Linux Analysis Report arm5

Overview

General Information

Sample Name:	arm5
Analysis ID:	518272
MD5:	70988ec41b6eddb41ec1bc3222f8fab8
SHA1:	60af6f0fee0df7ff9e51c0f9f6070ba102f430a8
SHA256:	1d91574bc880dfb70eb8aaa3d3bc75d906bdb7b87f8ee3d3467a2ed3267e1047
Tags:	Mirai
Infos:

Detection

Mirai

Score:	96
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Uses known network protocols on non-standard ports

Yara signature match

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: arm5

Avira: detected

Multi AV Scanner detection for submitted file

Source: arm5

ReversingLabs: Detection: 40%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 156.96.62.207:55650 -> 192.168.2.23:58066
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56784
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56800
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56808
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56810
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56812
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56814
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56818
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56842
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56846
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56850
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45768
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45822
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40670
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40672
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40674
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40676
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40680
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40682
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40686
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40692
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40698
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40704
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45862
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45862

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46638
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46640
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46642
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46648
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46654

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.34.42.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.118.78.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.2.115.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.87.189.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.73.152.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 114.42.109.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.12.252.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.95.196.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.74.49.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.189.140.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 142.172.145.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.25.76.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.172.119.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.83.82.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.31.95.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.94.254.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58066 -> 156.96.62.207:55650
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 163.57.140.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 47.22.41.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 34.27.95.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.16.1.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 93.90.35.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.149.152.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 160.224.129.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.206.97.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.30.225.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.83.224.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.242.112.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.238.91.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 163.144.123.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.183.185.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 177.131.127.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.66.49.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 139.106.34.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 179.95.95.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.155.228.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 196.3.194.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 173.75.214.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 114.49.194.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.55.179.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 131.162.173.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.89.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.233.224.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 12.92.215.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 48.25.186.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.164.81.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 35.204.221.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 150.41.23.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 69.38.172.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.179.161.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.172.163.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 219.233.185.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.19.66.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 71.10.249.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 24.167.95.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.91.149.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 123.179.73.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 89.216.115.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.93.87.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.171.76.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.102.26.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.59.89.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 175.158.199.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 131.177.241.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.99.140.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 58.30.217.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.210.24.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.13.133.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 76.192.107.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 39.197.116.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.13.37.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 113.94.137.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.45.227.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.253.143.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.112.248.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.154.188.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.157.91.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.147.213.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.121.105.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.224.107.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.25.175.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.34.186.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.156.69.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 31.40.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.28.78.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 150.89.13.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 139.23.155.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.244.157.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.94.114.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.89.42.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 216.163.3.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.107.125.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 213.136.103.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.250.111.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.71.34.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.67.205.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 194.183.242.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.127.239.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.85.167.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.93.165.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.45.232.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.20.57.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.179.21.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.45.205.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 174.133.81.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.32.24.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.82.68.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.51.85.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.69.131.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.62.253.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.122.220.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.166.226.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.134.122.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.183.107.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 190.59.219.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.224.73.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.232.160.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.184.175.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.1.243.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.100.52.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 220.230.95.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.211.18.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.253.214.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.164.194.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.222.169.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.121.11.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.241.28.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.55.48.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.231.160.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.85.142.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.13.56.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.127.183.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.107.36.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.241.214.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.210.251.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 142.121.185.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 57.134.182.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.184.11.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.233.77.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 95.15.190.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 83.64.8.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 40.9.213.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.210.248.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 36.92.206.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.20.107.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 182.143.231.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 134.167.172.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.195.177.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.93.197.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.81.244.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 182.91.195.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.43.104.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 59.90.129.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.2.127.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.241.220.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.176.160.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 171.79.106.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 194.146.36.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 208.44.174.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.111.136.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 106.159.207.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.207.63.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.108.211.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.242.188.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.172.137.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.12.53.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.114.95.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.74.47.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 59.212.183.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.174.243.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.57.35.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.78.250.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.12.169.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.65.218.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.3.35.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.53.215.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 43.49.55.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.31.32.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 100.138.123.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.80.30.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.153.83.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.82.36.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.239.161.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 177.207.171.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.4.45.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.131.231.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 65.62.126.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.95.67.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.130.188.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.181.251.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.1.238.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 209.126.110.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.88.160.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.160.173.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.225.48.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.3.9.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.196.182.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 74.127.40.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.199.206.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.205.217.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.63.87.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.31.179.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 13.246.169.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.10.236.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.169.180.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.200.30.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.158.231.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.185.181.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 49.16.43.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.240.110.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.21.88.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 46.117.88.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 153.222.114.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 222.219.61.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 54.245.187.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.134.71.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.132.65.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.103.50.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.109.36.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.139.10.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.249.5.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.173.169.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 19.83.179.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.139.170.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 36.206.97.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.60.147.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 81.46.165.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 85.127.10.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.179.224.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.242.77.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 196.101.228.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 208.193.58.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.199.244.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 171.84.83.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.177.185.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.173.224.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.46.9.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.233.220.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.255.74.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 138.32.22.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.112.93.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.100.86.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.222.122.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.243.91.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.106.38.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 4.220.96.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.118.111.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.171.187.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 50.146.168.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.221.207.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.246.57.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.101.145.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.29.246.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 34.238.197.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.37.156.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 117.153.52.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.187.245.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.61.248.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.22.53.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 17.197.88.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.121.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.229.88.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 108.215.124.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.32.213.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.226.122.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.235.10.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.2.38.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.208.51.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.237.126.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.252.242.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.47.196.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 138.202.231.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.102.210.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.68.99.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.95.195.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 43.109.155.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.197.231.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.244.136.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.189.105.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.181.29.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.73.195.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.83.201.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 60.228.164.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.205.154.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.165.223.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.209.129.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.23.178.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 143.70.13.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.244.10.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.6.204.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 134.16.105.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.126.12.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 19.51.142.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.66.73.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 91.59.4.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.222.123.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.181.156.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.47.10.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.73.215.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 93.236.206.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 140.227.95.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.112.34.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.126.72.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 189.208.4.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 121.57.143.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.204.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 195.129.24.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 122.58.147.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 71.123.57.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.212.105.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.25.209.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.34.228.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.111.69.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.57.45.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 189.253.100.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.71.22.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.113.103.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 82.86.111.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.248.96.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 108.90.238.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.193.126.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.159.7.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.30.180.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.155.210.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.41.73.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.175.157.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.3.202.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.67.56.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.156.98.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 198.253.169.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.121.240.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.74.77.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.225.195.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 104.244.138.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.253.122.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.248.198.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.171.255.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.27.81.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.251.82.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.115.40.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.212.210.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 201.191.27.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 74.45.79.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.13.134.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.111.210.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.151.148.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.90.242.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.3.219.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.99.251.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.66.53.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 160.25.142.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.140.24.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 82.249.225.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 91.172.190.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.191.82.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.130.101.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 221.165.0.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.31.73.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.208.225.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.18.104.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.125.134.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 48.53.171.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.92.145.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.151.201.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.57.131.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.187.202.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 201.230.24.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.103.131.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 24.218.5.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.91.230.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.116.46.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.176.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.210.162.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 51.142.145.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.250.62.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 170.100.207.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.80.151.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 186.192.115.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.95.252.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.114.98.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.20.123.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.82.83.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 4.8.160.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.202.216.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 61.179.237.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.156.173.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.101.36.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.41.218.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 76.10.70.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.78.241.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 190.217.73.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 18.31.253.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.132.161.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.54.29.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 8.81.234.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.39.182.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.7.176.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 117.193.191.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 143.160.107.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.74.153.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 17.122.56.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 103.218.71.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.135.3.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.63.183.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.26.91.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.218.219.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.11.121.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.109.33.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.106.110.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 88.245.169.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.73.188.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.237.85.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.117.161.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 104.135.187.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.210.5.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.111.203.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.46.103.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.182.18.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 221.32.43.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.81.204.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 65.85.118.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.47.30.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.31.17.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.171.21.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.165.124.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.125.102.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.68.199.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 51.163.14.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.187.255.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 181.55.118.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 141.188.212.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.55.186.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.112.112.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 31.165.130.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 68.207.135.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 35.132.83.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.183.2.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.124.244.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.81.116.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.217.99.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.4.171.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.70.250.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.186.112.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.52.230.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 86.115.179.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 90.86.204.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.78.143.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.167.124.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.136.39.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 47.117.8.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 45.235.140.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.20.130.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.154.227.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.193.106.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 49.160.19.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.9.196.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 141.94.171.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 70.82.212.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 106.239.67.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.32.63.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.115.34.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 148.253.18.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 89.89.238.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.209.144.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.29.107.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.108.198.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 68.80.129.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.196.150.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.220.88.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 63.155.197.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 222.90.147.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.33.62.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.214.148.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 69.17.88.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.19.206.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.67.99.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.28.106.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.54.121.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.234.6.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.164.5.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.187.188.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 45.228.69.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.122.141.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 83.90.129.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.172.85.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.137.54.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.122.25.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 46.165.108.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.251.238.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 213.20.144.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.92.172.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.103.87.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 8.37.7.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.132.177.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 13.50.16.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.131.214.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.227.238.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.250.198.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.47.244.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.12.60.5:2323

Sample listens on a socket

Source: /tmp/arm5 (PID: 5246)

Socket: 127.0.0.1::1124

Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 199.34.42.51
Source: unknown	TCP traffic detected without corresponding DNS query: 82.144.153.51
Source: unknown	TCP traffic detected without corresponding DNS query: 12.165.249.204
Source: unknown	TCP traffic detected without corresponding DNS query: 61.124.206.205
Source: unknown	TCP traffic detected without corresponding DNS query: 161.117.65.127
Source: unknown	TCP traffic detected without corresponding DNS query: 48.182.31.52
Source: unknown	TCP traffic detected without corresponding DNS query: 128.180.138.227
Source: unknown	TCP traffic detected without corresponding DNS query: 133.20.108.83
Source: unknown	TCP traffic detected without corresponding DNS query: 202.74.73.171
Source: unknown	TCP traffic detected without corresponding DNS query: 203.118.78.144
Source: unknown	TCP traffic detected without corresponding DNS query: 93.199.116.209
Source: unknown	TCP traffic detected without corresponding DNS query: 211.170.230.50
Source: unknown	TCP traffic detected without corresponding DNS query: 64.142.62.94
Source: unknown	TCP traffic detected without corresponding DNS query: 159.111.89.205
Source: unknown	TCP traffic detected without corresponding DNS query: 195.141.240.19
Source: unknown	TCP traffic detected without corresponding DNS query: 173.96.87.175
Source: unknown	TCP traffic detected without corresponding DNS query: 140.25.88.20
Source: unknown	TCP traffic detected without corresponding DNS query: 199.40.126.131
Source: unknown	TCP traffic detected without corresponding DNS query: 174.233.93.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.104.222.118
Source: unknown	TCP traffic detected without corresponding DNS query: 52.2.115.39
Source: unknown	TCP traffic detected without corresponding DNS query: 187.232.45.4
Source: unknown	TCP traffic detected without corresponding DNS query: 196.195.43.56
Source: unknown	TCP traffic detected without corresponding DNS query: 169.44.4.176
Source: unknown	TCP traffic detected without corresponding DNS query: 142.167.23.100
Source: unknown	TCP traffic detected without corresponding DNS query: 13.238.158.11
Source: unknown	TCP traffic detected without corresponding DNS query: 194.236.34.26
Source: unknown	TCP traffic detected without corresponding DNS query: 62.166.58.226
Source: unknown	TCP traffic detected without corresponding DNS query: 168.201.3.69
Source: unknown	TCP traffic detected without corresponding DNS query: 203.157.61.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.87.189.208
Source: unknown	TCP traffic detected without corresponding DNS query: 162.4.161.178
Source: unknown	TCP traffic detected without corresponding DNS query: 163.89.129.21
Source: unknown	TCP traffic detected without corresponding DNS query: 125.100.190.32
Source: unknown	TCP traffic detected without corresponding DNS query: 144.247.228.110
Source: unknown	TCP traffic detected without corresponding DNS query: 95.174.174.209
Source: unknown	TCP traffic detected without corresponding DNS query: 196.227.4.245
Source: unknown	TCP traffic detected without corresponding DNS query: 36.224.181.53
Source: unknown	TCP traffic detected without corresponding DNS query: 60.20.194.64
Source: unknown	TCP traffic detected without corresponding DNS query: 112.73.152.122
Source: unknown	TCP traffic detected without corresponding DNS query: 163.244.204.30
Source: unknown	TCP traffic detected without corresponding DNS query: 144.59.180.31
Source: unknown	TCP traffic detected without corresponding DNS query: 2.200.187.211
Source: unknown	TCP traffic detected without corresponding DNS query: 155.196.66.51
Source: unknown	TCP traffic detected without corresponding DNS query: 41.222.114.122
Source: unknown	TCP traffic detected without corresponding DNS query: 207.82.46.119
Source: unknown	TCP traffic detected without corresponding DNS query: 14.72.135.97
Source: unknown	TCP traffic detected without corresponding DNS query: 221.228.123.170
Source: unknown	TCP traffic detected without corresponding DNS query: 114.42.109.169
Source: unknown	TCP traffic detected without corresponding DNS query: 208.91.20.63

System Summary:

Malicious sample detected (through community Yara rule)

Source: arm5, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: arm5, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Yara signature match

Source: arm5, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: arm5, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal96.troj.evad.lin@0/0@1/0

Source: arm5

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/761/cmdline	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5202/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2050/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5040/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1877/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1633/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1599/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1632/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1477/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1476/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2048/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2289/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1639/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1638/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2208/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2180/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/4486/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1809/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1494/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1890/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2063/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2062/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1888/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1886/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1489/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1642/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5203/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1648/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2191/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5223/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5224/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2078/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2077/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2074/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2195/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1656/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1654/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2226/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1532/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2069/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2102/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2223/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2080/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5230/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5231/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5232/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5233/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/arm5 (PID: 5246)

File: /tmp/arm5

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46638
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46640
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46642
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46648
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46654

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/arm5 (PID: 5246)

Queries kernel information via 'uname':

Jump to behavior

Source: arm5, 5246.1.00000000b7797230.00000000eff5af91.rw-.sdmp	Binary or memory string: +OV!/etc/qemu-binfmt/arm
Source: arm5, 5246.1.00000000b7797230.00000000eff5af91.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm5, 5246.1.00000000aa01c970.0000000075930ec0.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm5SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5
Source: arm5, 5246.1.00000000aa01c970.0000000075930ec0.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match	File source: arm5, type: SAMPLE
Source: Yara match	File source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Source: Yara match	File source: arm5, type: SAMPLE
Source: Yara match	File source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.135.187.226	unknown	United States	36384	GOOGLE-ITUS	false
181.206.182.194	unknown	Colombia	27831	ColombiaMovilCO	false
205.105.248.57	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
24.80.107.102	unknown	Canada	6327	SHAWCA	false
145.55.136.81	unknown	United Kingdom	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
176.65.156.36	unknown	Germany	12975	PALTEL-ASPALTELAutonomousSystemPS	false
147.197.175.135	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
125.194.170.24	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
148.134.167.57	unknown	United States	19113	DUKE-ENERGYUS	false
85.89.50.115	unknown	Estonia	3249	ESTPAKEE	false
208.8.240.71	unknown	United States	1239	SPRINTLINKUS	false
185.147.110.118	unknown	United Kingdom	39875	W3ZGB	false
60.213.130.181	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
207.96.101.22	unknown	United States	6079	RCN-ASUS	false
146.55.106.179	unknown	United States	1483	DNIC-AS-01483US	false
153.162.160.177	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
42.211.12.113	unknown	China	4249	LILLY-ASUS	false
195.212.106.195	unknown	European Union	2686	ATGS-MMD-ASUS	false
83.147.173.205	unknown	Ireland	31122	DIGIWEB-ASIE	false
207.54.208.193	unknown	United States	17327	TSTC-ASUS	false
135.212.234.61	unknown	United States	14962	NCR-252US	false
89.76.227.225	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
151.30.121.245	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
190.208.152.163	unknown	Chile	6535	TelmexServiciosEmpresarialesSACL	false
68.157.177.173	unknown	United States	7018	ATT-INTERNET4US	false
141.170.46.168	unknown	United Kingdom	33920	AQLGB	false
114.238.102.79	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
198.111.4.221	unknown	United States	237	MERIT-AS-14US	false
54.133.167.10	unknown	United States	14618	AMAZON-AESUS	false
116.179.161.1	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
140.132.219.138	unknown	Taiwan; Republic of China (ROC)	1659	ERX-TANET-ASN1TaiwanAcademicNetworkTANetInformationC	false
122.148.149.229	unknown	Australia	9443	VOCUS-RETAIL-AUVocusRetailAU	false
63.155.197.137	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
172.57.247.170	unknown	United States	21928	T-MOBILE-AS21928US	false
222.105.112.87	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
176.94.185.164	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
80.7.112.162	unknown	United Kingdom	5089	NTLGB	false
190.11.161.12	unknown	Argentina	13585	PowerVTSAAR	false
162.223.220.198	unknown	United States	55193	LRC-EV-ASNUS	false
73.162.72.27	unknown	United States	7922	COMCAST-7922US	false
104.191.76.16	unknown	United States	7018	ATT-INTERNET4US	false
105.51.135.23	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
91.202.135.49	unknown	Ukraine	44686	SETI-KR-ASUA	false
79.223.11.65	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
144.21.119.168	unknown	Sweden	43894	ORCL-LON-OPC1GB	false
188.51.210.128	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
89.69.52.32	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
20.121.188.50	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
67.112.215.224	unknown	United States	7018	ATT-INTERNET4US	false
74.134.117.69	unknown	United States	10796	TWC-10796-MIDWESTUS	false
101.100.86.131	unknown	New Zealand	17492	VECTOR-COMMUNICATIONS-ASVectorCommunicationsLTDNZ	false
220.242.93.217	unknown	China	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
80.16.103.39	unknown	Italy	3269	ASN-IBSNAZIT	false
210.134.248.240	unknown	Japan	2512	TCP-NETTCPIncJP	false
206.112.34.148	unknown	United States	701	UUNETUS	false
110.177.120.171	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
210.80.246.120	unknown	Japan	703	UUNETUS	false
189.12.139.117	unknown	Brazil	7738	TelemarNorteLesteSABR	false
52.46.216.113	unknown	United States	16509	AMAZON-02US	false
53.45.213.229	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
49.251.156.123	unknown	Japan	9617	ZAQJupiterTelecommunicationsCoLtdJP	false
218.99.251.246	unknown	China	17966	CIBNChinaInformationBroadcastNetworkLtdCoCN	false
107.164.229.1	unknown	United States	18779	EGIHOSTINGUS	false
156.191.191.174	unknown	Egypt	36992	ETISALAT-MISREG	false
14.190.39.89	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
70.80.242.95	unknown	Canada	5769	VIDEOTRONCA	false
108.220.13.87	unknown	United States	7018	ATT-INTERNET4US	false
82.117.30.135	unknown	Liechtenstein	35223	HOI-ASLI	false
48.161.123.249	unknown	United States	2686	ATGS-MMD-ASUS	false
103.92.222.136	unknown	Australia	59362	KSNETWORK-AS-APKSNetworkLimitedBD	false
162.137.210.24	unknown	United States	35893	ACPCA	false
155.166.228.100	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
192.236.209.63	unknown	United States	54290	HOSTWINDSUS	false
51.188.186.25	unknown	United States	2686	ATGS-MMD-ASUS	false
169.31.110.75	unknown	United States	37611	AfrihostZA	false
187.46.7.181	unknown	Brazil	26615	TIMSABR	false
147.14.174.55	unknown	Sweden	41076	POSTDK-ASDK	false
39.113.92.254	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
126.250.62.250	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
193.184.243.21	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
52.85.81.84	unknown	United States	16509	AMAZON-02US	false
130.188.48.244	unknown	Finland	565	VTT-ASVTTautonomoussystemFI	false
132.110.95.166	unknown	United States	306	DNIC-ASBLK-00306-00371US	false
59.180.132.79	unknown	India	17813	MTNL-APMahanagarTelephoneNigamLimitedIN	false
44.182.104.79	unknown	United States	58247	NETVEILLANCERO	false
164.54.69.130	unknown	United States	683	ARGONNE-ASUS	false
222.203.192.190	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
42.146.84.216	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
202.128.6.77	unknown	Guam	3605	ERX-KUENTOS-ASGuamCablevisionLLCGU	false
179.66.21.100	unknown	Brazil	7738	TelemarNorteLesteSABR	false
122.78.96.93	unknown	China	63711	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
179.186.80.236	unknown	Brazil	18881	TELEFONICABRASILSABR	false
107.229.88.133	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
221.127.190.120	unknown	Hong Kong	9304	HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK	false
175.65.29.176	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
81.222.205.171	unknown	Russian Federation	20597	ELTEL-ASRU	false
134.16.105.217	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
167.181.125.128	unknown	United States	59447	SAYFANETTR	false
195.201.97.179	unknown	Germany	24940	HETZNER-ASDE	false
31.168.46.82	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false

Contacted Domains

Name	IP	Active
arcticboatz.cz	156.96.62.207	true

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: arm5

Avira: detected

Multi AV Scanner detection for submitted file

Source: arm5

ReversingLabs: Detection: 40%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 156.96.62.207:55650 -> 192.168.2.23:58066
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56784
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56800
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56808
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56810
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56812
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56814
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56818
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56842
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56846
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 60.165.242.134:23 -> 192.168.2.23:56850
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45768
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45822
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40670
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40672
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40674
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40676
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40680
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40682
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40686
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40692
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40698
Source: Traffic	Snort IDS: 716 INFO TELNET access 124.133.3.78:23 -> 192.168.2.23:40704
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 114.33.252.195:23 -> 192.168.2.23:45862
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 114.33.252.195:23 -> 192.168.2.23:45862

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46638
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46640
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46642
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46648
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46654

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.34.42.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.118.78.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.2.115.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.87.189.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.73.152.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 114.42.109.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.12.252.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.95.196.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.74.49.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.189.140.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 142.172.145.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.25.76.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.172.119.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.83.82.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.31.95.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.94.254.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58066 -> 156.96.62.207:55650
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 163.57.140.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 47.22.41.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 34.27.95.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.16.1.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 93.90.35.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.149.152.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 160.224.129.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.206.97.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.30.225.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.83.224.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.242.112.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.238.91.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 163.144.123.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.183.185.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 177.131.127.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.66.49.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 139.106.34.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 179.95.95.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.155.228.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 196.3.194.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 173.75.214.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 114.49.194.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.55.179.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 131.162.173.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.89.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.233.224.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 12.92.215.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 48.25.186.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.164.81.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 35.204.221.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 150.41.23.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 69.38.172.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.179.161.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.172.163.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 219.233.185.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.19.66.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 71.10.249.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 24.167.95.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.91.149.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 123.179.73.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 89.216.115.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.93.87.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.171.76.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.102.26.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.59.89.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 175.158.199.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 131.177.241.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.99.140.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 58.30.217.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.210.24.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.13.133.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 76.192.107.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 39.197.116.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.13.37.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 113.94.137.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.45.227.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.253.143.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.112.248.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.154.188.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.157.91.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.147.213.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.121.105.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.224.107.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.25.175.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.34.186.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.156.69.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 31.40.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.28.78.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 150.89.13.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 139.23.155.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.244.157.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.94.114.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.89.42.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 216.163.3.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.107.125.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 213.136.103.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.250.111.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.71.34.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.67.205.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 194.183.242.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.127.239.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.85.167.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.93.165.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.45.232.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.20.57.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.179.21.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.45.205.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 174.133.81.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.32.24.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.82.68.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.51.85.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.69.131.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.62.253.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.122.220.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.166.226.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.134.122.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.183.107.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 190.59.219.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.224.73.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.232.160.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.184.175.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.1.243.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.100.52.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 220.230.95.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.211.18.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.253.214.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.164.194.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.222.169.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.121.11.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.241.28.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.55.48.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.231.160.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.85.142.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.13.56.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.127.183.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.107.36.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.241.214.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.210.251.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 142.121.185.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 57.134.182.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.184.11.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.233.77.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 95.15.190.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 83.64.8.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 40.9.213.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.210.248.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 36.92.206.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 125.20.107.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 182.143.231.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 134.167.172.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.195.177.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 2.93.197.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.81.244.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 182.91.195.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.43.104.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 59.90.129.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 116.2.127.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.241.220.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.176.160.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 171.79.106.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 194.146.36.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 208.44.174.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.111.136.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 106.159.207.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.207.63.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.108.211.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.242.188.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.172.137.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.12.53.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.114.95.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.74.47.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 59.212.183.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.174.243.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.57.35.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.78.250.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 169.12.169.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.65.218.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.3.35.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.53.215.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 43.49.55.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.31.32.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 100.138.123.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.80.30.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.153.83.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.82.36.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.239.161.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 177.207.171.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.4.45.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.131.231.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 65.62.126.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.95.67.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 119.130.188.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.181.251.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.1.238.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 209.126.110.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.88.160.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.160.173.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.225.48.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.3.9.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.196.182.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 74.127.40.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.199.206.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.205.217.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.63.87.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 99.31.179.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 13.246.169.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.10.236.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.169.180.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.200.30.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.158.231.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.185.181.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 49.16.43.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.240.110.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 164.21.88.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 46.117.88.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 153.222.114.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 222.219.61.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 54.245.187.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.134.71.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.132.65.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.103.50.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.109.36.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.139.10.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.249.5.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.173.169.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 19.83.179.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.139.170.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 36.206.97.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.60.147.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 81.46.165.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 85.127.10.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.179.224.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.242.77.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 196.101.228.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 208.193.58.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 32.199.244.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 171.84.83.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.177.185.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.173.224.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.46.9.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.233.220.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.255.74.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 138.32.22.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.112.93.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.100.86.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 184.222.122.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 41.243.91.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.106.38.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 4.220.96.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.118.111.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.171.187.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 50.146.168.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.221.207.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.246.57.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.101.145.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.29.246.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 34.238.197.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.37.156.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 117.153.52.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.187.245.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.61.248.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 158.22.53.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 17.197.88.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.121.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 107.229.88.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 108.215.124.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.32.213.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.226.122.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.235.10.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.2.38.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.208.51.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.237.126.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 149.252.242.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.47.196.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 138.202.231.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 115.102.210.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.68.99.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.95.195.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 43.109.155.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.197.231.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.244.136.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.189.105.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.181.29.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.73.195.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.83.201.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 60.228.164.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.205.154.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.165.223.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.209.129.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.23.178.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 143.70.13.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 78.244.10.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.6.204.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 134.16.105.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.126.12.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 19.51.142.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.66.73.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 91.59.4.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.222.123.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.181.156.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.47.10.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.73.215.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 93.236.206.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 140.227.95.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 206.112.34.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.126.72.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 189.208.4.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 121.57.143.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.204.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 195.129.24.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 122.58.147.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 71.123.57.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.212.105.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.25.209.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.34.228.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.111.69.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.57.45.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 189.253.100.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.71.22.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.113.103.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 82.86.111.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.248.96.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 108.90.238.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.193.126.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.159.7.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 193.30.180.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 9.155.210.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.41.73.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.175.157.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.3.202.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 77.67.56.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.156.98.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 198.253.169.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.121.240.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.74.77.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.225.195.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 104.244.138.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 67.253.122.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.248.198.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 20.171.255.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.27.81.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.251.82.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.115.40.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 152.212.210.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 201.191.27.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 74.45.79.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.13.134.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 37.111.210.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.151.148.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 42.90.242.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.3.219.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 218.99.251.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.66.53.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 160.25.142.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.140.24.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 82.249.225.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 91.172.190.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.191.82.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.130.101.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 221.165.0.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 203.31.73.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.208.225.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.18.104.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 5.125.134.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 48.53.171.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.92.145.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 154.151.201.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.57.131.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.187.202.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 201.230.24.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 207.103.131.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 24.218.5.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 25.91.230.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.116.46.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.176.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 180.210.162.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 51.142.145.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.250.62.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 170.100.207.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 102.80.151.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 186.192.115.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 166.95.252.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 191.114.98.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 23.20.123.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 84.82.83.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 4.8.160.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.202.216.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 61.179.237.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 111.156.173.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.101.36.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 145.41.218.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 76.10.70.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.78.241.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 190.217.73.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 18.31.253.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.132.161.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.54.29.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 8.81.234.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.39.182.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.7.176.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 117.193.191.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 143.160.107.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 126.74.153.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 17.122.56.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 103.218.71.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.135.3.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 223.63.183.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 73.26.91.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 211.218.219.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 159.11.121.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 157.109.33.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.106.110.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 88.245.169.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.73.188.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 147.237.85.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.117.161.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 104.135.187.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 151.210.5.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 120.111.203.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.46.103.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.182.18.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 221.32.43.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.81.204.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 65.85.118.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 66.47.30.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 94.31.17.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 97.171.21.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.165.124.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.125.102.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 185.68.199.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 51.163.14.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.187.255.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 181.55.118.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 141.188.212.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 178.55.186.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 53.112.112.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 31.165.130.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 68.207.135.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 35.132.83.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.183.2.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 64.124.244.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 212.81.116.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 1.217.99.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.4.171.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 156.70.250.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.186.112.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 80.52.230.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 86.115.179.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 90.86.204.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 79.78.143.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.167.124.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.136.39.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 47.117.8.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 45.235.140.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 72.20.130.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 187.154.227.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 137.193.106.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 49.160.19.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 135.9.196.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 141.94.171.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 70.82.212.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 106.239.67.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 101.32.63.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 62.115.34.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 148.253.18.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 89.89.238.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 128.209.144.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 105.29.107.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 130.108.198.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 68.80.129.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.196.150.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.220.88.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 63.155.197.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 222.90.147.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 161.33.62.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 165.214.148.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 69.17.88.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 132.19.206.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 167.67.99.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 146.28.106.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 176.54.121.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 112.234.6.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 110.164.5.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 44.187.188.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 45.228.69.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 118.122.141.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 83.90.129.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 27.172.85.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 199.137.54.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 92.122.25.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 46.165.108.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 205.251.238.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 213.20.144.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 183.92.172.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 188.103.87.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 8.37.7.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 98.132.177.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 13.50.16.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 217.131.214.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 14.227.238.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 202.250.198.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 136.47.244.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:12694 -> 52.12.60.5:2323

Sample listens on a socket

Source: /tmp/arm5 (PID: 5246)

Socket: 127.0.0.1::1124

Jump to behavior

Source: unknown

DNS traffic detected: queries for: arcticboatz.cz

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 199.34.42.51
Source: unknown	TCP traffic detected without corresponding DNS query: 82.144.153.51
Source: unknown	TCP traffic detected without corresponding DNS query: 12.165.249.204
Source: unknown	TCP traffic detected without corresponding DNS query: 61.124.206.205
Source: unknown	TCP traffic detected without corresponding DNS query: 161.117.65.127
Source: unknown	TCP traffic detected without corresponding DNS query: 48.182.31.52
Source: unknown	TCP traffic detected without corresponding DNS query: 128.180.138.227
Source: unknown	TCP traffic detected without corresponding DNS query: 133.20.108.83
Source: unknown	TCP traffic detected without corresponding DNS query: 202.74.73.171
Source: unknown	TCP traffic detected without corresponding DNS query: 203.118.78.144
Source: unknown	TCP traffic detected without corresponding DNS query: 93.199.116.209
Source: unknown	TCP traffic detected without corresponding DNS query: 211.170.230.50
Source: unknown	TCP traffic detected without corresponding DNS query: 64.142.62.94
Source: unknown	TCP traffic detected without corresponding DNS query: 159.111.89.205
Source: unknown	TCP traffic detected without corresponding DNS query: 195.141.240.19
Source: unknown	TCP traffic detected without corresponding DNS query: 173.96.87.175
Source: unknown	TCP traffic detected without corresponding DNS query: 140.25.88.20
Source: unknown	TCP traffic detected without corresponding DNS query: 199.40.126.131
Source: unknown	TCP traffic detected without corresponding DNS query: 174.233.93.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.104.222.118
Source: unknown	TCP traffic detected without corresponding DNS query: 52.2.115.39
Source: unknown	TCP traffic detected without corresponding DNS query: 187.232.45.4
Source: unknown	TCP traffic detected without corresponding DNS query: 196.195.43.56
Source: unknown	TCP traffic detected without corresponding DNS query: 169.44.4.176
Source: unknown	TCP traffic detected without corresponding DNS query: 142.167.23.100
Source: unknown	TCP traffic detected without corresponding DNS query: 13.238.158.11
Source: unknown	TCP traffic detected without corresponding DNS query: 194.236.34.26
Source: unknown	TCP traffic detected without corresponding DNS query: 62.166.58.226
Source: unknown	TCP traffic detected without corresponding DNS query: 168.201.3.69
Source: unknown	TCP traffic detected without corresponding DNS query: 203.157.61.144
Source: unknown	TCP traffic detected without corresponding DNS query: 135.87.189.208
Source: unknown	TCP traffic detected without corresponding DNS query: 162.4.161.178
Source: unknown	TCP traffic detected without corresponding DNS query: 163.89.129.21
Source: unknown	TCP traffic detected without corresponding DNS query: 125.100.190.32
Source: unknown	TCP traffic detected without corresponding DNS query: 144.247.228.110
Source: unknown	TCP traffic detected without corresponding DNS query: 95.174.174.209
Source: unknown	TCP traffic detected without corresponding DNS query: 196.227.4.245
Source: unknown	TCP traffic detected without corresponding DNS query: 36.224.181.53
Source: unknown	TCP traffic detected without corresponding DNS query: 60.20.194.64
Source: unknown	TCP traffic detected without corresponding DNS query: 112.73.152.122
Source: unknown	TCP traffic detected without corresponding DNS query: 163.244.204.30
Source: unknown	TCP traffic detected without corresponding DNS query: 144.59.180.31
Source: unknown	TCP traffic detected without corresponding DNS query: 2.200.187.211
Source: unknown	TCP traffic detected without corresponding DNS query: 155.196.66.51
Source: unknown	TCP traffic detected without corresponding DNS query: 41.222.114.122
Source: unknown	TCP traffic detected without corresponding DNS query: 207.82.46.119
Source: unknown	TCP traffic detected without corresponding DNS query: 14.72.135.97
Source: unknown	TCP traffic detected without corresponding DNS query: 221.228.123.170
Source: unknown	TCP traffic detected without corresponding DNS query: 114.42.109.169
Source: unknown	TCP traffic detected without corresponding DNS query: 208.91.20.63

System Summary:

Malicious sample detected (through community Yara rule)

Source: arm5, type: SAMPLE	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: arm5, type: SAMPLE	Matched rule: Detects ELF malware Mirai related Author: Florian Roth
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Detects ELF malware Mirai related Author: Florian Roth

Yara signature match

Source: arm5, type: SAMPLE	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: arm5, type: SAMPLE	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY	Matched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal96.troj.evad.lin@0/0@1/0

Source: arm5

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/761/cmdline	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5202/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2050/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5040/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1877/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1633/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1599/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1632/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1477/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1476/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2048/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2289/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1639/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1638/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2208/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2180/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/4486/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1809/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1494/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1890/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2063/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2062/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1888/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1886/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1489/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1642/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5203/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1648/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2191/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5223/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5224/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2078/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2077/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2074/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2195/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1656/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1654/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2226/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/1532/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2069/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2102/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2223/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/2080/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5230/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5231/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5232/fd	Jump to behavior
Source: /tmp/arm5 (PID: 5252)	File opened: /proc/5233/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/arm5 (PID: 5246)

File: /tmp/arm5

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46636
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46638
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46640
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46642
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46644
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46646
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46648
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46650
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46652
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 46654

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/arm5 (PID: 5246)

Queries kernel information via 'uname':

Jump to behavior

Source: arm5, 5246.1.00000000b7797230.00000000eff5af91.rw-.sdmp	Binary or memory string: +OV!/etc/qemu-binfmt/arm
Source: arm5, 5246.1.00000000b7797230.00000000eff5af91.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: arm5, 5246.1.00000000aa01c970.0000000075930ec0.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/arm5SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/arm5
Source: arm5, 5246.1.00000000aa01c970.0000000075930ec0.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match	File source: arm5, type: SAMPLE
Source: Yara match	File source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Mirai

Source: Yara match	File source: arm5, type: SAMPLE
Source: Yara match	File source: 5246.1.000000006d4b7060.0000000092f9e265.r-x.sdmp, type: MEMORY

ID:	518272
Product:	CloudBasic
Start time:	09:48:16
Start date:	09.11.2021
Sample:	arm5
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	70988ec41b6eddb41ec1bc3222f8fab8
SHA1:	60af6f0fee0df7ff9e51c0f9f6070ba102f430a8
SHA256:	1d91574bc880dfb70eb8aaa3d3bc75d906bdb7b87f8ee3d3467a2ed3267e1047
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report arm5

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs

Contacted Domains