Play interactive tour

Edit tour

Linux Analysis Report QISwaj96QZ

Overview

General Information

Sample Name:	QISwaj96QZ
Analysis ID:	516358
MD5:	50484af9fb1e9cbb08d0559c6f6c4795
SHA1:	810a2ce65be134a31337c5aa6be31218854b0762
SHA256:	d43c6fda493518d67a8a1e7554af594f51576292dbac6cb3e0b1730fcc058d90
Tags:	32armelfmirai
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Yara signature match

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	516358
Start date:	05.11.2021
Start time:	11:26:48
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	QISwaj96QZ
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal64.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

QISwaj96QZ (PID: 5238, Parent: 5112, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/QISwaj96QZ

QISwaj96QZ New Fork (PID: 5242, Parent: 5238)

QISwaj96QZ New Fork (PID: 5243, Parent: 5238)

QISwaj96QZ New Fork (PID: 5246, Parent: 5243)

QISwaj96QZ New Fork (PID: 5247, Parent: 5243)

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
QISwaj96QZ	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x114c8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11538:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x115a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11618:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11688:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x118f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x1194c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119a0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11a48:$xo1: oMXKNNC\x0D\x17\x0C\x12

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5246.1.000000005c15cc02.000000007fed13cd.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x2ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x360:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3d4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x448:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x4bc:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x73c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x794:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x844:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x89c:$xo1: oMXKNNC\x0D\x17\x0C\x12
5246.1.00000000fac4855c.000000001b65e999.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x114c8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11538:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x115a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11618:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11688:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x118f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x1194c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119a0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11a48:$xo1: oMXKNNC\x0D\x17\x0C\x12
5242.1.000000005c15cc02.000000007fed13cd.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x2ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x360:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3d4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x448:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x4bc:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x73c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x794:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x844:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x89c:$xo1: oMXKNNC\x0D\x17\x0C\x12
5242.1.00000000fac4855c.000000001b65e999.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x114c8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11538:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x115a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11618:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11688:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x118f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x1194c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119a0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11a48:$xo1: oMXKNNC\x0D\x17\x0C\x12
5238.1.00000000fac4855c.000000001b65e999.r-x.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x114c8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11538:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x115a8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11618:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11688:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x118f8:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x1194c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119a0:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x119f4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x11a48:$xo1: oMXKNNC\x0D\x17\x0C\x12
5238.1.000000005c15cc02.000000007fed13cd.rw-.sdmp	SUSP_XORed_Mozilla	Detects suspicious XORed keyword - Mozilla/5.0	Florian Roth	0x2ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x360:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x3d4:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x448:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x4bc:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x73c:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x794:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x7ec:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x844:$xo1: oMXKNNC\x0D\x17\x0C\x12 0x89c:$xo1: oMXKNNC\x0D\x17\x0C\x12
Click to see the 1 entries

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: QISwaj96QZ	Virustotal: Detection: 45%			Perma Link
Source: QISwaj96QZ	ReversingLabs: Detection: 45%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 492 INFO TELNET login failed 95.107.218.199:23 -> 192.168.2.23:33544
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.169.15.66:23 -> 192.168.2.23:53764
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.169.15.66:23 -> 192.168.2.23:53764
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 171.7.62.94:23 -> 192.168.2.23:46324
Source: Traffic	Snort IDS: 716 INFO TELNET access 60.8.108.86:23 -> 192.168.2.23:35122
Source: Traffic	Snort IDS: 716 INFO TELNET access 37.208.127.214:23 -> 192.168.2.23:33242
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.179.176.150:23 -> 192.168.2.23:35034
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.164.144.133:23 -> 192.168.2.23:54458
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.179.176.150:23 -> 192.168.2.23:35064
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.169.15.66:23 -> 192.168.2.23:53960
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.169.15.66:23 -> 192.168.2.23:53960
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 187.168.138.95:23 -> 192.168.2.23:55164
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 118.163.208.40:23 -> 192.168.2.23:51836
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 118.163.208.40:23 -> 192.168.2.23:51836

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:35872 -> 45.61.184.103:9931
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 177.5.169.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 156.107.159.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 70.4.75.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 163.153.127.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 146.69.222.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 80.27.201.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 92.107.172.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 9.25.186.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 223.242.56.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 44.32.241.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 36.98.245.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 213.91.4.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 52.208.192.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 66.226.139.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 158.107.46.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 52.38.35.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 54.56.64.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 184.246.228.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 207.163.98.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 46.3.189.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 176.75.74.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 32.251.196.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 107.149.41.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 193.198.146.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 167.19.92.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 142.75.140.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 217.188.92.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 142.180.66.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.107.206.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 50.210.94.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 197.131.235.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 218.235.137.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.147.189.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 164.46.176.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 25.150.238.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 47.12.146.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.189.39.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 152.142.123.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 203.229.249.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 157.142.161.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 81.56.188.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 114.254.167.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 208.140.142.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 89.201.160.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 67.131.205.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 206.253.64.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 222.0.79.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 57.92.84.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 96.54.193.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.34.104.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 200.100.145.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.69.44.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 57.169.81.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 163.209.71.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 179.211.166.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 86.173.43.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 23.120.138.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 63.75.123.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 175.56.195.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 146.182.156.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 86.94.253.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 141.187.24.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 190.232.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 178.179.60.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 115.14.157.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 163.150.126.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 92.10.253.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 177.56.30.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 206.133.242.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 158.67.29.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 168.145.153.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 95.131.251.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 162.175.38.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 81.47.39.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.167.40.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 168.2.166.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.133.88.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 148.244.164.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 42.90.115.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 160.195.110.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 82.213.36.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 131.104.232.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 77.25.130.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 205.245.67.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 213.242.134.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 203.31.157.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 171.192.65.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 66.187.24.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 105.4.100.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 219.227.235.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 41.250.135.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 94.141.164.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 185.105.245.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.132.11.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 91.105.210.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 104.172.156.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 201.23.143.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.175.241.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 41.107.43.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 153.174.25.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 111.42.153.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 147.86.25.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 50.3.204.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.110.65.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.49.173.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 40.24.123.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 107.172.67.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 161.185.2.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 147.159.28.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.207.40.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.106.129.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.228.135.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 180.205.119.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 185.158.175.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.18.22.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 119.207.209.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 135.63.62.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 219.123.93.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 130.170.161.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 160.14.117.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 97.60.229.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 50.37.158.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 137.23.209.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 185.114.49.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.192.90.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 104.128.172.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 140.105.229.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 105.170.198.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 162.105.248.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 119.41.47.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 19.149.226.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 57.206.204.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 139.181.252.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 106.116.156.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 37.228.71.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 175.224.86.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 39.138.59.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 168.134.160.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 105.72.48.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 31.59.165.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.129.228.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 123.203.208.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 167.95.148.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 144.108.178.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 18.173.106.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 174.232.74.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 53.222.43.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 90.239.180.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 199.125.126.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 27.190.179.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.248.89.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 18.38.131.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 205.121.51.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 71.157.211.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 103.225.143.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 12.149.71.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 157.15.117.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 44.107.253.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 94.166.165.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.105.77.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 140.123.215.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 130.55.120.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 23.105.11.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 71.193.21.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.143.92.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 163.175.49.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 34.49.221.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 124.187.120.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 163.217.52.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 77.232.88.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 110.209.211.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 126.112.121.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 23.86.254.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 5.151.33.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 1.125.160.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 77.250.20.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 174.139.71.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 75.229.41.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 116.163.181.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 206.230.5.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 194.171.11.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 39.111.16.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 70.46.179.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 96.15.191.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 167.96.154.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.138.48.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 70.22.160.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 111.96.151.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 20.87.125.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 129.202.111.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 156.64.24.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 199.146.210.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 119.24.26.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.184.110.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.143.61.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 223.64.157.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 137.43.226.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 128.210.221.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 67.121.7.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 149.52.254.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 2.49.203.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 106.125.206.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 201.43.57.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 181.250.32.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 53.146.187.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 9.2.90.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 184.245.161.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 40.227.172.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 43.232.189.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 133.101.188.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 216.240.197.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 35.162.92.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 70.21.160.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 104.13.232.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 182.185.151.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 201.17.127.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 142.28.46.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 99.20.158.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 13.174.233.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.233.250.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 34.0.20.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 218.39.205.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 212.35.6.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 158.80.19.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 165.40.192.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 78.44.48.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.237.229.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 90.247.114.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 2.255.254.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 51.178.4.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 73.70.12.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 91.223.53.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 125.119.144.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.236.40.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 191.118.11.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 27.9.97.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 95.66.176.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 88.134.156.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 114.255.104.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 208.217.10.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 101.238.239.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 20.211.210.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 92.90.187.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 185.159.126.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 88.80.173.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 167.100.167.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 82.195.33.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 61.6.196.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 90.146.196.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 60.238.125.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.244.4.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 193.89.55.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 99.212.109.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 196.241.211.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 177.185.158.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 46.114.80.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 62.174.63.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 2.91.35.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 86.2.65.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 160.234.68.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 75.203.65.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 99.102.67.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 207.239.245.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 2.214.98.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 36.20.250.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 77.118.98.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 125.68.158.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 196.208.43.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.157.92.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 103.24.8.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 205.182.102.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 122.77.231.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 208.86.147.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 63.164.184.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 218.222.24.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 99.63.84.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 203.88.63.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.190.8.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 170.35.187.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 74.130.185.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 193.210.232.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 190.251.31.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 168.156.55.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 220.44.224.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 19.75.205.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 216.208.87.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 154.238.190.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 170.56.46.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 2.249.151.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 18.145.28.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 37.196.132.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 195.95.142.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 177.71.111.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 120.163.190.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.233.57.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 116.52.43.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 155.36.183.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 222.52.172.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 1.99.6.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 187.154.163.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 200.121.135.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 217.112.89.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 113.147.68.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 207.43.136.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 88.171.127.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 165.100.247.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 149.49.206.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 171.48.202.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 94.19.105.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 64.14.56.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.5.118.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 144.127.145.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 218.159.107.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 114.15.18.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 32.134.100.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.177.198.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 39.221.25.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 87.76.148.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 199.80.62.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 68.137.117.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 85.148.214.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 95.235.45.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 170.51.53.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 118.32.61.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 144.100.204.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 217.63.106.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 84.99.82.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 120.36.13.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 166.70.215.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 179.195.96.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 1.89.238.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 137.168.24.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 85.235.88.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 125.60.190.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 178.168.219.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 212.231.149.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 150.66.86.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 63.88.99.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 191.41.18.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 183.119.206.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 213.130.190.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 176.234.85.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 81.179.193.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 41.140.41.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 78.33.49.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 164.90.65.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 164.207.118.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 36.125.74.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 148.97.139.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 96.190.93.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 169.99.130.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 182.233.86.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 53.80.201.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 100.246.242.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 143.227.137.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 124.26.146.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.246.167.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 138.129.69.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 83.217.146.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 79.204.236.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 99.89.135.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 195.222.109.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 135.63.143.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 218.30.132.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 168.17.217.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 61.97.198.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 181.205.152.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 58.229.88.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 71.11.115.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 166.205.233.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 194.127.79.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 62.169.103.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 156.94.172.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.102.48.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 190.136.196.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 170.29.88.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 86.163.11.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 171.244.125.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 115.12.80.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 184.197.209.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 145.229.229.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 177.117.34.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 179.38.197.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 83.72.131.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 185.172.27.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 19.1.65.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 105.37.96.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 67.16.143.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.220.245.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 8.29.68.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 97.178.63.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 51.210.13.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 116.228.222.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 171.244.130.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 45.60.143.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 4.40.43.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 118.232.13.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 212.118.5.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 9.5.40.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 52.142.34.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 165.136.28.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 9.199.33.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 100.36.194.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 137.214.239.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 157.174.53.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 134.241.9.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 47.241.2.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 113.147.101.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.66.214.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 57.177.88.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 198.207.230.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 32.160.150.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 118.50.0.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 13.20.66.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 140.171.19.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 31.21.24.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 136.3.229.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 150.99.176.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 188.215.120.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 31.205.98.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 173.182.178.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 196.82.135.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.212.51.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 63.167.75.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 216.16.144.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 88.10.109.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 58.28.36.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 27.2.193.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.16.232.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 221.206.242.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 193.75.68.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 150.214.237.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 126.62.24.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.232.35.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 68.79.234.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 110.12.217.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 186.237.133.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 82.49.126.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 205.71.162.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 116.96.231.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.88.29.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 157.120.17.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 150.23.53.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 98.187.160.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 175.8.237.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.29.113.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 197.250.90.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 79.4.67.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 139.95.229.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 178.50.210.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 85.72.158.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 109.29.237.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.174.149.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 48.244.108.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 210.213.119.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.120.108.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 202.106.183.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 175.250.88.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 159.157.3.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 44.198.37.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 34.75.132.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 53.87.67.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 153.116.181.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 220.252.190.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 156.247.220.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 186.32.212.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 139.56.220.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 187.141.230.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 111.203.252.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 105.43.170.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 138.178.204.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 70.171.86.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 204.13.124.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 36.186.213.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 74.138.28.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 65.202.65.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 176.57.73.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 19.239.240.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 123.85.75.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 223.125.76.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 121.144.119.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 170.124.143.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 203.143.215.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 138.21.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 44.3.167.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 138.59.132.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 53.122.84.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 150.116.251.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 101.118.155.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 75.69.70.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 148.62.86.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 47.249.152.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 85.193.122.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 39.153.150.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 191.57.82.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 208.243.224.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 109.2.254.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 211.97.21.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:5401 -> 133.99.218.10:2323

Source: /tmp/QISwaj96QZ (PID: 5238)

Socket: 127.0.0.1::1926

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 45.61.184.103
Source: unknown	TCP traffic detected without corresponding DNS query: 177.5.169.40
Source: unknown	TCP traffic detected without corresponding DNS query: 142.49.224.117
Source: unknown	TCP traffic detected without corresponding DNS query: 109.231.111.0
Source: unknown	TCP traffic detected without corresponding DNS query: 25.16.101.73
Source: unknown	TCP traffic detected without corresponding DNS query: 18.39.97.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.187.75.252
Source: unknown	TCP traffic detected without corresponding DNS query: 167.244.46.148
Source: unknown	TCP traffic detected without corresponding DNS query: 156.107.159.135
Source: unknown	TCP traffic detected without corresponding DNS query: 195.88.193.3
Source: unknown	TCP traffic detected without corresponding DNS query: 135.97.154.33
Source: unknown	TCP traffic detected without corresponding DNS query: 113.121.109.72
Source: unknown	TCP traffic detected without corresponding DNS query: 85.111.139.116
Source: unknown	TCP traffic detected without corresponding DNS query: 84.41.36.41
Source: unknown	TCP traffic detected without corresponding DNS query: 146.151.199.204
Source: unknown	TCP traffic detected without corresponding DNS query: 85.51.138.141
Source: unknown	TCP traffic detected without corresponding DNS query: 156.168.201.242
Source: unknown	TCP traffic detected without corresponding DNS query: 218.215.218.18
Source: unknown	TCP traffic detected without corresponding DNS query: 65.26.241.178
Source: unknown	TCP traffic detected without corresponding DNS query: 5.55.173.60
Source: unknown	TCP traffic detected without corresponding DNS query: 37.136.124.242
Source: unknown	TCP traffic detected without corresponding DNS query: 25.64.4.20
Source: unknown	TCP traffic detected without corresponding DNS query: 153.216.136.220
Source: unknown	TCP traffic detected without corresponding DNS query: 47.103.95.83
Source: unknown	TCP traffic detected without corresponding DNS query: 168.154.165.206
Source: unknown	TCP traffic detected without corresponding DNS query: 97.202.108.231
Source: unknown	TCP traffic detected without corresponding DNS query: 177.223.28.69
Source: unknown	TCP traffic detected without corresponding DNS query: 92.252.203.111
Source: unknown	TCP traffic detected without corresponding DNS query: 70.4.75.120
Source: unknown	TCP traffic detected without corresponding DNS query: 183.92.103.200
Source: unknown	TCP traffic detected without corresponding DNS query: 124.109.18.14
Source: unknown	TCP traffic detected without corresponding DNS query: 131.232.142.149
Source: unknown	TCP traffic detected without corresponding DNS query: 103.122.243.134
Source: unknown	TCP traffic detected without corresponding DNS query: 31.113.205.114
Source: unknown	TCP traffic detected without corresponding DNS query: 196.105.13.175
Source: unknown	TCP traffic detected without corresponding DNS query: 163.153.127.180
Source: unknown	TCP traffic detected without corresponding DNS query: 223.47.18.30
Source: unknown	TCP traffic detected without corresponding DNS query: 98.45.13.253
Source: unknown	TCP traffic detected without corresponding DNS query: 154.208.237.24
Source: unknown	TCP traffic detected without corresponding DNS query: 44.45.196.7
Source: unknown	TCP traffic detected without corresponding DNS query: 146.69.222.187
Source: unknown	TCP traffic detected without corresponding DNS query: 101.188.199.180
Source: unknown	TCP traffic detected without corresponding DNS query: 140.154.163.225
Source: unknown	TCP traffic detected without corresponding DNS query: 188.67.250.119
Source: unknown	TCP traffic detected without corresponding DNS query: 41.198.166.206
Source: unknown	TCP traffic detected without corresponding DNS query: 83.39.137.94
Source: unknown	TCP traffic detected without corresponding DNS query: 70.152.138.26
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.120.52
Source: unknown	TCP traffic detected without corresponding DNS query: 61.192.72.195

Source: QISwaj96QZ, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5246.1.000000005c15cc02.000000007fed13cd.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5246.1.00000000fac4855c.000000001b65e999.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5242.1.000000005c15cc02.000000007fed13cd.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5242.1.00000000fac4855c.000000001b65e999.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5238.1.00000000fac4855c.000000001b65e999.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5238.1.000000005c15cc02.000000007fed13cd.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.lin@0/0@0/0

Source: QISwaj96QZ

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/QISwaj96QZ (PID: 5238)

Queries kernel information via 'uname':

Source: QISwaj96QZ, 5238.1.00000000e5c93fb1.00000000061e96ca.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: QISwaj96QZ, 5238.1.00000000db5ddb2c.00000000ae71a31f.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/QISwaj96QZSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/QISwaj96QZ
Source: QISwaj96QZ, 5238.1.00000000e5c93fb1.00000000061e96ca.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: QISwaj96QZ, 5238.1.00000000db5ddb2c.00000000ae71a31f.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
QISwaj96QZ	45%	Virustotal		Browse
QISwaj96QZ	45%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
170.232.245.244	unknown	United States	21833	TRINITY-ISUS	false
210.184.23.225	unknown	Hong Kong	4058	CITICTEL-CPC-AS4058CITICTelecomInternationalCPCLimited	false
76.155.68.109	unknown	United States	7922	COMCAST-7922US	false
187.163.236.152	unknown	Mexico	6503	AxtelSABdeCVMX	false
67.21.35.150	unknown	United States	12189	AS12189US	false
40.169.199.194	unknown	United States	4249	LILLY-ASUS	false
199.49.192.65	unknown	United States	201204	GFIS-AS-DE	false
178.142.75.22	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
154.203.73.158	unknown	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
32.179.68.47	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
149.148.126.173	unknown	Austria	2494	MUWNETMUWNETAutonomousSystemAT	false
107.114.210.58	unknown	United States	7018	ATT-INTERNET4US	false
66.121.29.141	unknown	United States	7132	SBIS-ASUS	false
89.11.228.91	unknown	Norway	15659	NEXTGENTELNEXTGENTELAutonomousSystemNO	false
122.251.58.10	unknown	Japan	18077	C-ABLEYamaguchiCableVisionCoLtdJP	false
69.69.153.108	unknown	United States	2379	CENTURYLINK-LEGACY-EMBARQ-WNPKUS	false
78.202.31.26	unknown	France	12322	PROXADFR	false
154.38.166.244	unknown	United States	174	COGENT-174US	false
210.207.11.78	unknown	Korea Republic of	9861	HIAM-AS-KRHiAssetManagementCoLtdKR	false
160.248.25.98	unknown	Japan	2514	INFOSPHERENTTPCCommunicationsIncJP	false
36.155.143.109	unknown	China	56046	CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN	false
48.82.49.35	unknown	United States	2686	ATGS-MMD-ASUS	false
149.142.83.227	unknown	United States	52	UCLAUS	false
176.231.124.99	unknown	Israel	12400	PARTNER-ASIL	false
63.137.70.194	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
102.5.127.220	unknown	unknown	36926	CKL1-ASNKE	false
185.246.177.61	unknown	Spain	203534	WIFICONECTAES	false
24.237.186.6	unknown	United States	8047	GCIUS	false
125.12.239.172	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
98.33.163.83	unknown	United States	7922	COMCAST-7922US	false
174.225.164.161	unknown	United States	22394	CELLCOUS	false
133.114.229.38	unknown	Japan	2522	PPP-EXPJapanNetworkInformationCenterJP	false
123.179.198.100	unknown	China	4809	CHINATELECOM-CORE-WAN-CN2ChinaTelecomNextGenerationCarr	false
147.249.204.48	unknown	United States	6419	IDDUS	false
145.192.49.241	unknown	Netherlands	1101	IP-EEND-ASIP-EENDBVNL	false
206.147.1.200	unknown	United States	7821	ZAYO-MNUS	false
139.241.235.103	unknown	United States	27066	DNIC-ASBLK-27032-27159US	false
201.105.160.238	unknown	Mexico	8151	UninetSAdeCVMX	false
88.236.146.218	unknown	Turkey	9121	TTNETTR	false
65.35.98.22	unknown	United States	33363	BHN-33363US	false
109.67.199.181	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false
189.23.63.69	unknown	Brazil	4230	CLAROSABR	false
49.196.95.142	unknown	Australia	4804	MPX-ASMicroplexPTYLTDAU	false
180.250.40.206	unknown	Indonesia	17974	TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID	false
84.234.183.211	unknown	Norway	29695	ALTIBOX_ASNorwayNO	false
119.54.40.164	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
49.142.241.38	unknown	Korea Republic of	7623	HCNGYEONGBUK-AS-KRGyeongbukCableTVKR	false
5.119.70.184	unknown	Iran (ISLAMIC Republic Of)	44244	IRANCELL-ASIR	false
126.41.184.57	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
166.29.157.42	unknown	United States	206	CSC-IGN-AMERUS	false
223.74.172.172	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
155.41.18.6	unknown	United States	111	BOSTONU-ASUS	false
82.17.192.176	unknown	United Kingdom	5089	NTLGB	false
90.158.71.157	unknown	Turkey	9021	ISNETTR	false
17.140.196.174	unknown	United States	714	APPLE-ENGINEERINGUS	false
40.99.120.36	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
195.41.24.251	unknown	Denmark	3292	TDCTDCASDK	false
209.53.152.194	unknown	Canada	852	ASN852CA	false
189.141.254.196	unknown	Mexico	8151	UninetSAdeCVMX	false
68.255.218.247	unknown	United States	31759	LARABIDAUS	false
219.53.238.216	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
204.162.252.162	unknown	United States	3356	LEVEL3US	false
114.26.71.138	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
136.102.253.39	unknown	United States	60311	ONEFMCH	false
110.77.227.100	unknown	Thailand	131090	CAT-IDC-4BYTENET-AS-APCATTELECOMPublicCompanyLtdCATT	false
199.125.126.248	unknown	United States	14265	US-TELEPACIFICUS	false
134.13.160.111	unknown	United States	270	AS270US	false
147.211.36.210	unknown	Australia	132029	ASN-TELSTRA-02TelstraPtyLtdAU	false
128.124.105.48	unknown	Ukraine	21497	UMC-ASUA	false
47.244.18.113	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
138.138.23.138	unknown	United States	5972	DNIC-ASBLK-05800-06055US	false
174.18.18.220	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
207.246.242.194	unknown	United States	53824	LIQUIDWEBUS	false
89.163.190.7	unknown	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
190.189.255.45	unknown	Argentina	10481	TelecomArgentinaSAAR	false
148.24.125.151	unknown	United States	6400	CompaniaDominicanadeTelefonosSADO	false
13.168.58.86	unknown	United States	7018	ATT-INTERNET4US	false
217.96.183.241	unknown	Poland	5617	TPNETPL	false
141.94.188.2	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
126.51.16.235	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
124.98.93.127	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
77.230.62.128	unknown	Spain	12430	VODAFONE_ESES	false
211.87.175.167	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
178.214.69.222	unknown	Palestinian Territory Occupied	51336	GEMZOPS	false
92.100.125.89	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
18.112.168.135	unknown	United States	3	MIT-GATEWAYSUS	false
8.255.117.244	unknown	United States	3356	LEVEL3US	false
198.140.20.204	unknown	United States	7726	FITC-ASUS	false
207.137.185.84	unknown	United States	10708	SELECTNET-ASUS	false
104.107.70.86	unknown	United States	3462	HINETDataCommunicationBusinessGroupTW	false
191.42.68.35	unknown	Brazil	7738	TelemarNorteLesteSABR	false
133.13.47.233	unknown	Japan	17960	RAINS-ASUniversityoftheRyukyusJP	false
208.163.31.171	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
44.109.194.201	unknown	United States	7377	UCSDUS	false
189.238.171.224	unknown	Mexico	8151	UninetSAdeCVMX	false
70.239.19.13	unknown	United States	7018	ATT-INTERNET4US	false
1.184.119.109	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
185.22.138.65	unknown	Poland	199057	AMPLUS-ASPL	false
180.199.137.188	unknown	Japan	18126	CTCXChubuTelecommunicationsCompanyIncJP	false
211.144.212.184	unknown	China	23853	CNNIC-DSNET-APShanghaiDataSolutionCoLtdCN	false

Runtime Messages

Command:	/tmp/QISwaj96QZ
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	JEW was here lol
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
65.35.98.22	vHVNRpNhIs	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TRINITY-ISUS	XyMjGu74RX	Get hash	malicious	Browse	170.232.234.11
COMCAST-7922US	YYcy9gLbBC	Get hash	malicious	Browse	25.9.55.225
	bZ3EzTJKiD	Get hash	malicious	Browse	25.103.19.112
	rMwxCtXmuJ	Get hash	malicious	Browse	50.193.183.4
	fukfKHAGMe	Get hash	malicious	Browse	25.47.75.214
	uV1rj8v43F	Get hash	malicious	Browse	73.83.249.228
	WsoVopfjnC	Get hash	malicious	Browse	96.120.46.53
	mL883e3xGw	Get hash	malicious	Browse	76.120.108.203
	v7Tqrjux9I	Get hash	malicious	Browse	68.52.189.69
	X8q5ELl79g	Get hash	malicious	Browse	96.66.130.36
	xd.arm7	Get hash	malicious	Browse	73.84.16.179
	xd.x86	Get hash	malicious	Browse	76.142.58.160
	auzkes	Get hash	malicious	Browse	73.184.255.188
	Tx60OCR2cN	Get hash	malicious	Browse	173.167.211.118
	HdZIgkO5be	Get hash	malicious	Browse	73.37.39.244
	Rvg3MFzKNR	Get hash	malicious	Browse	68.58.240.26
	B94t90Yyoz	Get hash	malicious	Browse	25.148.189.217
	QX4Kudvf1x	Get hash	malicious	Browse	73.207.81.13
	QsSD7q2BRO	Get hash	malicious	Browse	76.140.121.154
	b3astmode.x86	Get hash	malicious	Browse	76.18.177.109
	b3astmode.arm	Get hash	malicious	Browse	184.127.146.165
CITICTEL-CPC-AS4058CITICTelecomInternationalCPCLimited	xd.arm7	Get hash	malicious	Browse	203.85.123.25
	1bL17EUgTk	Get hash	malicious	Browse	152.101.82.212
	vLqyyo55oA	Get hash	malicious	Browse	202.90.2.219
	nLfUJu0kEA	Get hash	malicious	Browse	202.72.16.2
	yqYt9HH2OY	Get hash	malicious	Browse	152.101.28.112
	LsgCcJSqnz	Get hash	malicious	Browse	210.184.2.190
	sora.x86	Get hash	malicious	Browse	152.101.7.97
	2dv5TkS2qu	Get hash	malicious	Browse	210.184.2.189
	sora.x86	Get hash	malicious	Browse	202.66.98.245
	6epEGXQkCa	Get hash	malicious	Browse	202.76.41.145
	DDy9cpZuI8	Get hash	malicious	Browse	210.184.2.187
	BinName.arm7	Get hash	malicious	Browse	202.66.98.248
	UDJcMOWp4H	Get hash	malicious	Browse	202.76.107.217
	TJXA3eIJsJ	Get hash	malicious	Browse	202.88.105.180
	wGGBiv7Qsa	Get hash	malicious	Browse	203.85.146.108
	1isequal9.x86	Get hash	malicious	Browse	203.85.111.11
	4A7rphFZrY	Get hash	malicious	Browse	210.184.23.245
	.exe	Get hash	malicious	Browse	152.101.233.97
	39file.exe	Get hash	malicious	Browse	152.101.233.57

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.071033145102414
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	QISwaj96QZ
File size:	74748
MD5:	50484af9fb1e9cbb08d0559c6f6c4795
SHA1:	810a2ce65be134a31337c5aa6be31218854b0762
SHA256:	d43c6fda493518d67a8a1e7554af594f51576292dbac6cb3e0b1730fcc058d90
SHA512:	a29074aeb417ff7acb2443a1cbcb545593b650345bd4ed2fa8513122c14852427ea187ce1e5f6f41779d5a19049c46a3e996b8c9d09a1ef977631faff2f9755f
SSDEEP:	1536:LwqRXwawW7iFZ+IzqsAcBs9bgr9lz6BvRrZJX6OePNs1dq3:LwqaS8dzV0sPqvZ7XIPWdq
File Content Preview:	.ELF...a..........(.........4...l"......4. ...(.....................`...`................ ... ... ..,...@...........Q.td..................................-...L."....C..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	74348
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0x10eb0	0x0	0x6	AX	16
.fini	PROGBITS	0x18f60	0x10f60	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x18f74	0x10f74	0xeec	0x0	0x2	A	4
.ctors	PROGBITS	0x22000	0x12000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x22008	0x12008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x22014	0x12014	0x218	0x0	0x3	WA	4
.bss	NOBITS	0x2222c	0x1222c	0x314	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x1222c	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0x11e60	0x11e60	3.2877	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0x12000	0x22000	0x22000	0x22c	0x540	1.6863	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 5, 2021 11:27:33.135036945 CET	42836	443	192.168.2.23	91.189.91.43
Nov 5, 2021 11:27:33.224462986 CET	35872	9931	192.168.2.23	45.61.184.103
Nov 5, 2021 11:27:33.232426882 CET	5401	2323	192.168.2.23	177.5.169.40
Nov 5, 2021 11:27:33.232517004 CET	5401	23	192.168.2.23	142.49.224.117
Nov 5, 2021 11:27:33.232548952 CET	5401	23	192.168.2.23	109.231.111.0
Nov 5, 2021 11:27:33.232552052 CET	5401	23	192.168.2.23	25.16.101.73
Nov 5, 2021 11:27:33.232554913 CET	5401	23	192.168.2.23	18.39.97.86
Nov 5, 2021 11:27:33.232561111 CET	5401	23	192.168.2.23	192.187.75.252
Nov 5, 2021 11:27:33.232572079 CET	5401	23	192.168.2.23	167.244.46.148
Nov 5, 2021 11:27:33.232583046 CET	5401	2323	192.168.2.23	156.107.159.135
Nov 5, 2021 11:27:33.232582092 CET	5401	23	192.168.2.23	195.88.193.3
Nov 5, 2021 11:27:33.232589960 CET	5401	23	192.168.2.23	135.97.154.33
Nov 5, 2021 11:27:33.232676029 CET	5401	23	192.168.2.23	113.121.109.72
Nov 5, 2021 11:27:33.232891083 CET	5401	23	192.168.2.23	85.111.139.116
Nov 5, 2021 11:27:33.232892990 CET	5401	23	192.168.2.23	84.41.36.41
Nov 5, 2021 11:27:33.232892990 CET	5401	23	192.168.2.23	146.151.199.204
Nov 5, 2021 11:27:33.232897997 CET	5401	23	192.168.2.23	85.51.138.141
Nov 5, 2021 11:27:33.232902050 CET	5401	23	192.168.2.23	156.168.201.242
Nov 5, 2021 11:27:33.232918024 CET	5401	23	192.168.2.23	218.215.218.18
Nov 5, 2021 11:27:33.232927084 CET	5401	23	192.168.2.23	65.26.241.178
Nov 5, 2021 11:27:33.232928991 CET	5401	23	192.168.2.23	5.55.173.60
Nov 5, 2021 11:27:33.232929945 CET	5401	23	192.168.2.23	37.136.124.242
Nov 5, 2021 11:27:33.232933998 CET	5401	23	192.168.2.23	25.64.4.20
Nov 5, 2021 11:27:33.232938051 CET	5401	23	192.168.2.23	153.216.136.220
Nov 5, 2021 11:27:33.232960939 CET	5401	23	192.168.2.23	47.103.95.83
Nov 5, 2021 11:27:33.232986927 CET	5401	23	192.168.2.23	168.154.165.206
Nov 5, 2021 11:27:33.233026981 CET	5401	23	192.168.2.23	97.202.108.231
Nov 5, 2021 11:27:33.233037949 CET	5401	23	192.168.2.23	177.223.28.69
Nov 5, 2021 11:27:33.233043909 CET	5401	23	192.168.2.23	92.252.203.111
Nov 5, 2021 11:27:33.233048916 CET	5401	2323	192.168.2.23	70.4.75.120
Nov 5, 2021 11:27:33.233053923 CET	5401	23	192.168.2.23	183.92.103.200
Nov 5, 2021 11:27:33.233069897 CET	5401	23	192.168.2.23	124.109.18.14
Nov 5, 2021 11:27:33.233072042 CET	5401	23	192.168.2.23	131.232.142.149
Nov 5, 2021 11:27:33.233074903 CET	5401	23	192.168.2.23	103.122.243.134
Nov 5, 2021 11:27:33.233079910 CET	5401	23	192.168.2.23	31.113.205.114
Nov 5, 2021 11:27:33.233082056 CET	5401	23	192.168.2.23	196.105.13.175
Nov 5, 2021 11:27:33.233087063 CET	5401	2323	192.168.2.23	163.153.127.180
Nov 5, 2021 11:27:33.233091116 CET	5401	23	192.168.2.23	223.47.18.30
Nov 5, 2021 11:27:33.233093977 CET	5401	23	192.168.2.23	98.45.13.253
Nov 5, 2021 11:27:33.233098984 CET	5401	23	192.168.2.23	154.208.237.24
Nov 5, 2021 11:27:33.233104944 CET	5401	23	192.168.2.23	44.45.196.7
Nov 5, 2021 11:27:33.233108997 CET	5401	2323	192.168.2.23	146.69.222.187
Nov 5, 2021 11:27:33.233113050 CET	5401	23	192.168.2.23	101.188.199.180
Nov 5, 2021 11:27:33.233119965 CET	5401	23	192.168.2.23	140.154.163.225
Nov 5, 2021 11:27:33.233129025 CET	5401	23	192.168.2.23	188.67.250.119
Nov 5, 2021 11:27:33.233141899 CET	5401	23	192.168.2.23	41.198.166.206
Nov 5, 2021 11:27:33.233156919 CET	5401	23	192.168.2.23	83.39.137.94
Nov 5, 2021 11:27:33.233174086 CET	5401	23	192.168.2.23	70.152.138.26
Nov 5, 2021 11:27:33.233196020 CET	5401	23	192.168.2.23	91.241.120.52
Nov 5, 2021 11:27:33.233206987 CET	5401	23	192.168.2.23	61.192.72.195
Nov 5, 2021 11:27:33.233242035 CET	5401	23	192.168.2.23	198.202.161.73
Nov 5, 2021 11:27:33.233261108 CET	5401	23	192.168.2.23	207.144.84.48
Nov 5, 2021 11:27:33.233263016 CET	5401	2323	192.168.2.23	80.27.201.205
Nov 5, 2021 11:27:33.233279943 CET	5401	23	192.168.2.23	188.121.92.105
Nov 5, 2021 11:27:33.233282089 CET	5401	23	192.168.2.23	156.254.220.147
Nov 5, 2021 11:27:33.233293056 CET	5401	23	192.168.2.23	122.215.92.195
Nov 5, 2021 11:27:33.233306885 CET	5401	23	192.168.2.23	202.194.147.12
Nov 5, 2021 11:27:33.233321905 CET	5401	23	192.168.2.23	94.182.210.94
Nov 5, 2021 11:27:33.233339071 CET	5401	23	192.168.2.23	198.199.215.203
Nov 5, 2021 11:27:33.233359098 CET	5401	23	192.168.2.23	140.156.29.166
Nov 5, 2021 11:27:33.233378887 CET	5401	23	192.168.2.23	151.224.72.67
Nov 5, 2021 11:27:33.233386040 CET	5401	23	192.168.2.23	118.48.9.11
Nov 5, 2021 11:27:33.233405113 CET	5401	2323	192.168.2.23	92.107.172.208
Nov 5, 2021 11:27:33.233413935 CET	5401	23	192.168.2.23	54.149.167.2
Nov 5, 2021 11:27:33.233434916 CET	5401	23	192.168.2.23	20.39.217.70
Nov 5, 2021 11:27:33.233444929 CET	5401	23	192.168.2.23	168.37.4.68
Nov 5, 2021 11:27:33.233463049 CET	5401	23	192.168.2.23	122.58.194.220
Nov 5, 2021 11:27:33.233501911 CET	5401	23	192.168.2.23	184.29.70.82
Nov 5, 2021 11:27:33.233558893 CET	5401	23	192.168.2.23	38.0.63.134
Nov 5, 2021 11:27:33.233561039 CET	5401	23	192.168.2.23	201.153.42.148
Nov 5, 2021 11:27:33.233562946 CET	5401	23	192.168.2.23	42.162.120.250
Nov 5, 2021 11:27:33.233563900 CET	5401	2323	192.168.2.23	9.25.186.224
Nov 5, 2021 11:27:33.233617067 CET	5401	23	192.168.2.23	166.176.137.204
Nov 5, 2021 11:27:33.233617067 CET	5401	23	192.168.2.23	1.8.62.205
Nov 5, 2021 11:27:33.233617067 CET	5401	23	192.168.2.23	90.223.51.26
Nov 5, 2021 11:27:33.233632088 CET	5401	23	192.168.2.23	40.248.11.205
Nov 5, 2021 11:27:33.233632088 CET	5401	23	192.168.2.23	133.53.124.59
Nov 5, 2021 11:27:33.233638048 CET	5401	23	192.168.2.23	177.17.6.67
Nov 5, 2021 11:27:33.233640909 CET	5401	23	192.168.2.23	77.209.6.65
Nov 5, 2021 11:27:33.233644009 CET	5401	23	192.168.2.23	168.132.191.61
Nov 5, 2021 11:27:33.233644009 CET	5401	23	192.168.2.23	122.85.186.60
Nov 5, 2021 11:27:33.233644962 CET	5401	23	192.168.2.23	124.121.237.160
Nov 5, 2021 11:27:33.233645916 CET	5401	23	192.168.2.23	87.170.241.158
Nov 5, 2021 11:27:33.233650923 CET	5401	23	192.168.2.23	216.243.130.27
Nov 5, 2021 11:27:33.233653069 CET	5401	2323	192.168.2.23	223.242.56.77
Nov 5, 2021 11:27:33.233655930 CET	5401	23	192.168.2.23	198.138.60.165
Nov 5, 2021 11:27:33.233658075 CET	5401	23	192.168.2.23	44.157.189.44
Nov 5, 2021 11:27:33.233659029 CET	5401	23	192.168.2.23	198.91.143.138
Nov 5, 2021 11:27:33.233666897 CET	5401	23	192.168.2.23	87.207.76.98
Nov 5, 2021 11:27:33.233676910 CET	5401	23	192.168.2.23	70.124.182.143
Nov 5, 2021 11:27:33.233681917 CET	5401	23	192.168.2.23	121.242.53.25
Nov 5, 2021 11:27:33.233694077 CET	5401	23	192.168.2.23	5.33.76.6
Nov 5, 2021 11:27:33.233711004 CET	5401	2323	192.168.2.23	44.32.241.20
Nov 5, 2021 11:27:33.233720064 CET	5401	23	192.168.2.23	116.222.31.104
Nov 5, 2021 11:27:33.233736992 CET	5401	23	192.168.2.23	64.34.62.177
Nov 5, 2021 11:27:33.233747959 CET	5401	23	192.168.2.23	18.74.10.98
Nov 5, 2021 11:27:33.233763933 CET	5401	23	192.168.2.23	94.224.132.149
Nov 5, 2021 11:27:33.233777046 CET	5401	23	192.168.2.23	198.200.178.152
Nov 5, 2021 11:27:33.233787060 CET	5401	23	192.168.2.23	110.167.50.55
Nov 5, 2021 11:27:33.233831882 CET	5401	23	192.168.2.23	172.186.223.91

System Behavior

Analysis Process: QISwaj96QZ PID: 5238 Parent PID: 5112

General

Start time:	11:27:31
Start date:	05/11/2021
Path:	/tmp/QISwaj96QZ
Arguments:	/tmp/QISwaj96QZ
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: QISwaj96QZ PID: 5242 Parent PID: 5238

General

Start time:	11:27:32
Start date:	05/11/2021
Path:	/tmp/QISwaj96QZ
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: QISwaj96QZ PID: 5243 Parent PID: 5238

General

Start time:	11:27:32
Start date:	05/11/2021
Path:	/tmp/QISwaj96QZ
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: QISwaj96QZ PID: 5246 Parent PID: 5243

General

Start time:	11:27:32
Start date:	05/11/2021
Path:	/tmp/QISwaj96QZ
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: QISwaj96QZ PID: 5247 Parent PID: 5243

General

Start time:	11:27:32
Start date:	05/11/2021
Path:	/tmp/QISwaj96QZ
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report QISwaj96QZ

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: QISwaj96QZ PID: 5238 Parent PID: 5112

General

Analysis Process: QISwaj96QZ PID: 5242 Parent PID: 5238

General

Analysis Process: QISwaj96QZ PID: 5243 Parent PID: 5238

General

Analysis Process: QISwaj96QZ PID: 5246 Parent PID: 5243

General

Analysis Process: QISwaj96QZ PID: 5247 Parent PID: 5243

General