Play interactive tour

Edit tour

Linux Analysis Report HdZIgkO5be

Overview

General Information

Sample Name:	HdZIgkO5be
Analysis ID:	514677
MD5:	1b5dfd49454f3d7fe8e518f904c88bc7
SHA1:	560ba6f16c235b269669d8bb8c6367045e521617
SHA256:	743ebdcaf8b0255212578ac797f920df17daba5f8036fb2f6c942316a2524d22
Tags:	32elfmirairenesas
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Sample listens on a socket

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	514677
Start date:	03.11.2021
Start time:	14:34:03
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 7s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	HdZIgkO5be
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal64.troj.lin@0/1@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

HdZIgkO5be (PID: 5234, Parent: 5111, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/HdZIgkO5be

HdZIgkO5be New Fork (PID: 5237, Parent: 5234)

HdZIgkO5be New Fork (PID: 5238, Parent: 5234)

HdZIgkO5be New Fork (PID: 5241, Parent: 5238)

HdZIgkO5be New Fork (PID: 5242, Parent: 5238)

dash New Fork (PID: 5257, Parent: 4335)

cat (PID: 5257, Parent: 4335, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.H4Yec3gXhs

dash New Fork (PID: 5258, Parent: 4335)

head (PID: 5258, Parent: 4335, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5259, Parent: 4335)

tr (PID: 5259, Parent: 4335, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5260, Parent: 4335)

cut (PID: 5260, Parent: 4335, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5261, Parent: 4335)

cat (PID: 5261, Parent: 4335, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.H4Yec3gXhs

dash New Fork (PID: 5262, Parent: 4335)

head (PID: 5262, Parent: 4335, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10

dash New Fork (PID: 5263, Parent: 4335)

tr (PID: 5263, Parent: 4335, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037

dash New Fork (PID: 5264, Parent: 4335)

cut (PID: 5264, Parent: 4335, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80

dash New Fork (PID: 5265, Parent: 4335)

rm (PID: 5265, Parent: 4335, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.H4Yec3gXhs /tmp/tmp.fjoJ0veOxV /tmp/tmp.nPTMpkeekC

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: HdZIgkO5be	Virustotal: Detection: 50%			Perma Link
Source: HdZIgkO5be	ReversingLabs: Detection: 48%

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44504
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44530
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43464
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39712
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44606
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43540
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 78.108.27.163:23 -> 192.168.2.23:54086
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39768
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:60932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43578
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49354
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44656
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39808
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33766
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43622
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44706
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39882
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33832
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44766
Source: Traffic	Snort IDS: 716 INFO TELNET access 36.91.71.101:23 -> 192.168.2.23:33196
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43716
Source: Traffic	Snort IDS: 716 INFO TELNET access 24.35.148.69:23 -> 192.168.2.23:32876
Source: Traffic	Snort IDS: 716 INFO TELNET access 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 98.198.235.132:23 -> 192.168.2.23:33916
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44842
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 119.234.142.98:23 -> 192.168.2.23:39978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 108.44.116.104:23 -> 192.168.2.23:49554
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 211.195.246.240:23 -> 192.168.2.23:43784
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 31.135.117.229:23 -> 192.168.2.23:44874
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 31.135.117.229:23 -> 192.168.2.23:44874

Source: global traffic	TCP traffic: 192.168.2.23:36892 -> 137.184.153.228:9931
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.177.46.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.227.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.75.127.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.187.92.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 167.171.192.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.211.57.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.52.179.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.30.112.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.127.118.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.60.85.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.195.240.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.6.184.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.189.255.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.105.193.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.232.113.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.98.65.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.13.58.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.207.49.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.50.80.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.56.113.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.11.79.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.44.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.50.90.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.46.223.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.84.176.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 165.62.208.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.22.70.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.204.186.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.1.82.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.22.168.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.117.100.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.107.69.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.168.89.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.210.204.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 5.145.183.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.32.180.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.138.219.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 108.126.206.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 190.156.45.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.106.145.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.97.136.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 121.19.39.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.41.170.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.173.158.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.234.189.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.197.71.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.60.131.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.148.183.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.151.240.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.42.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.110.132.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.191.89.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 126.242.35.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.30.208.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 38.134.234.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.44.9.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.131.165.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.163.198.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.115.157.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.249.104.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.248.247.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.132.209.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.71.89.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.164.155.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.192.167.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.6.213.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.96.120.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.47.134.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.25.27.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.66.231.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.51.77.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.83.164.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.65.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.186.34.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.255.130.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.48.192.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 82.175.217.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.211.184.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.61.147.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.219.33.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 155.157.158.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.118.143.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.177.178.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.151.41.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 166.247.4.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.136.238.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.9.46.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.82.90.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.230.115.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.87.228.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.195.105.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.148.115.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.129.93.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.27.92.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.117.194.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.35.214.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.34.192.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.104.10.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.142.172.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.215.179.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.207.155.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.1.22.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.244.186.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 78.250.206.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.5.236.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.212.2.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 187.61.44.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.45.53.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.126.69.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.238.26.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.164.152.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.235.61.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.148.129.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.76.79.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.250.171.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.88.114.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.194.223.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.60.244.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.15.173.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 73.65.92.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.169.170.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.15.110.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.196.111.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 52.42.160.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.164.196.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.76.52.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.16.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.101.125.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.138.67.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 59.136.63.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.73.40.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.226.158.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.215.146.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 86.15.173.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 12.163.82.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.7.246.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 131.112.143.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 139.25.207.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 198.138.165.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.19.79.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.189.145.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.103.66.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.196.51.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.91.94.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 142.245.27.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 149.165.101.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.77.86.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.255.129.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.172.113.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.223.218.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.22.252.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.111.16.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.55.194.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.24.195.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.129.20.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 223.42.135.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 14.114.229.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.234.114.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.197.101.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.12.243.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.125.7.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.32.26.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.223.162.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.31.34.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.106.85.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.65.218.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.113.148.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.110.59.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 182.38.80.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 171.59.62.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.205.57.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.167.184.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.145.182.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 85.36.207.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.17.98.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.179.114.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 154.164.133.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.91.93.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.144.162.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.165.39.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.224.214.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.101.216.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.170.200.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.176.142.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.0.179.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.209.153.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.1.140.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.147.178.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.51.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.19.27.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.92.29.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 216.207.30.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.47.255.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.49.250.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.155.200.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.140.0.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.97.250.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 196.226.241.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 168.11.100.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.107.248.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 208.72.45.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.2.115.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.17.128.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.160.147.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.102.154.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 145.230.9.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.111.226.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.122.12.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.53.163.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 125.185.67.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.148.77.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.105.135.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 201.8.251.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.140.64.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.79.148.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.139.133.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.235.117.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.144.75.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.69.37.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 19.109.113.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.109.60.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 25.37.32.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 76.137.144.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.131.252.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.30.116.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.51.46.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.41.0.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.208.202.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.253.243.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 99.27.44.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.223.18.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.108.117.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.199.241.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.93.128.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.9.10.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.137.243.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.138.168.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.143.81.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.170.39.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 163.249.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 185.111.121.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 62.143.94.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.14.50.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.157.251.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 84.27.104.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 104.98.46.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.198.152.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.246.80.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.79.100.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.41.249.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.225.131.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.54.61.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 177.50.107.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 117.135.144.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.148.114.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.111.193.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.184.115.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 200.56.56.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.240.117.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.46.208.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.102.64.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 180.124.161.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.143.140.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.249.36.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.25.99.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 34.149.77.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.79.144.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.219.110.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.147.217.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.45.174.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 17.181.78.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.89.54.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 114.92.235.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 222.155.1.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.103.190.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 43.138.17.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 71.233.87.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.34.240.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.139.201.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.127.86.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.148.11.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.92.222.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.212.238.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.199.230.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.62.1.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 48.57.240.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.156.216.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.213.212.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 143.175.167.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.142.60.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.107.93.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 109.14.41.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.240.200.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 194.163.25.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 67.12.89.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.83.220.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 69.76.170.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 92.75.23.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.118.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 105.186.47.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.107.80.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.176.196.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.39.196.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 107.158.119.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.249.213.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.96.213.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.46.234.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.96.179.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.52.46.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.28.43.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.62.15.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.157.81.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 173.217.165.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.240.9.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.52.86.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.187.209.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.104.91.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.83.119.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 45.160.126.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 176.253.254.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 103.119.137.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.12.65.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 18.135.162.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 189.65.10.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 35.93.31.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 170.97.125.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.245.178.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.147.17.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.75.221.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.84.111.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.70.178.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 202.52.253.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.111.251.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 161.38.66.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.148.64.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.177.129.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 32.72.79.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.192.230.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.151.156.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.110.26.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.37.94.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.195.156.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.245.169.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 115.61.160.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 209.183.185.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 178.173.241.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 37.182.235.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 140.165.172.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 137.178.159.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 96.240.229.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.31.29.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 9.82.57.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.51.57.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.17.9.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 110.251.125.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.145.136.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.66.55.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.203.7.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.85.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.203.114.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.151.167.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 1.239.86.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.24.38.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.35.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 219.40.93.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.134.157.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.111.205.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 80.33.103.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.141.103.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 118.24.91.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 63.172.157.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.210.164.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.96.213.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 75.50.215.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.145.253.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 39.175.190.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 46.122.101.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 203.29.26.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 31.142.80.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 169.156.45.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 74.43.9.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 8.14.92.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.218.142.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.4.99.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.83.146.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 164.14.127.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 195.231.25.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 135.91.17.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.12.188.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 77.82.39.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.171.154.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.203.163.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 175.86.225.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 133.153.8.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 197.230.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 213.160.79.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.196.217.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 98.139.24.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 151.128.66.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 179.249.174.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 53.7.101.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 111.120.175.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 123.243.207.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 156.42.229.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.153.149.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 95.144.251.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.67.69.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.202.162.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.17.78.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 160.51.19.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.116.244.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 70.200.201.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.47.127.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 150.81.44.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.173.97.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 184.7.253.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 61.216.121.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 129.148.63.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 152.134.98.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.131.229.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 40.193.222.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 124.154.26.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 191.235.220.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 68.27.96.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 47.168.23.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 27.121.204.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.218.4.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.150.27.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 188.0.67.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.159.115.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.27.213.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 20.146.101.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.68.107.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.250.5.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.228.255.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 181.199.211.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 159.188.92.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.214.29.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.13.199.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 65.94.102.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.220.181.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.96.169.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.80.225.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 221.79.78.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 58.30.94.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 146.30.79.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 54.36.26.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 207.244.17.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 13.215.99.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 41.225.94.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 205.187.28.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 144.37.89.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 157.69.201.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 50.118.47.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 113.96.53.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 90.198.113.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 128.93.25.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.226.99.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.109.204.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 204.1.123.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 174.58.239.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 57.48.130.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.153.118.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 2.141.167.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 87.241.141.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 186.231.171.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 64.228.134.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 147.157.26.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 138.131.100.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 132.19.181.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 81.212.84.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 42.138.255.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 93.139.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 24.240.192.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 116.164.152.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 102.42.54.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 122.216.247.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 210.145.40.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 101.132.232.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 212.153.106.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 206.197.110.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 130.98.41.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 4.146.32.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 91.53.130.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 72.239.19.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 199.138.47.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 36.43.47.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 220.105.225.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 49.118.188.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 44.59.81.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 211.110.66.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 134.249.251.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 112.101.176.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.183.73.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 60.212.227.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 162.135.142.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 97.36.179.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 218.87.115.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:55980 -> 66.47.156.67:2323

Source: /tmp/HdZIgkO5be (PID: 5234)

Socket: 127.0.0.1::1926

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39316
Source: unknown	Network traffic detected: HTTP traffic on port 39316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 137.184.153.228
Source: unknown	TCP traffic detected without corresponding DNS query: 124.177.46.61
Source: unknown	TCP traffic detected without corresponding DNS query: 185.195.91.61
Source: unknown	TCP traffic detected without corresponding DNS query: 151.88.234.61
Source: unknown	TCP traffic detected without corresponding DNS query: 182.127.94.25
Source: unknown	TCP traffic detected without corresponding DNS query: 162.221.64.62
Source: unknown	TCP traffic detected without corresponding DNS query: 14.103.167.177
Source: unknown	TCP traffic detected without corresponding DNS query: 183.82.130.208
Source: unknown	TCP traffic detected without corresponding DNS query: 81.6.74.34
Source: unknown	TCP traffic detected without corresponding DNS query: 78.239.87.237
Source: unknown	TCP traffic detected without corresponding DNS query: 106.53.154.131
Source: unknown	TCP traffic detected without corresponding DNS query: 32.227.82.200
Source: unknown	TCP traffic detected without corresponding DNS query: 115.193.190.102
Source: unknown	TCP traffic detected without corresponding DNS query: 66.120.40.238
Source: unknown	TCP traffic detected without corresponding DNS query: 70.125.244.82
Source: unknown	TCP traffic detected without corresponding DNS query: 118.200.193.237
Source: unknown	TCP traffic detected without corresponding DNS query: 133.139.104.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.177.37.122
Source: unknown	TCP traffic detected without corresponding DNS query: 176.208.182.94
Source: unknown	TCP traffic detected without corresponding DNS query: 111.228.203.122
Source: unknown	TCP traffic detected without corresponding DNS query: 136.76.154.94
Source: unknown	TCP traffic detected without corresponding DNS query: 80.160.249.207
Source: unknown	TCP traffic detected without corresponding DNS query: 63.75.127.220
Source: unknown	TCP traffic detected without corresponding DNS query: 117.199.173.81
Source: unknown	TCP traffic detected without corresponding DNS query: 135.221.17.157
Source: unknown	TCP traffic detected without corresponding DNS query: 208.175.103.211
Source: unknown	TCP traffic detected without corresponding DNS query: 161.75.244.81
Source: unknown	TCP traffic detected without corresponding DNS query: 221.83.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 162.144.115.119
Source: unknown	TCP traffic detected without corresponding DNS query: 176.222.80.101
Source: unknown	TCP traffic detected without corresponding DNS query: 131.187.92.6
Source: unknown	TCP traffic detected without corresponding DNS query: 92.174.234.143
Source: unknown	TCP traffic detected without corresponding DNS query: 99.102.116.204
Source: unknown	TCP traffic detected without corresponding DNS query: 198.211.146.23
Source: unknown	TCP traffic detected without corresponding DNS query: 68.243.46.81
Source: unknown	TCP traffic detected without corresponding DNS query: 179.13.201.132
Source: unknown	TCP traffic detected without corresponding DNS query: 218.60.89.128
Source: unknown	TCP traffic detected without corresponding DNS query: 119.101.3.34
Source: unknown	TCP traffic detected without corresponding DNS query: 167.171.192.12
Source: unknown	TCP traffic detected without corresponding DNS query: 115.32.114.50
Source: unknown	TCP traffic detected without corresponding DNS query: 205.96.234.201
Source: unknown	TCP traffic detected without corresponding DNS query: 143.208.48.180
Source: unknown	TCP traffic detected without corresponding DNS query: 118.243.234.36
Source: unknown	TCP traffic detected without corresponding DNS query: 213.11.84.17
Source: unknown	TCP traffic detected without corresponding DNS query: 138.15.209.62
Source: unknown	TCP traffic detected without corresponding DNS query: 140.200.124.48
Source: unknown	TCP traffic detected without corresponding DNS query: 197.211.57.85
Source: unknown	TCP traffic detected without corresponding DNS query: 38.75.239.230
Source: unknown	TCP traffic detected without corresponding DNS query: 88.173.151.60

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 34.249.145.219:443 -> 192.168.2.23:39316 version: TLS 1.2

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/1@0/0

Source: HdZIgkO5be

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /usr/bin/dash (PID: 5265)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.H4Yec3gXhs /tmp/tmp.fjoJ0veOxV /tmp/tmp.nPTMpkeekC

Source: /tmp/HdZIgkO5be (PID: 5234)

Queries kernel information via 'uname':

Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: U5!/etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000092d8783c.0000000073ca24fd.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: HdZIgkO5be, 5234.1.0000000031f49b14.00000000b5a8aa79.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/HdZIgkO5beSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HdZIgkO5be

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	File Deletion1	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HdZIgkO5be	51%	Virustotal		Browse
HdZIgkO5be	49%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ubuntu.com/blog/microk8s-memory-optimisation	motd-news.27.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
64.133.121.28	unknown	United States	1239	SPRINTLINKUS	false
110.4.132.88	unknown	Japan	4685	ASAHI-NETAsahiNetJP	false
192.20.120.87	unknown	United States	14153	EDGECAST-IRUS	false
13.163.22.158	unknown	United States	7018	ATT-INTERNET4US	false
48.76.175.244	unknown	United States	2686	ATGS-MMD-ASUS	false
64.155.235.85	unknown	United States	3356	LEVEL3US	false
206.141.247.32	unknown	United States	7132	SBIS-ASUS	false
42.128.68.101	unknown	China	4249	LILLY-ASUS	false
131.22.137.74	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
42.30.112.85	unknown	Korea Republic of	9644	SKTELECOM-NET-ASSKTelecomKR	false
80.138.21.138	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
74.39.79.11	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
106.146.245.154	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
140.246.119.194	unknown	China	58519	CHINATELECOM-CTCLOUDCloudComputingCorporationCN	false
156.152.214.245	unknown	United States	71	HP-INTERNET-ASUS	false
45.220.66.178	unknown	Seychelles	22769	DDOSING-BGP-NETWORKUS	false
59.146.137.204	unknown	Japan	2527	SO-NETSo-netEntertainmentCorporationJP	false
54.209.193.64	unknown	United States	14618	AMAZON-AESUS	false
57.75.159.6	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
139.34.57.100	unknown	United States	9905	LINKNET-ID-APLinknetASNID	false
88.39.187.28	unknown	Italy	3269	ASN-IBSNAZIT	false
109.49.71.237	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
178.201.60.193	unknown	Germany	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
98.55.87.226	unknown	United States	7922	COMCAST-7922US	false
108.163.174.131	unknown	Canada	32613	IWEB-ASCA	false
209.158.237.86	unknown	United States	701	UUNETUS	false
211.80.251.197	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
103.227.88.150	unknown	Hong Kong	134078	NETPLUZ-AS-APNETPLUZHOLDINGSPRIVATELIMITEDSG	false
80.247.97.154	unknown	Russian Federation	21365	INTELECA-ASRussiaBarnaulRU	false
97.211.140.133	unknown	United States	6167	CELLCO-PARTUS	false
37.2.172.136	unknown	Sweden	1257	TELE2EU	false
153.176.2.177	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
153.173.231.69	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
77.179.253.44	unknown	Germany	6805	TDDE-ASN1DE	false
206.24.109.11	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
192.227.172.222	unknown	United States	36352	AS-COLOCROSSINGUS	false
42.180.134.40	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
134.218.234.55	unknown	United States	22586	AS22586US	false
97.185.107.185	unknown	United States	6167	CELLCO-PARTUS	false
42.54.69.60	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
2.53.80.24	unknown	Israel	12400	PARTNER-ASIL	false
17.125.181.191	unknown	United States	714	APPLE-ENGINEERINGUS	false
138.118.91.230	unknown	Brazil	262485	SCRIOTELECOMUNICACOESEINFORMATICALTDABR	false
96.43.47.102	unknown	United States	23404	RITTERNETUS	false
5.55.222.216	unknown	Greece	3329	HOL-GRAthensGreeceGR	false
12.139.76.108	unknown	United States	7018	ATT-INTERNET4US	false
66.40.171.253	unknown	Canada	13768	COGECO-PEER1CA	false
119.161.182.40	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
45.53.108.14	unknown	United States	5650	FRONTIER-FRTRUS	false
121.165.152.110	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
139.34.113.220	unknown	United States	9905	LINKNET-ID-APLinknetASNID	false
40.151.134.6	unknown	United States	4249	LILLY-ASUS	false
2.53.79.49	unknown	Israel	12400	PARTNER-ASIL	false
25.94.196.216	unknown	United Kingdom	7922	COMCAST-7922US	false
51.110.38.67	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.43.226.219	unknown	United States	22394	CELLCOUS	false
43.52.108.99	unknown	Japan	4249	LILLY-ASUS	false
154.235.180.205	unknown	Cote D'ivoire	36974	AFNET-ASCI	false
13.209.107.25	unknown	United States	16509	AMAZON-02US	false
27.221.202.131	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
176.202.208.137	unknown	Qatar	8781	QA-ISPQA	false
38.31.207.157	unknown	United States	174	COGENT-174US	false
134.158.112.54	unknown	France	789	IN2P3IN2P3AutonomousSystemEU	false
82.116.89.3	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
63.88.124.112	unknown	United States	701	UUNETUS	false
13.181.20.246	unknown	United States	7018	ATT-INTERNET4US	false
159.15.172.185	unknown	United Kingdom	8897	KCOM-SPNService-ProviderNetworkex-MistralGB	false
174.126.143.65	unknown	United States	11492	CABLEONEUS	false
61.38.180.140	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
204.216.163.145	unknown	United States	4544	CONXION-AUS	false
206.74.116.46	unknown	United States	12208	TRUVISTAUS	false
13.106.20.155	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
67.28.217.149	unknown	United States	202818	LEVEL3COMMUNICATIONSFR	false
123.143.60.52	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
93.73.21.206	unknown	Ukraine	25229	VOLIA-ASUA	false
67.219.84.252	unknown	United States	11492	CABLEONEUS	false
103.101.14.43	unknown	China	23734	NETROUTINGINC-AS-APNetroutingIncUS	false
52.233.156.230	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.60.165.23	unknown	United States	2686	ATGS-MMD-ASUS	false
138.7.41.118	unknown	Australia	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
113.236.231.12	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
88.125.199.114	unknown	France	12322	PROXADFR	false
117.35.190.95	unknown	China	4835	CHINANET-IDC-SNChinaTelecomGroupCN	false
87.198.85.91	unknown	Ireland	34245	MAGNET-ASIE	false
44.140.71.217	unknown	United States	1653	SUNETSUNETSwedishUniversityNetworkEU	false
195.231.25.126	unknown	Italy	202242	ARUBA-CLOUDIT	false
118.28.235.118	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
73.37.39.244	unknown	United States	7922	COMCAST-7922US	false
89.41.195.75	unknown	Iran (ISLAMIC Republic Of)	57218	RIGHTELIR	false
106.252.34.137	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
162.237.151.226	unknown	United States	7018	ATT-INTERNET4US	false
51.108.249.23	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
168.11.100.139	unknown	United States	3480	PEACHNET-AS2US	false
199.172.104.169	unknown	United States	701	UUNETUS	false
46.63.231.119	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
120.99.177.30	unknown	Taiwan; Republic of China (ROC)	17716	NTU-TWNationalTaiwanUniversityTW	false
132.28.253.212	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
94.184.96.7	unknown	Iran (ISLAMIC Republic Of)	6736	IRANET-IPMInstituteforResearchinFundamentalSciencesI	false
44.25.148.202	unknown	United States	63479	HAMWANUS	false
76.15.160.88	unknown	United States	12271	TWC-12271-NYCUS	false

Runtime Messages

Command:	/tmp/HdZIgkO5be
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	JEW was here lol
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
77.179.253.44	4eB1luja0v	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ASAHI-NETAsahiNetJP	x86-20211103-0152	Get hash	malicious	Browse	14.3.193.10
	Z7QqCH0bak	Get hash	malicious	Browse	157.107.185.94
	32UX3eB2m0	Get hash	malicious	Browse	118.243.197.144
	jJ6GK5qbZt	Get hash	malicious	Browse	219.121.22.130
	en94piXmL6	Get hash	malicious	Browse	118.243.197.109
	g22kPe2LIc	Get hash	malicious	Browse	210.253.240.200
	jviIYCvWBc	Get hash	malicious	Browse	14.3.144.55
	b3astmode.arm	Get hash	malicious	Browse	118.243.197.105
	x86	Get hash	malicious	Browse	157.107.79.209
	jpVQoYXUk7	Get hash	malicious	Browse	183.77.123.110
	UniRHdW5VC	Get hash	malicious	Browse	157.107.79.213
	VdhQknQq9e	Get hash	malicious	Browse	138.64.186.255
	o4wjsQMo7q	Get hash	malicious	Browse	118.243.149.203
	cvWFjfKtdH	Get hash	malicious	Browse	122.249.144.105
	SecuriteInfo.com.Linux.BackDoor.Fgt.1541.29094.31457	Get hash	malicious	Browse	14.3.193.20
	LsgCcJSqnz	Get hash	malicious	Browse	118.243.31.64
	sora.arm	Get hash	malicious	Browse	203.189.62.96
	eVtKZt4DLL	Get hash	malicious	Browse	111.234.205.167
	22693dBj8t	Get hash	malicious	Browse	14.3.120.82
	mirai.x86	Get hash	malicious	Browse	110.5.0.124
SPRINTLINKUS	cavEG2l8fj	Get hash	malicious	Browse	63.185.84.36
	arm-20211102-0937	Get hash	malicious	Browse	204.104.131.234
	arm5-20211102-0937	Get hash	malicious	Browse	63.178.243.141
	dUW6YG1Tdv	Get hash	malicious	Browse	63.175.225.90
	Ko84iLip1u	Get hash	malicious	Browse	65.173.0.172
	t7WU0JjLAR	Get hash	malicious	Browse	204.122.86.139
	FGVOkw9did	Get hash	malicious	Browse	204.180.4.59
	mxHkqAIYT0	Get hash	malicious	Browse	206.105.40.49
	swOGb2sZYt	Get hash	malicious	Browse	63.184.206.211
	V2WzER53Tt	Get hash	malicious	Browse	206.106.173.7
	a5nulABeSk	Get hash	malicious	Browse	63.178.243.137
	arm7	Get hash	malicious	Browse	173.107.83.131
	z0x3n.arm7	Get hash	malicious	Browse	173.148.206.146
	arm	Get hash	malicious	Browse	63.162.162.17
	QZ2CN6CUyv	Get hash	malicious	Browse	63.185.84.37
	Z7QqCH0bak	Get hash	malicious	Browse	144.243.45.220
	vEBWe85OY5	Get hash	malicious	Browse	63.162.162.61
	5mLAGfiGBf	Get hash	malicious	Browse	207.12.164.60
	x86_64	Get hash	malicious	Browse	63.177.253.255
	mdyu2wtnR8	Get hash	malicious	Browse	207.143.192.20

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/var/cache/motd-news Download File
Process:	/usr/bin/cut
File Type:	ASCII text
Category:	dropped
Size (bytes):	191
Entropy (8bit):	4.515771857099866
Encrypted:	false
SSDEEP:	3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
MD5:	DD514F892B5F93ED615D366E58AC58AF
SHA1:	BA75EDB3C2232CC260BC187F604DC8F25AA72C11
SHA-256:	F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
SHA-512:	9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	* Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

Static File Info

General
File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.815905745089519
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	HdZIgkO5be
File size:	51924
MD5:	1b5dfd49454f3d7fe8e518f904c88bc7
SHA1:	560ba6f16c235b269669d8bb8c6367045e521617
SHA256:	743ebdcaf8b0255212578ac797f920df17daba5f8036fb2f6c942316a2524d22
SHA512:	9357c7595c8681f99a9821cd1de0451a06a9e4cae87343ab8a4766ec824d02063ae2b82af2257d2ac6b9838cd48499540c9d8df3e4c12593d1cb7bdf0b278b14
SSDEEP:	768:Er9Q6eGyC75erUUeOiwwtNp40ZdiWFyGoMuJLk3XCmlolN9aXCxw:EcdC753UlwtNFFyGoMD3X3qlGXCxw
File Content Preview:	.ELF.....................@.4...D.......4. ...(...............@...@...........................A...A.(...<...........Q.td............................././"O.n........#.@........#.*@,....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0x9
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	51524
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x30	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0xbe40	0x0	0x6	AX	32
.fini	PROGBITS	0x40bf20	0xbf20	0x24	0x0	0x6	AX	4
.rodata	PROGBITS	0x40bf44	0xbf44	0x794	0x0	0x2	A	4
.ctors	PROGBITS	0x41c6dc	0xc6dc	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x41c6e4	0xc6e4	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x41c6f0	0xc6f0	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x41c904	0xc904	0x314	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xc904	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0xc6d8	0xc6d8	4.7390	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xc6dc	0x41c6dc	0x41c6dc	0x228	0x53c	1.5998	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 3, 2021 14:34:49.128318071 CET	42836	443	192.168.2.23	91.189.91.43
Nov 3, 2021 14:34:49.298984051 CET	36892	9931	192.168.2.23	137.184.153.228
Nov 3, 2021 14:34:49.311362028 CET	55980	2323	192.168.2.23	124.177.46.61
Nov 3, 2021 14:34:49.311404943 CET	55980	23	192.168.2.23	185.195.91.61
Nov 3, 2021 14:34:49.311420918 CET	55980	23	192.168.2.23	151.88.234.61
Nov 3, 2021 14:34:49.311446905 CET	55980	23	192.168.2.23	182.127.94.25
Nov 3, 2021 14:34:49.311467886 CET	55980	23	192.168.2.23	162.221.64.62
Nov 3, 2021 14:34:49.311491013 CET	55980	23	192.168.2.23	14.103.167.177
Nov 3, 2021 14:34:49.311496019 CET	55980	23	192.168.2.23	183.82.130.208
Nov 3, 2021 14:34:49.311496019 CET	55980	23	192.168.2.23	81.6.74.34
Nov 3, 2021 14:34:49.311507940 CET	55980	23	192.168.2.23	78.239.87.237
Nov 3, 2021 14:34:49.311518908 CET	55980	23	192.168.2.23	106.53.154.131
Nov 3, 2021 14:34:49.311521053 CET	55980	2323	192.168.2.23	32.227.82.200
Nov 3, 2021 14:34:49.311544895 CET	55980	23	192.168.2.23	115.193.190.102
Nov 3, 2021 14:34:49.311556101 CET	55980	23	192.168.2.23	66.120.40.238
Nov 3, 2021 14:34:49.311564922 CET	55980	23	192.168.2.23	70.125.244.82
Nov 3, 2021 14:34:49.311572075 CET	55980	23	192.168.2.23	118.200.193.237
Nov 3, 2021 14:34:49.311573029 CET	55980	23	192.168.2.23	133.139.104.73
Nov 3, 2021 14:34:49.311587095 CET	55980	23	192.168.2.23	40.177.37.122
Nov 3, 2021 14:34:49.311593056 CET	55980	23	192.168.2.23	201.33.210.150
Nov 3, 2021 14:34:49.311599016 CET	55980	23	192.168.2.23	176.208.182.94
Nov 3, 2021 14:34:49.311620951 CET	55980	23	192.168.2.23	111.228.203.122
Nov 3, 2021 14:34:49.311623096 CET	55980	23	192.168.2.23	136.76.154.94
Nov 3, 2021 14:34:49.311629057 CET	55980	23	192.168.2.23	80.160.249.207
Nov 3, 2021 14:34:49.311631918 CET	55980	2323	192.168.2.23	63.75.127.220
Nov 3, 2021 14:34:49.311638117 CET	55980	23	192.168.2.23	117.199.173.81
Nov 3, 2021 14:34:49.311639071 CET	55980	23	192.168.2.23	135.221.17.157
Nov 3, 2021 14:34:49.311640024 CET	55980	23	192.168.2.23	208.175.103.211
Nov 3, 2021 14:34:49.311656952 CET	55980	23	192.168.2.23	161.75.244.81
Nov 3, 2021 14:34:49.311678886 CET	55980	23	192.168.2.23	221.83.26.63
Nov 3, 2021 14:34:49.311693907 CET	55980	23	192.168.2.23	162.144.115.119
Nov 3, 2021 14:34:49.311703920 CET	55980	23	192.168.2.23	176.222.80.101
Nov 3, 2021 14:34:49.311714888 CET	55980	2323	192.168.2.23	131.187.92.6
Nov 3, 2021 14:34:49.311723948 CET	55980	23	192.168.2.23	92.174.234.143
Nov 3, 2021 14:34:49.311728001 CET	55980	23	192.168.2.23	99.102.116.204
Nov 3, 2021 14:34:49.311728954 CET	55980	23	192.168.2.23	198.211.146.23
Nov 3, 2021 14:34:49.311729908 CET	55980	23	192.168.2.23	68.243.46.81
Nov 3, 2021 14:34:49.311749935 CET	55980	23	192.168.2.23	179.13.201.132
Nov 3, 2021 14:34:49.311757088 CET	55980	23	192.168.2.23	218.60.89.128
Nov 3, 2021 14:34:49.311758995 CET	55980	23	192.168.2.23	210.61.235.185
Nov 3, 2021 14:34:49.311769009 CET	55980	23	192.168.2.23	119.101.3.34
Nov 3, 2021 14:34:49.311770916 CET	55980	2323	192.168.2.23	167.171.192.12
Nov 3, 2021 14:34:49.311777115 CET	55980	23	192.168.2.23	115.32.114.50
Nov 3, 2021 14:34:49.311783075 CET	55980	23	192.168.2.23	205.96.234.201
Nov 3, 2021 14:34:49.311795950 CET	55980	23	192.168.2.23	143.208.48.180
Nov 3, 2021 14:34:49.311816931 CET	55980	23	192.168.2.23	118.243.234.36
Nov 3, 2021 14:34:49.311825037 CET	55980	23	192.168.2.23	213.11.84.17
Nov 3, 2021 14:34:49.311829090 CET	55980	23	192.168.2.23	138.15.209.62
Nov 3, 2021 14:34:49.311831951 CET	55980	23	192.168.2.23	140.200.124.48
Nov 3, 2021 14:34:49.311834097 CET	55980	2323	192.168.2.23	197.211.57.85
Nov 3, 2021 14:34:49.311837912 CET	55980	23	192.168.2.23	38.75.239.230
Nov 3, 2021 14:34:49.311839104 CET	55980	23	192.168.2.23	88.173.151.60
Nov 3, 2021 14:34:49.311839104 CET	55980	23	192.168.2.23	54.204.111.92
Nov 3, 2021 14:34:49.311844110 CET	55980	23	192.168.2.23	63.77.222.67
Nov 3, 2021 14:34:49.311853886 CET	55980	23	192.168.2.23	202.50.100.60
Nov 3, 2021 14:34:49.311857939 CET	55980	23	192.168.2.23	220.111.89.187
Nov 3, 2021 14:34:49.311861992 CET	55980	23	192.168.2.23	219.49.12.113
Nov 3, 2021 14:34:49.311880112 CET	55980	23	192.168.2.23	1.114.96.129
Nov 3, 2021 14:34:49.311892033 CET	55980	23	192.168.2.23	71.43.56.222
Nov 3, 2021 14:34:49.311897039 CET	55980	23	192.168.2.23	181.167.168.64
Nov 3, 2021 14:34:49.311913013 CET	55980	23	192.168.2.23	36.250.19.218
Nov 3, 2021 14:34:49.311916113 CET	55980	2323	192.168.2.23	145.52.179.185
Nov 3, 2021 14:34:49.311918974 CET	55980	23	192.168.2.23	190.112.134.196
Nov 3, 2021 14:34:49.311920881 CET	55980	23	192.168.2.23	98.17.187.30
Nov 3, 2021 14:34:49.311932087 CET	55980	23	192.168.2.23	114.0.73.183
Nov 3, 2021 14:34:49.311944962 CET	55980	23	192.168.2.23	71.49.62.29
Nov 3, 2021 14:34:49.311945915 CET	55980	23	192.168.2.23	216.163.103.91
Nov 3, 2021 14:34:49.311952114 CET	55980	23	192.168.2.23	200.74.14.243
Nov 3, 2021 14:34:49.311964989 CET	55980	23	192.168.2.23	139.132.188.90
Nov 3, 2021 14:34:49.311974049 CET	55980	23	192.168.2.23	121.123.45.169
Nov 3, 2021 14:34:49.311980963 CET	55980	23	192.168.2.23	155.163.2.67
Nov 3, 2021 14:34:49.311981916 CET	55980	23	192.168.2.23	157.38.209.22
Nov 3, 2021 14:34:49.311985016 CET	55980	2323	192.168.2.23	84.30.112.101
Nov 3, 2021 14:34:49.311992884 CET	55980	23	192.168.2.23	175.50.211.10
Nov 3, 2021 14:34:49.312000036 CET	55980	23	192.168.2.23	188.213.149.85
Nov 3, 2021 14:34:49.312014103 CET	55980	23	192.168.2.23	162.59.207.134
Nov 3, 2021 14:34:49.312015057 CET	55980	23	192.168.2.23	147.156.124.90
Nov 3, 2021 14:34:49.312028885 CET	55980	23	192.168.2.23	76.215.34.101
Nov 3, 2021 14:34:49.312031031 CET	55980	23	192.168.2.23	186.86.190.94
Nov 3, 2021 14:34:49.312047005 CET	55980	23	192.168.2.23	157.221.59.66
Nov 3, 2021 14:34:49.312047958 CET	55980	23	192.168.2.23	93.111.45.212
Nov 3, 2021 14:34:49.312062025 CET	55980	23	192.168.2.23	168.248.217.100
Nov 3, 2021 14:34:49.312074900 CET	55980	23	192.168.2.23	188.201.101.170
Nov 3, 2021 14:34:49.312083006 CET	55980	23	192.168.2.23	195.56.108.14
Nov 3, 2021 14:34:49.312083006 CET	55980	2323	192.168.2.23	188.127.118.127
Nov 3, 2021 14:34:49.312097073 CET	55980	23	192.168.2.23	88.72.236.24
Nov 3, 2021 14:34:49.312099934 CET	55980	23	192.168.2.23	96.67.60.236
Nov 3, 2021 14:34:49.312117100 CET	55980	23	192.168.2.23	70.150.228.8
Nov 3, 2021 14:34:49.312120914 CET	55980	23	192.168.2.23	53.98.79.46
Nov 3, 2021 14:34:49.312134981 CET	55980	23	192.168.2.23	105.162.89.236
Nov 3, 2021 14:34:49.312135935 CET	55980	23	192.168.2.23	167.84.245.213
Nov 3, 2021 14:34:49.312139988 CET	55980	23	192.168.2.23	213.59.104.5
Nov 3, 2021 14:34:49.312155962 CET	55980	23	192.168.2.23	197.13.128.53
Nov 3, 2021 14:34:49.312156916 CET	55980	23	192.168.2.23	118.67.145.42
Nov 3, 2021 14:34:49.312161922 CET	55980	2323	192.168.2.23	60.60.85.86
Nov 3, 2021 14:34:49.312165976 CET	55980	23	192.168.2.23	195.100.50.86
Nov 3, 2021 14:34:49.312170982 CET	55980	23	192.168.2.23	135.120.59.145
Nov 3, 2021 14:34:49.312180042 CET	55980	23	192.168.2.23	45.102.167.7
Nov 3, 2021 14:34:49.312189102 CET	55980	23	192.168.2.23	174.124.143.44
Nov 3, 2021 14:34:49.312201977 CET	55980	23	192.168.2.23	4.215.21.219

System Behavior

Analysis Process: HdZIgkO5be PID: 5234 Parent PID: 5111

General

Start time:	14:34:48
Start date:	03/11/2021
Path:	/tmp/HdZIgkO5be
Arguments:	/tmp/HdZIgkO5be
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: HdZIgkO5be PID: 5237 Parent PID: 5234

General

Start time:	14:34:48
Start date:	03/11/2021
Path:	/tmp/HdZIgkO5be
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: HdZIgkO5be PID: 5238 Parent PID: 5234

General

Start time:	14:34:48
Start date:	03/11/2021
Path:	/tmp/HdZIgkO5be
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: HdZIgkO5be PID: 5241 Parent PID: 5238

General

Start time:	14:34:48
Start date:	03/11/2021
Path:	/tmp/HdZIgkO5be
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: HdZIgkO5be PID: 5242 Parent PID: 5238

General

Start time:	14:34:48
Start date:	03/11/2021
Path:	/tmp/HdZIgkO5be
Arguments:	n/a
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Analysis Process: dash PID: 5257 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5257 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.H4Yec3gXhs
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5258 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5258 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5259 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5259 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5260 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5260 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5261 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cat PID: 5261 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/cat
Arguments:	cat /tmp/tmp.H4Yec3gXhs
File size:	43416 bytes
MD5 hash:	7e9d213e404ad3bb82e4ebb2e1f2c1b3

Analysis Process: dash PID: 5262 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: head PID: 5262 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/head
Arguments:	head -n 10
File size:	47480 bytes
MD5 hash:	fd96a67145172477dd57131396fc9608

Analysis Process: dash PID: 5263 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: tr PID: 5263 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/tr
Arguments:	tr -d \\000-\\011\\013\\014\\016-\\037
File size:	51544 bytes
MD5 hash:	fbd1402dd9f72d8ebfff00ce7c3a7bb5

Analysis Process: dash PID: 5264 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: cut PID: 5264 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/cut
Arguments:	cut -c -80
File size:	47480 bytes
MD5 hash:	d8ed0ea8f22c0de0f8692d4d9f1759d3

Analysis Process: dash PID: 5265 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/dash
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Analysis Process: rm PID: 5265 Parent PID: 4335

General

Start time:	14:35:11
Start date:	03/11/2021
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.H4Yec3gXhs /tmp/tmp.fjoJ0veOxV /tmp/tmp.nPTMpkeekC
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report HdZIgkO5be

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: HdZIgkO5be PID: 5234 Parent PID: 5111

General

Analysis Process: HdZIgkO5be PID: 5237 Parent PID: 5234

General

Analysis Process: HdZIgkO5be PID: 5238 Parent PID: 5234

General

Analysis Process: HdZIgkO5be PID: 5241 Parent PID: 5238

General

Analysis Process: HdZIgkO5be PID: 5242 Parent PID: 5238

General

Analysis Process: dash PID: 5257 Parent PID: 4335

General

Analysis Process: cat PID: 5257 Parent PID: 4335

General

Analysis Process: dash PID: 5258 Parent PID: 4335

General

Analysis Process: head PID: 5258 Parent PID: 4335

General

Analysis Process: dash PID: 5259 Parent PID: 4335

General

Analysis Process: tr PID: 5259 Parent PID: 4335

General