.201.219	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
132.213.80.133	unknown	Canada	376	RISQ-ASCA	false
142.10.232.203	unknown	Canada	13576	SDNW-13576US	false
111.48.103.28	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
208.254.25.78	unknown	United States	11486	COLO-PREM-VZBUS	false
161.64.39.252	unknown	Macau	7582	UMAC-AS-APUniversityofMacauMO	false
82.32.247.245	unknown	United Kingdom	5089	NTLGB	false
61.197.166.78	unknown	Japan	2514	INFOSPHERENTTPCCommunicationsIncJP	false
12.16.138.186	unknown	United States	7018	ATT-INTERNET4US	false
83.47.191.245	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
168.76.73.116	unknown	South Africa	265240	ULTRANETSERVICOSEMINTERNETLTDABR	false
179.138.235.187	unknown	Brazil	26599	TELEFONICABRASILSABR	false
94.79.60.224	unknown	Russian Federation	8732	COMCOR-ASMoscowRU	false
131.44.242.127	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
104.19.61.172	unknown	United States	13335	CLOUDFLARENETUS	false
148.22.80.216	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
114.99.197.138	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
162.32.169.48	unknown	United States	35893	ACPCA	false
86.173.157.118	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
216.51.94.169	unknown	United States	2828	XO-AS15US	false
206.249.88.101	unknown	United States	174	COGENT-174US	false
204.29.221.41	unknown	United States	13325	STOMIUS	false
2.98.162.245	unknown	United Kingdom	13285	OPALTELECOM-ASTalkTalkCommunicationsLimitedGB	false
19.71.89.200	unknown	United States	3	MIT-GATEWAYSUS	false
70.74.179.170	unknown	Canada	6327	SHAWCA	false
64.148.234.59	unknown	United States	7018	ATT-INTERNET4US	false
150.170.41.46	unknown	United States	26438	MONROE-COMMUNITY-COLLEGEUS	false
97.61.226.168	unknown	United States	22394	CELLCOUS	false
149.214.42.119	unknown	Germany	5605	NETUSEDE	false
176.251.72.11	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
69.199.77.191	unknown	United States	17184	ATL-CBEYONDUS	false
87.17.71.206	unknown	Italy	3269	ASN-IBSNAZIT	false
161.16.200.200	unknown	United States	19512	LYONDELLUS	false
207.82.211.10	unknown	United States	10584	TRADEWEBUS	false
73.207.81.13	unknown	United States	7922	COMCAST-7922US	false
221.246.215.107	unknown	Japan	17506	UCOMARTERIANetworksCorporationJP	false
38.52.110.100	unknown	United States	174	COGENT-174US	false

Runtime Messages

Command:	/tmp/QX4Kudvf1x
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	JEW was here lol
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
187.114.120.15	AD0cHN7dR2	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
VASTNETUS	arm7-20211013-0650	Get hash	malicious	Browse	207.252.204.98
	LsgCcJSqnz	Get hash	malicious	Browse	207.252.216.85
	sora.x86	Get hash	malicious	Browse	207.252.228.91
	E2ecGhjXtG	Get hash	malicious	Browse	207.252.216.89
	eOtLRCQr22	Get hash	malicious	Browse	207.252.228.60
	i5aeHz4aJM	Get hash	malicious	Browse	207.252.253.102
DTAGInternetserviceprovideroperationsDE	b3astmode.arm	Get hash	malicious	Browse	217.4.69.177
	cavEG2l8fj	Get hash	malicious	Browse	2.170.90.44
	nY0UOuOPzI	Get hash	malicious	Browse	84.187.195.54
	arm7-20211103-0152	Get hash	malicious	Browse	84.137.48.47
	x86-20211103-0152	Get hash	malicious	Browse	91.29.31.39
	sora.arm	Get hash	malicious	Browse	79.237.66.215
	sora.x86	Get hash	malicious	Browse	217.237.3.225
	sora.arm	Get hash	malicious	Browse	93.204.166.84
	sora.arm7	Get hash	malicious	Browse	79.254.97.190
	sora.arm	Get hash	malicious	Browse	84.144.143.146
	sora.arm7	Get hash	malicious	Browse	80.132.249.121
	WmEErPtdS9	Get hash	malicious	Browse	87.154.68.57
	sora.x86	Get hash	malicious	Browse	87.180.143.9
	sora.arm7	Get hash	malicious	Browse	79.235.254.132
	6A9RyJXCd7	Get hash	malicious	Browse	79.214.175.95
	arm-20211102-0937	Get hash	malicious	Browse	79.238.112.149
	sora.arm7	Get hash	malicious	Browse	93.221.174.122
	sora.x86	Get hash	malicious	Browse	91.26.71.219
	sora.mips	Get hash	malicious	Browse	37.91.93.228
	mips-20211102-0937	Get hash	malicious	Browse	93.217.229.75
FRONTIER-AND-CITIZENSUS	arm7-20211103-0152	Get hash	malicious	Browse	74.34.248.64
	sora.x86	Get hash	malicious	Browse	74.33.14.3
	dUW6YG1Tdv	Get hash	malicious	Browse	184.9.231.61
	7DoAjWX5uZ	Get hash	malicious	Browse	50.36.214.99
	1Y2rsDBP9s	Get hash	malicious	Browse	74.34.248.47
	Yoshi.arm7	Get hash	malicious	Browse	184.12.211.39
	Yoshi.x86	Get hash	malicious	Browse	184.13.242.168
	HgTC70XRum	Get hash	malicious	Browse	184.14.58.56
	INsMwWSMeh	Get hash	malicious	Browse	184.9.231.90
	Tsunami.arm	Get hash	malicious	Browse	184.13.229.66
	07xBxVsvEn	Get hash	malicious	Browse	74.40.196.242
	yZ7D7o1Z7p	Get hash	malicious	Browse	74.39.43.37
	bKHI9UT0D1	Get hash	malicious	Browse	184.13.205.31
	IcwrPqGkXP	Get hash	malicious	Browse	184.11.40.157
	BMP4Nk5TTq	Get hash	malicious	Browse	184.14.180.127
	MMpysQ37RU	Get hash	malicious	Browse	65.73.206.158
	7SerHvEAjE	Get hash	malicious	Browse	74.42.216.110
	hoho.arm7	Get hash	malicious	Browse	170.215.191.1
	9aAl5Mt3Jz	Get hash	malicious	Browse	184.13.230.28
	4syAQhYxm8	Get hash	malicious	Browse	184.13.230.53

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.2171470760115675
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	QX4Kudvf1x
File size:	57092
MD5:	5fe33cf30e900cb2903960d16f1f3ace
SHA1:	92f9cdbf6ca4efdb09a48714907913a74b70bf9e
SHA256:	5be14a462004f551c39bae8155098090695e6dc2ad48219a7792bf4d28a364f9
SHA512:	db84dc122a044bab4b3a605c188868135f6282930fe64aa3b34d65668a7d9bbf92d0edbe206da7fbe1dcb9f061f826edabef0e9f4c5a7de71935c21957c81f1d
SSDEEP:	768:uMHejQFpI44XZAJ0xwv6qOl35a7SP0ypuo8Wh2QCfBqntyzruCi:uc4QFpUZAJIwv6qwHsyIo8Wh6fBqozrg
File Content Preview:	.ELF.......................D...4...t.....4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9...4f>"y...$ QJ.g.X.#....$N."y...$ QJ.f.A.....J.g.Hy....N.X........4N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	56692
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0xd33e	0x0	0x6	AX	4
.fini	PROGBITS	0x8000d3e6	0xd3e6	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x8000d3f4	0xd3f4	0x712	0x0	0x2	A	2
.ctors	PROGBITS	0x8000fb0c	0xdb0c	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x8000fb14	0xdb14	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x8000fb20	0xdb20	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x8000fd34	0xdd34	0x2a8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xdd34	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0xdb06	0xdb06	4.2934	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0xdb0c	0x8000fb0c	0x8000fb0c	0x228	0x4d0	1.5122	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 3, 2021 14:02:44.723004103 CET	36892	9931	192.168.2.23	137.184.153.228
Nov 3, 2021 14:02:44.749075890 CET	47113	2323	192.168.2.23	126.129.54.116
Nov 3, 2021 14:02:44.749339104 CET	47113	23	192.168.2.23	129.182.67.117
Nov 3, 2021 14:02:44.749401093 CET	47113	23	192.168.2.23	64.77.18.238
Nov 3, 2021 14:02:44.749417067 CET	47113	23	192.168.2.23	88.170.214.34
Nov 3, 2021 14:02:44.749423027 CET	47113	23	192.168.2.23	134.238.52.231
Nov 3, 2021 14:02:44.749439001 CET	47113	23	192.168.2.23	87.211.153.91
Nov 3, 2021 14:02:44.749454975 CET	47113	23	192.168.2.23	39.147.216.157
Nov 3, 2021 14:02:44.749455929 CET	47113	23	192.168.2.23	81.239.255.217
Nov 3, 2021 14:02:44.749458075 CET	47113	23	192.168.2.23	124.225.101.187
Nov 3, 2021 14:02:44.749460936 CET	47113	23	192.168.2.23	187.189.89.209
Nov 3, 2021 14:02:44.749476910 CET	47113	2323	192.168.2.23	177.7.152.225
Nov 3, 2021 14:02:44.749491930 CET	47113	23	192.168.2.23	173.100.96.103
Nov 3, 2021 14:02:44.749495983 CET	47113	23	192.168.2.23	183.37.79.101
Nov 3, 2021 14:02:44.749509096 CET	47113	23	192.168.2.23	18.170.40.192
Nov 3, 2021 14:02:44.749521017 CET	47113	23	192.168.2.23	9.179.173.172
Nov 3, 2021 14:02:44.749526024 CET	47113	23	192.168.2.23	156.49.205.211
Nov 3, 2021 14:02:44.749531984 CET	47113	23	192.168.2.23	90.179.51.76
Nov 3, 2021 14:02:44.749558926 CET	47113	23	192.168.2.23	70.233.104.243
Nov 3, 2021 14:02:44.749593973 CET	47113	23	192.168.2.23	113.63.36.247
Nov 3, 2021 14:02:44.749598980 CET	47113	2323	192.168.2.23	185.61.106.134
Nov 3, 2021 14:02:44.749613047 CET	47113	23	192.168.2.23	68.134.119.133
Nov 3, 2021 14:02:44.749614954 CET	47113	23	192.168.2.23	51.100.89.86
Nov 3, 2021 14:02:44.749625921 CET	47113	23	192.168.2.23	109.54.56.224
Nov 3, 2021 14:02:44.749630928 CET	47113	23	192.168.2.23	153.86.43.142
Nov 3, 2021 14:02:44.749689102 CET	47113	23	192.168.2.23	136.180.153.166
Nov 3, 2021 14:02:44.749720097 CET	47113	23	192.168.2.23	169.173.220.49
Nov 3, 2021 14:02:44.749754906 CET	47113	23	192.168.2.23	201.205.149.128
Nov 3, 2021 14:02:44.750004053 CET	47113	23	192.168.2.23	192.213.191.12
Nov 3, 2021 14:02:44.750019073 CET	47113	23	192.168.2.23	79.201.148.209
Nov 3, 2021 14:02:44.750021935 CET	47113	23	192.168.2.23	111.32.117.47
Nov 3, 2021 14:02:44.750032902 CET	47113	2323	192.168.2.23	212.167.40.170
Nov 3, 2021 14:02:44.750046015 CET	47113	23	192.168.2.23	212.83.218.70
Nov 3, 2021 14:02:44.750122070 CET	47113	23	192.168.2.23	9.25.123.233
Nov 3, 2021 14:02:44.750134945 CET	47113	23	192.168.2.23	200.176.255.75
Nov 3, 2021 14:02:44.750150919 CET	47113	23	192.168.2.23	51.48.54.114
Nov 3, 2021 14:02:44.750180960 CET	47113	23	192.168.2.23	178.37.70.8
Nov 3, 2021 14:02:44.750183105 CET	47113	23	192.168.2.23	105.212.80.4
Nov 3, 2021 14:02:44.750188112 CET	47113	23	192.168.2.23	112.199.11.131
Nov 3, 2021 14:02:44.750200033 CET	47113	23	192.168.2.23	62.163.134.138
Nov 3, 2021 14:02:44.750215054 CET	47113	23	192.168.2.23	213.203.45.233
Nov 3, 2021 14:02:44.750230074 CET	47113	2323	192.168.2.23	155.248.147.70
Nov 3, 2021 14:02:44.750231981 CET	47113	23	192.168.2.23	25.151.69.240
Nov 3, 2021 14:02:44.750267982 CET	47113	23	192.168.2.23	88.42.70.73
Nov 3, 2021 14:02:44.750273943 CET	47113	23	192.168.2.23	102.45.103.110
Nov 3, 2021 14:02:44.750313997 CET	47113	23	192.168.2.23	193.173.101.66
Nov 3, 2021 14:02:44.750324965 CET	47113	23	192.168.2.23	32.253.4.10
Nov 3, 2021 14:02:44.750332117 CET	47113	23	192.168.2.23	90.195.25.133
Nov 3, 2021 14:02:44.750339031 CET	47113	23	192.168.2.23	34.225.21.165
Nov 3, 2021 14:02:44.750346899 CET	47113	23	192.168.2.23	91.98.197.117
Nov 3, 2021 14:02:44.750365019 CET	47113	23	192.168.2.23	185.127.231.250
Nov 3, 2021 14:02:44.750376940 CET	47113	2323	192.168.2.23	87.181.200.76
Nov 3, 2021 14:02:44.750396013 CET	47113	23	192.168.2.23	34.105.190.108
Nov 3, 2021 14:02:44.750430107 CET	47113	23	192.168.2.23	187.51.203.121
Nov 3, 2021 14:02:44.750435114 CET	47113	23	192.168.2.23	162.78.200.16
Nov 3, 2021 14:02:44.750447035 CET	47113	23	192.168.2.23	54.153.87.226
Nov 3, 2021 14:02:44.750456095 CET	47113	23	192.168.2.23	8.174.110.119
Nov 3, 2021 14:02:44.750467062 CET	47113	23	192.168.2.23	180.223.107.242
Nov 3, 2021 14:02:44.750474930 CET	47113	23	192.168.2.23	145.87.228.43
Nov 3, 2021 14:02:44.750478983 CET	47113	23	192.168.2.23	131.136.147.223
Nov 3, 2021 14:02:44.750488997 CET	47113	23	192.168.2.23	13.176.28.132
Nov 3, 2021 14:02:44.750520945 CET	47113	2323	192.168.2.23	207.177.191.97
Nov 3, 2021 14:02:44.750556946 CET	47113	23	192.168.2.23	207.122.152.26
Nov 3, 2021 14:02:44.750566959 CET	47113	23	192.168.2.23	210.8.247.251
Nov 3, 2021 14:02:44.750581980 CET	47113	23	192.168.2.23	207.161.37.131
Nov 3, 2021 14:02:44.750587940 CET	47113	23	192.168.2.23	121.88.180.50
Nov 3, 2021 14:02:44.750598907 CET	47113	23	192.168.2.23	191.33.220.112
Nov 3, 2021 14:02:44.750601053 CET	47113	23	192.168.2.23	63.154.165.146
Nov 3, 2021 14:02:44.750602961 CET	47113	23	192.168.2.23	175.229.247.31
Nov 3, 2021 14:02:44.750605106 CET	47113	23	192.168.2.23	139.79.184.178
Nov 3, 2021 14:02:44.750617027 CET	47113	23	192.168.2.23	19.194.135.77
Nov 3, 2021 14:02:44.750631094 CET	47113	2323	192.168.2.23	133.92.228.146
Nov 3, 2021 14:02:44.750634909 CET	47113	23	192.168.2.23	142.181.243.175
Nov 3, 2021 14:02:44.750644922 CET	47113	23	192.168.2.23	64.200.154.186
Nov 3, 2021 14:02:44.750821114 CET	47113	23	192.168.2.23	75.213.184.226
Nov 3, 2021 14:02:44.750835896 CET	47113	23	192.168.2.23	58.198.229.229
Nov 3, 2021 14:02:44.750838041 CET	47113	23	192.168.2.23	200.183.61.142
Nov 3, 2021 14:02:44.750844955 CET	47113	23	192.168.2.23	35.251.139.198
Nov 3, 2021 14:02:44.750860929 CET	47113	23	192.168.2.23	109.56.201.254
Nov 3, 2021 14:02:44.750895977 CET	47113	23	192.168.2.23	95.29.255.203
Nov 3, 2021 14:02:44.750914097 CET	47113	23	192.168.2.23	146.108.67.171
Nov 3, 2021 14:02:44.750926018 CET	47113	2323	192.168.2.23	97.238.144.111
Nov 3, 2021 14:02:44.750936985 CET	47113	23	192.168.2.23	61.202.189.50
Nov 3, 2021 14:02:44.750945091 CET	47113	23	192.168.2.23	20.179.70.54
Nov 3, 2021 14:02:44.750957966 CET	47113	23	192.168.2.23	197.169.18.139
Nov 3, 2021 14:02:44.750996113 CET	47113	23	192.168.2.23	60.31.31.221
Nov 3, 2021 14:02:44.751046896 CET	47113	23	192.168.2.23	35.112.114.104
Nov 3, 2021 14:02:44.751050949 CET	47113	23	192.168.2.23	80.136.226.63
Nov 3, 2021 14:02:44.751059055 CET	47113	23	192.168.2.23	43.165.64.66
Nov 3, 2021 14:02:44.751060009 CET	47113	23	192.168.2.23	96.128.223.30
Nov 3, 2021 14:02:44.751070976 CET	47113	23	192.168.2.23	164.154.216.57
Nov 3, 2021 14:02:44.751071930 CET	47113	2323	192.168.2.23	118.198.166.183
Nov 3, 2021 14:02:44.751090050 CET	47113	23	192.168.2.23	179.156.93.250
Nov 3, 2021 14:02:44.751101017 CET	47113	23	192.168.2.23	189.189.162.117
Nov 3, 2021 14:02:44.751115084 CET	47113	23	192.168.2.23	153.137.242.36
Nov 3, 2021 14:02:44.751118898 CET	47113	23	192.168.2.23	111.8.35.234
Nov 3, 2021 14:02:44.751121998 CET	47113	23	192.168.2.23	125.222.0.97
Nov 3, 2021 14:02:44.751133919 CET	47113	23	192.168.2.23	138.175.124.210
Nov 3, 2021 14:02:44.751199007 CET	47113	23	192.168.2.23	219.43.157.202
Nov 3, 2021 14:02:44.751205921 CET	47113	23	192.168.2.23	2.228.200.13

System Behavior

Analysis Process: QX4Kudvf1x PID: 5239 Parent PID: 5115

General

Start time:	14:02:43
Start date:	03/11/2021
Path:	/tmp/QX4Kudvf1x
Arguments:	/tmp/QX4Kudvf1x
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: QX4Kudvf1x PID: 5241 Parent PID: 5239

General

Start time:	14:02:43
Start date:	03/11/2021
Path:	/tmp/QX4Kudvf1x
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: QX4Kudvf1x PID: 5242 Parent PID: 5239

General

Start time:	14:02:43
Start date:	03/11/2021
Path:	/tmp/QX4Kudvf1x
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: QX4Kudvf1x PID: 5244 Parent PID: 5242

General

Start time:	14:02:43
Start date:	03/11/2021
Path:	/tmp/QX4Kudvf1x
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Analysis Process: QX4Kudvf1x PID: 5246 Parent PID: 5242

General

Start time:	14:02:43
Start date:	03/11/2021
Path:	/tmp/QX4Kudvf1x
Arguments:	n/a
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report QX4Kudvf1x

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: QX4Kudvf1x PID: 5239 Parent PID: 5115

General

Analysis Process: QX4Kudvf1x PID: 5241 Parent PID: 5239

General

Analysis Process: QX4Kudvf1x PID: 5242 Parent PID: 5239

General

Analysis Process: QX4Kudvf1x PID: 5244 Parent PID: 5242

General

Analysis Process: QX4Kudvf1x PID: 5246 Parent PID: 5242

General