Linux Analysis Report zD1jpTbFQq

Overview

General Information

Sample Name:	zD1jpTbFQq
Analysis ID:	518915
MD5:	e06f0a88a25db599d47dadb03907ef00
SHA1:	ee8da3d3dffde40ef93700991aa5d472d760fda5
SHA256:	f3f57dc399b0dc7bbe3a019afb7d7402c40274deea75b2cc605ff13e94229c71
Tags:	32elfmiraipowerpc
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Yara signature match

Sample has stripped symbol table

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: zD1jpTbFQq

ReversingLabs: Detection: 59%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 109.70.207.246:23 -> 192.168.2.23:44514
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:46984
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:48216 -> 114.147.117.8:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47020
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47166
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47186
Source: Traffic	Snort IDS: 716 INFO TELNET access 109.70.207.246:23 -> 192.168.2.23:44862
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47258
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42472
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42536
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47420
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42566
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 197.210.158.54:23 -> 192.168.2.23:51614
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 197.210.158.54:23 -> 192.168.2.23:51614
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42622
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47516
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42678
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42802
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47702
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42882
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 197.210.158.54:23 -> 192.168.2.23:51904
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 197.210.158.54:23 -> 192.168.2.23:51904

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42810
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42814
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42828
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42886
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42962
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43008
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43032
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43042
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43052
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43056
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43058
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43062
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43072

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:49932 -> 107.174.241.209:60420
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 140.204.138.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.124.194.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.112.15.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 184.185.11.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.196.205.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.3.40.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.189.180.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 17.244.131.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 201.239.18.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 79.25.107.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.221.192.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 75.180.33.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.167.136.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.136.217.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 195.115.116.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 61.113.89.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 98.22.34.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 2.58.12.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 45.7.52.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 201.38.152.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 98.233.56.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 164.142.37.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 183.76.189.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.245.185.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.85.112.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 111.222.104.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.169.227.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 169.38.151.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.206.36.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 167.157.126.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.164.28.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.17.85.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 185.213.3.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 219.175.5.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.248.39.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 113.14.31.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 105.43.11.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 218.171.96.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 34.84.145.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 147.229.86.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.4.60.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 212.53.10.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.224.26.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.103.144.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.127.113.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 58.195.36.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 183.157.174.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 151.245.254.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 17.253.148.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.89.58.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 60.30.250.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.50.180.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 76.108.180.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 121.230.33.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.138.27.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 91.163.197.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.223.148.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.123.158.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 19.101.115.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 144.83.81.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 93.98.10.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.255.65.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 68.171.170.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 216.189.249.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 83.147.112.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 118.66.68.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 191.99.144.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 104.8.51.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 67.61.48.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 114.68.152.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 147.179.71.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.244.202.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.127.242.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 160.102.197.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 46.34.16.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 170.250.60.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 86.22.235.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 45.157.241.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 59.215.98.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 9.85.79.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 199.26.170.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 40.214.194.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.237.134.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.251.252.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 162.185.248.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.185.94.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 154.206.112.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.123.252.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 189.16.18.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 108.190.36.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 85.255.151.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 208.208.20.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.150.10.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.202.88.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 58.118.110.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 97.8.117.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.138.207.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.167.137.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 145.19.248.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 219.157.114.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 91.207.237.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.148.184.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.115.8.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.116.165.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 168.161.165.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 114.212.48.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 68.64.68.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 186.76.13.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 68.48.215.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 175.116.102.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 1.134.11.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 156.225.83.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 42.161.156.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 110.50.10.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.4.71.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.119.156.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.88.158.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.255.136.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 149.3.181.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 31.200.237.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 61.91.163.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.96.230.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 58.185.109.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 12.56.29.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.227.151.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 200.94.71.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 31.65.226.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 13.103.67.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 87.56.67.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 197.96.129.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 104.190.119.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.51.201.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 98.180.89.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 36.182.82.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.12.14.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.222.242.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 99.172.30.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.116.252.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.182.246.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 43.95.5.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 126.138.121.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 156.233.230.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 190.67.100.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 185.168.187.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 210.200.175.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 221.0.15.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 90.52.230.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 53.156.170.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 97.208.198.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.74.170.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 45.173.7.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 100.242.9.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.37.25.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 195.44.186.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 96.122.151.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 99.94.22.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 80.122.69.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 18.225.220.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 88.150.96.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 112.254.134.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 121.87.64.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 47.131.247.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.164.6.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.165.196.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 74.73.29.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 31.255.84.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 144.80.194.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.187.171.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.211.243.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 90.85.98.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 158.199.173.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 152.74.69.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 148.141.236.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 119.91.63.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.86.181.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.9.186.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.190.227.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 193.125.17.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.66.227.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 68.166.31.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 106.173.190.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.37.229.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.30.147.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 78.40.115.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.191.22.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 80.185.204.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 85.11.100.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 196.45.123.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.60.122.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.15.215.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.103.174.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 177.46.121.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 4.62.120.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 101.82.135.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 113.102.185.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 153.161.140.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.30.235.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 217.120.77.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 175.182.153.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.62.215.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 165.120.149.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 191.93.170.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.73.113.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 193.38.227.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.96.80.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.14.182.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 88.131.181.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 86.147.111.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.71.251.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 176.13.207.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.131.41.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 146.117.164.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 62.34.194.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 54.255.77.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 46.25.183.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 43.170.32.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 210.14.72.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 113.17.59.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 209.66.176.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.15.3.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 104.203.22.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 221.56.47.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 98.246.175.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 63.73.32.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 27.250.125.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 203.26.7.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 183.47.184.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.62.61.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 67.39.97.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 133.134.85.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.24.164.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.166.210.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 73.90.166.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.181.162.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 167.85.174.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.103.197.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.250.145.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 212.243.79.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 115.208.18.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 194.30.202.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.200.238.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 170.158.84.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 213.106.76.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 115.157.90.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 203.113.113.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 157.137.61.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 69.92.18.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.182.216.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 126.132.118.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.6.177.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 166.219.26.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 44.173.239.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 110.49.212.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 40.248.107.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 152.41.163.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 75.2.188.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.8.91.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 1.222.235.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 42.178.29.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 165.253.206.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 180.172.60.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.255.11.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 95.121.191.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 208.250.99.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 74.206.149.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.134.109.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 89.232.81.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 34.149.102.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.202.102.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 44.23.82.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 102.37.143.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 5.109.226.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.150.114.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 209.184.230.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.115.41.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 47.127.9.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 135.165.238.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.152.5.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.99.205.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 169.41.65.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 75.8.15.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.25.117.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.115.3.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.62.129.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 190.45.171.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 58.23.58.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 221.217.33.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 110.217.128.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.205.81.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 190.137.151.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 193.59.232.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.99.131.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 188.17.64.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 101.190.43.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 106.44.69.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 198.160.68.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 201.115.69.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 111.136.106.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 125.207.121.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.145.190.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 166.82.99.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 191.104.98.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.41.115.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 170.35.11.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 89.38.36.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 157.47.176.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.245.75.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 124.110.206.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 165.136.250.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 197.130.116.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 156.30.143.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.248.36.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.249.102.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 180.78.207.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 31.124.132.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.14.81.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 46.30.152.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.252.107.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 135.157.127.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.64.83.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.184.153.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.2.250.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.139.115.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 212.253.177.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.21.33.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.47.63.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.27.206.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 48.223.125.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.107.126.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 100.23.126.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 185.164.171.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 62.122.159.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 159.61.223.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.144.105.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 150.72.167.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 114.153.37.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.46.134.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 99.172.251.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.231.109.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.39.101.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 196.233.103.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 163.130.26.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.177.42.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 88.55.67.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 105.105.56.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.190.194.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 9.135.61.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 63.100.17.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.97.174.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 181.104.247.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.58.104.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.39.35.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.63.83.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.252.10.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 8.43.157.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.188.248.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.158.70.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 77.210.119.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.69.6.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 146.88.250.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.213.126.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.160.56.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 180.20.66.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.16.243.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 168.30.119.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.92.129.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.165.175.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 154.200.117.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 179.16.203.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.145.75.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 146.179.129.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.4.57.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 184.66.142.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 65.224.93.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.81.240.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 61.56.41.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 191.212.233.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.226.5.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 204.232.211.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 35.154.31.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.121.160.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 189.16.243.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 53.44.8.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.89.170.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 206.226.163.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.8.213.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.118.210.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.182.123.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 44.248.118.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.119.67.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.128.157.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 53.31.141.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.232.45.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.202.125.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 1.239.0.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 60.17.117.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.250.178.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 24.40.155.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 14.134.76.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.179.208.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 107.47.6.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.78.42.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.185.197.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 147.117.36.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 139.144.100.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 53.234.214.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.43.0.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 108.103.232.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 86.8.159.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.220.115.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 133.252.65.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.72.25.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 138.222.253.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 168.37.183.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 79.60.94.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 94.223.138.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.36.203.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 96.93.145.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 102.22.242.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.235.49.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 54.61.97.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 145.56.59.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 45.239.86.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 78.7.230.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 197.228.109.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 128.239.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 190.132.137.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 87.186.106.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 188.9.169.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 122.19.228.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 47.172.6.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.118.147.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 164.73.84.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 179.30.220.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.200.64.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.104.160.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 167.95.203.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.229.33.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 65.242.218.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.197.64.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 79.136.225.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 44.2.91.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 153.15.129.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.0.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 62.59.249.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 40.255.223.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 149.77.183.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 157.251.221.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 73.166.126.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.210.210.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.47.206.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 35.136.90.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 158.129.141.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 176.161.95.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.126.239.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 185.90.100.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 170.196.235.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 149.131.55.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.201.198.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.140.58.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 162.88.16.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 36.122.200.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.245.205.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.162.104.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.168.157.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.215.29.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 87.92.235.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.24.171.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 148.50.176.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 40.214.156.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.86.43.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 4.164.86.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 217.239.36.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 148.211.118.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 91.161.60.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.170.206.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 180.113.63.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 72.58.51.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.119.35.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 144.1.215.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 146.19.81.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 27.234.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 5.181.39.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 108.90.177.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 181.185.26.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 213.203.196.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.109.49.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 202.22.191.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.112.124.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.27.76.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.174.210.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 143.236.238.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.109.226.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 213.15.15.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 111.83.248.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 175.250.58.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 187.188.77.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.210.131.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 104.156.181.73:2323

Sample listens on a socket

Source: /tmp/zD1jpTbFQq (PID: 5245)	Socket: 127.0.0.1::63841	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5248)	Socket: 0.0.0.0::23	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5280)	Socket: <unknown socket type>:unknown	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 42.176.196.90
Source: unknown	TCP traffic detected without corresponding DNS query: 107.174.241.209
Source: unknown	TCP traffic detected without corresponding DNS query: 140.204.138.56
Source: unknown	TCP traffic detected without corresponding DNS query: 179.201.126.161
Source: unknown	TCP traffic detected without corresponding DNS query: 217.72.134.141
Source: unknown	TCP traffic detected without corresponding DNS query: 201.16.161.191
Source: unknown	TCP traffic detected without corresponding DNS query: 8.142.241.84
Source: unknown	TCP traffic detected without corresponding DNS query: 80.4.232.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.124.77.109
Source: unknown	TCP traffic detected without corresponding DNS query: 117.18.185.97
Source: unknown	TCP traffic detected without corresponding DNS query: 84.26.231.127
Source: unknown	TCP traffic detected without corresponding DNS query: 124.12.9.90
Source: unknown	TCP traffic detected without corresponding DNS query: 179.124.194.239
Source: unknown	TCP traffic detected without corresponding DNS query: 85.30.212.209
Source: unknown	TCP traffic detected without corresponding DNS query: 117.14.254.123
Source: unknown	TCP traffic detected without corresponding DNS query: 88.248.212.7
Source: unknown	TCP traffic detected without corresponding DNS query: 121.35.185.167
Source: unknown	TCP traffic detected without corresponding DNS query: 18.190.45.139
Source: unknown	TCP traffic detected without corresponding DNS query: 113.14.148.22
Source: unknown	TCP traffic detected without corresponding DNS query: 161.249.147.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.47.171.85
Source: unknown	TCP traffic detected without corresponding DNS query: 139.197.172.95
Source: unknown	TCP traffic detected without corresponding DNS query: 124.112.15.58
Source: unknown	TCP traffic detected without corresponding DNS query: 59.105.172.231
Source: unknown	TCP traffic detected without corresponding DNS query: 75.48.15.22
Source: unknown	TCP traffic detected without corresponding DNS query: 176.179.133.176
Source: unknown	TCP traffic detected without corresponding DNS query: 196.112.209.153
Source: unknown	TCP traffic detected without corresponding DNS query: 79.97.174.23
Source: unknown	TCP traffic detected without corresponding DNS query: 57.130.235.111
Source: unknown	TCP traffic detected without corresponding DNS query: 13.213.120.61
Source: unknown	TCP traffic detected without corresponding DNS query: 184.185.11.5
Source: unknown	TCP traffic detected without corresponding DNS query: 190.123.66.137
Source: unknown	TCP traffic detected without corresponding DNS query: 111.61.217.245
Source: unknown	TCP traffic detected without corresponding DNS query: 73.245.188.43
Source: unknown	TCP traffic detected without corresponding DNS query: 180.114.17.59
Source: unknown	TCP traffic detected without corresponding DNS query: 82.20.116.141
Source: unknown	TCP traffic detected without corresponding DNS query: 69.29.86.68
Source: unknown	TCP traffic detected without corresponding DNS query: 175.14.215.95
Source: unknown	TCP traffic detected without corresponding DNS query: 120.6.148.99
Source: unknown	TCP traffic detected without corresponding DNS query: 58.223.124.148
Source: unknown	TCP traffic detected without corresponding DNS query: 54.136.141.217
Source: unknown	TCP traffic detected without corresponding DNS query: 174.196.205.61
Source: unknown	TCP traffic detected without corresponding DNS query: 82.153.89.97
Source: unknown	TCP traffic detected without corresponding DNS query: 179.32.188.29
Source: unknown	TCP traffic detected without corresponding DNS query: 150.163.90.148
Source: unknown	TCP traffic detected without corresponding DNS query: 217.199.103.45
Source: unknown	TCP traffic detected without corresponding DNS query: 161.63.95.205
Source: unknown	TCP traffic detected without corresponding DNS query: 177.224.207.249

System Summary:

Yara signature match

Source: zD1jpTbFQq, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5251.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5258.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5258.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5251.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5257.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5257.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5252.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5245.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5245.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5252.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: Process Memory Space: zD1jpTbFQq PID: 5245, type: MEMORYSTR	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 2637, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5258, result: unknown	Jump to behavior

Source: classification engine

Classification label: mal60.troj.lin@0/4@0/0

Source: zD1jpTbFQq

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5280)

Reads from proc file: /proc/meminfo

Jump to behavior

Enumerates processes within the "proc" file system

Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2033/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2033/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1582/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1582/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2275/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2275/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1612/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1612/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1579/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1579/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1699/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1699/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1335/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1335/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1698/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1698/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2028/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2028/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1334/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1334/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1576/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1576/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2302/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2302/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/3236/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/3236/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2025/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2025/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2146/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2146/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/912/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/912/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/759/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/759/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2307/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2307/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/918/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/918/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1594/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1594/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2285/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2285/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2281/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2281/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1349/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1349/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1623/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1623/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/761/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/761/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1622/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1622/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/884/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/884/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1983/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1983/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2038/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2038/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1586/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1586/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1465/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1465/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1344/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1344/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1860/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1860/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1463/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1463/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2156/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2156/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/800/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/801/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/801/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1629/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1629/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1627/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1627/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1900/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1900/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/491/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/491/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2294/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2294/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2050/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2050/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1877/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1877/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/772/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/772/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1633/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1633/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1599/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1599/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1632/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1632/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1477/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1477/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/774/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/774/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1476/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1476/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1872/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1872/numa_maps	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42810
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42814
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42828
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42886
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42962
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43008
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43032
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43042
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43052
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43056
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43058
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43062
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43072

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/zD1jpTbFQq (PID: 5245)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5280)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5294)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5296)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5302)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5308)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5314)	Queries kernel information via 'uname':	Jump to behavior

Source: zD1jpTbFQq, 5245.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: zD1jpTbFQq, 5247.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: zD1jpTbFQq, 5245.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: zD1jpTbFQq, 5245.1.00000000f8a03f89.000000008d251a34.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: zD1jpTbFQq, 5245.1.00000000f8a03f89.000000008d251a34.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/zD1jpTbFQqSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zD1jpTbFQq

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
8.141.217.212	unknown	Singapore	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
66.217.147.40	unknown	United States	7029	WINDSTREAMUS	false
83.220.183.211	unknown	Russian Federation	34456	RIALCOM-ASRU	false
110.76.149.26	unknown	Indonesia	38506	PIKANET-AS-IDPTPikaMediaKomunikaID	false
81.90.6.124	unknown	Russian Federation	12739	NETLINE_ASRU	false
111.122.94.155	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
92.53.31.140	unknown	Macedonia	43612	BLIZOOMK	false
191.12.225.240	unknown	Brazil	26599	TELEFONICABRASILSABR	false
152.41.163.251	unknown	United States	22854	CATAWBA-COLLEGEUS	false
2.222.21.147	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
9.63.59.31	unknown	United States	3356	LEVEL3US	false
138.9.239.14	unknown	United States	18663	UOP-ASUS	false
93.72.89.226	unknown	Ukraine	25229	VOLIA-ASUA	false
108.230.125.248	unknown	United States	7018	ATT-INTERNET4US	false
53.112.177.79	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
116.185.245.133	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
146.249.105.69	unknown	France	12765	TOTAL-CONNECTFR	false
207.111.164.255	unknown	United States	7314	TIS-ASNUS	false
182.49.33.62	unknown	China	9371	SAKURA-CSAKURAInternetIncJP	false
96.205.253.20	unknown	United States	7922	COMCAST-7922US	false
79.82.199.182	unknown	France	15557	LDCOMNETFR	false
149.123.58.227	unknown	United States	174	COGENT-174US	false
133.71.76.162	unknown	Japan	131897	EHIME-UNationalUniversityCorporationEhimeUniversityJ	false
116.123.188.38	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
64.11.109.131	unknown	United States	701	UUNETUS	false
108.90.177.118	unknown	United States	7018	ATT-INTERNET4US	false
182.37.86.132	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
172.209.54.248	unknown	United States	18747	IFX18747US	false
204.66.152.22	unknown	United States	1761	TDIR-CAPNETUS	false
208.61.202.33	unknown	United States	7018	ATT-INTERNET4US	false
117.241.195.11	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
124.97.60.6	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
175.160.7.20	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
169.216.205.14	unknown	Korea Republic of	37611	AfrihostZA	false
117.235.136.149	unknown	India	9829	BSNL-NIBNationalInternetBackboneIN	false
150.216.250.169	unknown	United States	10952	ECU-ASUS	false
168.63.110.245	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
188.213.127.160	unknown	Iran (ISLAMIC Republic Of)	58224	TCIIR	false
140.224.26.182	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
8.195.218.66	unknown	United States	3356	LEVEL3US	false
148.78.186.253	unknown	United States	16811	SAGENET-GTHUS	false
67.214.45.86	unknown	United States	40336	UNISKY-MIAUS	false
198.20.174.5	unknown	Canada	55286	SERVER-MANIACA	false
112.47.206.166	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
181.54.154.55	unknown	Colombia	10620	TelmexColombiaSACO	false
113.185.159.73	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
189.83.123.80	unknown	Brazil	7738	TelemarNorteLesteSABR	false
42.168.40.11	unknown	China	4249	LILLY-ASUS	false
96.235.195.59	unknown	United States	701	UUNETUS	false
75.93.164.89	unknown	United States	7029	WINDSTREAMUS	false
222.107.228.174	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
91.156.144.52	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
88.189.112.244	unknown	France	12322	PROXADFR	false
122.141.120.145	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
122.126.239.230	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
31.9.165.6	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
80.42.168.221	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
165.77.0.253	unknown	United States	4725	ODNSoftBankMobileCorpJP	false
17.35.71.6	unknown	United States	714	APPLE-ENGINEERINGUS	false
205.244.82.224	unknown	United States	3364	CSDCO-ASUS	false
109.56.179.18	unknown	Sweden	44034	HI3GSE	false
178.201.249.3	unknown	Germany	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
13.8.0.90	unknown	United States	26662	XEROX-WVUS	false
203.51.156.22	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
204.120.171.63	unknown	United States	1239	SPRINTLINKUS	false
207.26.25.171	unknown	United States	701	UUNETUS	false
157.114.152.220	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
169.44.187.157	unknown	United States	36351	SOFTLAYERUS	false
9.146.149.27	unknown	United States	3356	LEVEL3US	false
181.80.17.58	unknown	Argentina	7303	TelecomArgentinaSAAR	false
79.67.235.84	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
83.31.103.192	unknown	Poland	5617	TPNETPL	false
155.199.164.196	unknown	United States	786	JANETJiscServicesLimitedGB	false
86.17.103.193	unknown	United Kingdom	5089	NTLGB	false
101.32.36.49	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
204.244.141.52	unknown	Canada	5071	WESTEL-1CA	false
83.235.207.5	unknown	Greece	6799	OTENET-GRAthens-GreeceGR	false
159.156.105.82	unknown	Switzerland	34578	BEDAGCH	false
141.230.254.0	unknown	United States	12701	BARCAPLondonGB	false
73.255.137.215	unknown	United States	7922	COMCAST-7922US	false
164.69.149.27	unknown	Japan	2510	INFOWEBFUJITSULIMITEDJP	false
79.245.37.67	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
182.28.200.243	unknown	Indonesia	4795	INDOSATM2-IDINDOSATM2ASNID	false
39.97.83.169	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
101.150.83.142	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
2.35.34.170	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
98.139.130.39	unknown	United States	26101	YAHOO-3US	false
39.31.92.119	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
60.174.151.99	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
175.142.100.244	unknown	Malaysia	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
190.105.172.168	unknown	Haiti	52297	HAICOMHaitiCommunicationsSAHT	false
203.124.232.238	unknown	India	9238	TATA-ASTATAISPIN	false
136.39.108.37	unknown	United States	16591	GOOGLE-FIBERUS	false
164.141.19.164	unknown	Finland	1759	TSF-IP-CORETeliaFinlandOyjEU	false
141.220.243.240	unknown	United States	394769	UMF-7-ASUS	false
86.152.155.233	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
92.93.73.81	unknown	France	15557	LDCOMNETFR	false
109.54.4.240	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
152.136.47.106	unknown	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
156.194.156.6	unknown	Egypt	8452	TE-ASTE-ASEG	false

Name	Type	MD5	SHA1	SHA256
/run/systemd/journal/streams/.#9:74252mAQxYs	ASCII text	7B73F82546FE8A5EDCC9143DFD3D9623	99F973F289FE56E370C1AB2CB51035C0EDCCC9B9	9F76085AEE2C9244A13B4C38F719358084169367A993970B2D0E12E89F1BED79
/run/systemd/journal/streams/.#9:742562yIbVs	ASCII text	D0304411F03172DC7BA1ABD4BBEBB26A	73E6F823ECEA5598A2A70DE05DDACF2C4A261D1E	2203E7DAA0296132BF000098FAFD3E54A2457E22FF17CFDF53F59569C1BE7212
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal	data	C88D104844C9FA10D75CAF83B9078AEC	920D12F6638F08118DB5515FAF9F0EFEACFBD4F3	FD2E34DE60BD081DF453CD95C7F4808AFC65A1B4AB121531295814495B3B11D9
/var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal	data	9D0990C6C6734BFC3EBBA0B56A3D86B6	4E82380513A3E807E04C73EB2AA4C0314B70FDD0	180F3932C2F975835DFB4B7BC25F1C6617CA0D4692706BC556E601C1054475E9

AV Detection:

Multi AV Scanner detection for submitted file

Source: zD1jpTbFQq

ReversingLabs: Detection: 59%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 716 INFO TELNET access 109.70.207.246:23 -> 192.168.2.23:44514
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:46984
Source: Traffic	Snort IDS: 2023447 ET TROJAN Possible Linux.Mirai Login Attempt (service) 192.168.2.23:48216 -> 114.147.117.8:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47020
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47166
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47186
Source: Traffic	Snort IDS: 716 INFO TELNET access 109.70.207.246:23 -> 192.168.2.23:44862
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47258
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42472
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42536
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47420
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42566
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 197.210.158.54:23 -> 192.168.2.23:51614
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 197.210.158.54:23 -> 192.168.2.23:51614
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42622
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47516
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42678
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42802
Source: Traffic	Snort IDS: 716 INFO TELNET access 106.84.55.158:23 -> 192.168.2.23:47702
Source: Traffic	Snort IDS: 716 INFO TELNET access 94.247.88.97:23 -> 192.168.2.23:42882
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 197.210.158.54:23 -> 192.168.2.23:51904
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 197.210.158.54:23 -> 192.168.2.23:51904

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42810
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42814
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42828
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42886
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42962
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43008
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43032
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43042
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43052
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43056
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43058
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43062
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43072

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:49932 -> 107.174.241.209:60420
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 140.204.138.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.124.194.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.112.15.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 184.185.11.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.196.205.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.3.40.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.189.180.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 17.244.131.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 201.239.18.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 79.25.107.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.221.192.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 75.180.33.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.167.136.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.136.217.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 195.115.116.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 61.113.89.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 98.22.34.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 2.58.12.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 45.7.52.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 201.38.152.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 98.233.56.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 164.142.37.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 183.76.189.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.245.185.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.85.112.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 111.222.104.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.169.227.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 169.38.151.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.206.36.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 167.157.126.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.164.28.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.17.85.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 185.213.3.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 219.175.5.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.248.39.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 113.14.31.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 105.43.11.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 218.171.96.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 34.84.145.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 147.229.86.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.4.60.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 212.53.10.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.224.26.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.103.144.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.127.113.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 58.195.36.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 183.157.174.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 151.245.254.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 17.253.148.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.89.58.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 60.30.250.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.50.180.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 76.108.180.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 121.230.33.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.138.27.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 91.163.197.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.223.148.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.123.158.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 19.101.115.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 144.83.81.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 93.98.10.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.255.65.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 68.171.170.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 216.189.249.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 83.147.112.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 118.66.68.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 191.99.144.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 104.8.51.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 67.61.48.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 114.68.152.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 147.179.71.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.244.202.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.127.242.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 160.102.197.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 46.34.16.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 170.250.60.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 86.22.235.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 45.157.241.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 59.215.98.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 9.85.79.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 199.26.170.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 40.214.194.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.237.134.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.251.252.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 162.185.248.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.185.94.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 154.206.112.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.123.252.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 189.16.18.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 108.190.36.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 85.255.151.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 208.208.20.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.150.10.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.202.88.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 58.118.110.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 97.8.117.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.138.207.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.167.137.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 145.19.248.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 219.157.114.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 91.207.237.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.148.184.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.115.8.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.116.165.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 168.161.165.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 114.212.48.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 68.64.68.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 186.76.13.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 68.48.215.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 175.116.102.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 1.134.11.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 156.225.83.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 42.161.156.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 110.50.10.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.4.71.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.119.156.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.88.158.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.255.136.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 149.3.181.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 31.200.237.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 61.91.163.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.96.230.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 58.185.109.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 12.56.29.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.227.151.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 200.94.71.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 31.65.226.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 13.103.67.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 87.56.67.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 197.96.129.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 104.190.119.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.51.201.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 98.180.89.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 36.182.82.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.12.14.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.222.242.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 99.172.30.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.116.252.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.182.246.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 43.95.5.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 126.138.121.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 156.233.230.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 190.67.100.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 185.168.187.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 210.200.175.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 221.0.15.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 90.52.230.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 53.156.170.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 97.208.198.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.74.170.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 45.173.7.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 100.242.9.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.37.25.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 195.44.186.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 96.122.151.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 99.94.22.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 80.122.69.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 18.225.220.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 88.150.96.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 112.254.134.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 121.87.64.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 47.131.247.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.164.6.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 12.165.196.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 74.73.29.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 31.255.84.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 144.80.194.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.187.171.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.211.243.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 90.85.98.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 158.199.173.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 152.74.69.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 148.141.236.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 119.91.63.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.86.181.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.9.186.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.190.227.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 193.125.17.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.66.227.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 68.166.31.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 106.173.190.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.37.229.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.30.147.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 78.40.115.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.191.22.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 80.185.204.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 85.11.100.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 196.45.123.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.60.122.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.15.215.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.103.174.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 177.46.121.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 4.62.120.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 101.82.135.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 113.102.185.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 153.161.140.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.30.235.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 217.120.77.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 175.182.153.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.62.215.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 165.120.149.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 191.93.170.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.73.113.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 193.38.227.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.96.80.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.14.182.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 88.131.181.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 86.147.111.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 220.71.251.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 176.13.207.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.131.41.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 146.117.164.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 62.34.194.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 54.255.77.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 46.25.183.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 43.170.32.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 210.14.72.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 113.17.59.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 209.66.176.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.15.3.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 104.203.22.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 221.56.47.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 98.246.175.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 63.73.32.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 27.250.125.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 203.26.7.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 183.47.184.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.62.61.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 67.39.97.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 133.134.85.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.24.164.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.166.210.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 73.90.166.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.181.162.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 167.85.174.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.103.197.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.250.145.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 212.243.79.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 115.208.18.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 194.30.202.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.200.238.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 170.158.84.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 213.106.76.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 115.157.90.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 203.113.113.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 157.137.61.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 69.92.18.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.182.216.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 126.132.118.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.6.177.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 166.219.26.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 44.173.239.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 110.49.212.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 40.248.107.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 152.41.163.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 75.2.188.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.8.91.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 1.222.235.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 42.178.29.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 165.253.206.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 180.172.60.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.255.11.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 95.121.191.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 208.250.99.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 74.206.149.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 81.134.109.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 89.232.81.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 34.149.102.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.202.102.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 44.23.82.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 102.37.143.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 5.109.226.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 92.150.114.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 209.184.230.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.115.41.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 47.127.9.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 135.165.238.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.152.5.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.99.205.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 169.41.65.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 75.8.15.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.25.117.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.115.3.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.62.129.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 190.45.171.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 58.23.58.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 221.217.33.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 110.217.128.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.205.81.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 190.137.151.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 193.59.232.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.99.131.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 188.17.64.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 101.190.43.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 106.44.69.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 198.160.68.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 201.115.69.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 111.136.106.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 125.207.121.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.145.190.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 166.82.99.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 191.104.98.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.41.115.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 170.35.11.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 89.38.36.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 157.47.176.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 20.245.75.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 124.110.206.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 165.136.250.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 197.130.116.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 156.30.143.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.248.36.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.249.102.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 180.78.207.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 31.124.132.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.14.81.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 46.30.152.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.252.107.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 135.157.127.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.64.83.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.184.153.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.2.250.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 37.139.115.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 212.253.177.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.21.33.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 174.47.63.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 103.27.206.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 48.223.125.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 124.107.126.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 100.23.126.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 185.164.171.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 62.122.159.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 159.61.223.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.144.105.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 150.72.167.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 114.153.37.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.46.134.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 99.172.251.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.231.109.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.39.101.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 196.233.103.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 163.130.26.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 77.177.42.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 88.55.67.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 105.105.56.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.190.194.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 9.135.61.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 63.100.17.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.97.174.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 181.104.247.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.58.104.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 162.39.35.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 207.63.83.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.252.10.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 8.43.157.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.188.248.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 32.158.70.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 77.210.119.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 222.69.6.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 146.88.250.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.213.126.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.160.56.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 180.20.66.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 182.16.243.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 168.30.119.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 84.92.129.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 223.165.175.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 154.200.117.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 179.16.203.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.145.75.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 146.179.129.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.4.57.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 184.66.142.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 65.224.93.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 222.81.240.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 61.56.41.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 191.212.233.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.226.5.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 204.232.211.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 35.154.31.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 92.121.160.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 189.16.243.204:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 53.44.8.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 2.89.170.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 206.226.163.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 211.8.213.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 82.118.210.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.182.123.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 44.248.118.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.119.67.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 155.128.157.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 53.31.141.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 179.232.45.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 13.202.125.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 1.239.0.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 60.17.117.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.250.178.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 24.40.155.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 14.134.76.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.179.208.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 107.47.6.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 74.78.42.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 63.185.197.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 147.117.36.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 139.144.100.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 53.234.214.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 37.43.0.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 108.103.232.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 86.8.159.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 14.220.115.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 133.252.65.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.72.25.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 138.222.253.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 168.37.183.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 79.60.94.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 94.223.138.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 24.36.203.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 96.93.145.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 102.22.242.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 200.235.49.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 54.61.97.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 145.56.59.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 45.239.86.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 78.7.230.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 197.228.109.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 128.239.177.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 190.132.137.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 87.186.106.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 188.9.169.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 122.19.228.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 47.172.6.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.118.147.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 164.73.84.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 179.30.220.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 71.200.64.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 57.104.160.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 167.95.203.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 67.229.33.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 65.242.218.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 158.197.64.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 79.136.225.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 44.2.91.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 153.15.129.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 115.0.89.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 62.59.249.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 40.255.223.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 149.77.183.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 157.251.221.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 73.166.126.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.210.210.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 161.47.206.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 35.136.90.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 158.129.141.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 176.161.95.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 122.126.239.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 185.90.100.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 170.196.235.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 149.131.55.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 177.201.198.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 178.140.58.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 162.88.16.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 36.122.200.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 181.245.205.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.162.104.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 27.168.157.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 103.215.29.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 87.92.235.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 142.24.171.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 148.50.176.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 40.214.156.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 112.86.43.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 4.164.86.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 217.239.36.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 148.211.118.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 91.161.60.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 70.170.206.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 180.113.63.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 72.58.51.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 142.119.35.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 144.1.215.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 146.19.81.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 27.234.230.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 5.181.39.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 108.90.177.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 181.185.26.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 213.203.196.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 223.109.49.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 202.22.191.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:53991 -> 71.112.124.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 41.27.76.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 211.174.210.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 143.236.238.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 202.109.226.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 213.15.15.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 111.83.248.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 175.250.58.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 187.188.77.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 59.210.131.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:54006 -> 104.156.181.73:2323

Sample listens on a socket

Source: /tmp/zD1jpTbFQq (PID: 5245)	Socket: 127.0.0.1::63841	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5248)	Socket: 0.0.0.0::23	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5280)	Socket: <unknown socket type>:unknown	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 42.176.196.90
Source: unknown	TCP traffic detected without corresponding DNS query: 107.174.241.209
Source: unknown	TCP traffic detected without corresponding DNS query: 140.204.138.56
Source: unknown	TCP traffic detected without corresponding DNS query: 179.201.126.161
Source: unknown	TCP traffic detected without corresponding DNS query: 217.72.134.141
Source: unknown	TCP traffic detected without corresponding DNS query: 201.16.161.191
Source: unknown	TCP traffic detected without corresponding DNS query: 8.142.241.84
Source: unknown	TCP traffic detected without corresponding DNS query: 80.4.232.71
Source: unknown	TCP traffic detected without corresponding DNS query: 20.124.77.109
Source: unknown	TCP traffic detected without corresponding DNS query: 117.18.185.97
Source: unknown	TCP traffic detected without corresponding DNS query: 84.26.231.127
Source: unknown	TCP traffic detected without corresponding DNS query: 124.12.9.90
Source: unknown	TCP traffic detected without corresponding DNS query: 179.124.194.239
Source: unknown	TCP traffic detected without corresponding DNS query: 85.30.212.209
Source: unknown	TCP traffic detected without corresponding DNS query: 117.14.254.123
Source: unknown	TCP traffic detected without corresponding DNS query: 88.248.212.7
Source: unknown	TCP traffic detected without corresponding DNS query: 121.35.185.167
Source: unknown	TCP traffic detected without corresponding DNS query: 18.190.45.139
Source: unknown	TCP traffic detected without corresponding DNS query: 113.14.148.22
Source: unknown	TCP traffic detected without corresponding DNS query: 161.249.147.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.47.171.85
Source: unknown	TCP traffic detected without corresponding DNS query: 139.197.172.95
Source: unknown	TCP traffic detected without corresponding DNS query: 124.112.15.58
Source: unknown	TCP traffic detected without corresponding DNS query: 59.105.172.231
Source: unknown	TCP traffic detected without corresponding DNS query: 75.48.15.22
Source: unknown	TCP traffic detected without corresponding DNS query: 176.179.133.176
Source: unknown	TCP traffic detected without corresponding DNS query: 196.112.209.153
Source: unknown	TCP traffic detected without corresponding DNS query: 79.97.174.23
Source: unknown	TCP traffic detected without corresponding DNS query: 57.130.235.111
Source: unknown	TCP traffic detected without corresponding DNS query: 13.213.120.61
Source: unknown	TCP traffic detected without corresponding DNS query: 184.185.11.5
Source: unknown	TCP traffic detected without corresponding DNS query: 190.123.66.137
Source: unknown	TCP traffic detected without corresponding DNS query: 111.61.217.245
Source: unknown	TCP traffic detected without corresponding DNS query: 73.245.188.43
Source: unknown	TCP traffic detected without corresponding DNS query: 180.114.17.59
Source: unknown	TCP traffic detected without corresponding DNS query: 82.20.116.141
Source: unknown	TCP traffic detected without corresponding DNS query: 69.29.86.68
Source: unknown	TCP traffic detected without corresponding DNS query: 175.14.215.95
Source: unknown	TCP traffic detected without corresponding DNS query: 120.6.148.99
Source: unknown	TCP traffic detected without corresponding DNS query: 58.223.124.148
Source: unknown	TCP traffic detected without corresponding DNS query: 54.136.141.217
Source: unknown	TCP traffic detected without corresponding DNS query: 174.196.205.61
Source: unknown	TCP traffic detected without corresponding DNS query: 82.153.89.97
Source: unknown	TCP traffic detected without corresponding DNS query: 179.32.188.29
Source: unknown	TCP traffic detected without corresponding DNS query: 150.163.90.148
Source: unknown	TCP traffic detected without corresponding DNS query: 217.199.103.45
Source: unknown	TCP traffic detected without corresponding DNS query: 161.63.95.205
Source: unknown	TCP traffic detected without corresponding DNS query: 177.224.207.249

System Summary:

Yara signature match

Source: zD1jpTbFQq, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5251.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5258.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5258.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5248.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5251.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5247.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5257.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5257.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5252.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5245.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5245.1.00000000675bcb72.00000000cfa8fb02.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5252.1.00000000d3035e25.00000000c57598df.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: Process Memory Space: zD1jpTbFQq PID: 5245, type: MEMORYSTR	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 491, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 2062, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 2637, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	SIGKILL sent: pid: 5258, result: unknown	Jump to behavior

Source: classification engine

Classification label: mal60.troj.lin@0/4@0/0

Source: zD1jpTbFQq

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Reads system information from the proc file system

Source: /lib/systemd/systemd-journald (PID: 5280)

Reads from proc file: /proc/meminfo

Jump to behavior

Enumerates processes within the "proc" file system

Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2033/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2033/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1582/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1582/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2275/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2275/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1612/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1612/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1579/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1579/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1699/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1699/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1335/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1335/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1698/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1698/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2028/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2028/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1334/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1334/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1576/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1576/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2302/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2302/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/3236/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/3236/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2025/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2025/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2146/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2146/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/912/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/912/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/759/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/759/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2307/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2307/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/918/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/918/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1594/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1594/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2285/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2285/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2281/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2281/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1349/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1349/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1623/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1623/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/761/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/761/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1622/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1622/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/884/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/884/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1983/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1983/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2038/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2038/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1586/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1586/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1465/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1465/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1344/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1344/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1860/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1860/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1463/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1463/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2156/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2156/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/800/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/800/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/801/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/801/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1629/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1629/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1627/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1627/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1900/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1900/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/491/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/491/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2294/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2294/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2050/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/2050/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1877/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1877/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/772/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/772/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1633/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1633/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1599/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1599/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1632/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1632/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1477/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1477/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/774/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/774/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1476/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1476/numa_maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1872/maps	Jump to behavior
Source: /tmp/zD1jpTbFQq (PID: 5258)	File opened: /proc/1872/numa_maps	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42810
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42814
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42828
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42844
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42858
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42872
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42886
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42902
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42938
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42954
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42962
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42970
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42980
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42988
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 42996
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43008
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43018
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43032
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43042
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43048
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43052
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43056
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43058
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43062
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43066
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 43072

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/zD1jpTbFQq (PID: 5245)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5280)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5294)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5296)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5302)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5308)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xfsettingsd (PID: 5314)	Queries kernel information via 'uname':	Jump to behavior

Source: zD1jpTbFQq, 5245.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: zD1jpTbFQq, 5247.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: zD1jpTbFQq, 5245.1.00000000bd7700cf.00000000651ef148.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: zD1jpTbFQq, 5245.1.00000000f8a03f89.000000008d251a34.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: zD1jpTbFQq, 5245.1.00000000f8a03f89.000000008d251a34.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/zD1jpTbFQqSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/zD1jpTbFQq

ID:	518915
Product:	CloudBasic
Start time:	04:52:18
Start date:	10.11.2021
Sample:	zD1jpTbFQq
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	e06f0a88a25db599d47dadb03907ef00
SHA1:	ee8da3d3dffde40ef93700991aa5d472d760fda5
SHA256:	f3f57dc399b0dc7bbe3a019afb7d7402c40274deea75b2cc605ff13e94229c71
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report zD1jpTbFQq

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Screenshots

Network Map

Contacted Public IPs