Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528721
MD5:	88f2cabba74ce75002d99cb6152e279f
SHA1:	73b5f843185cc931d78699c4cfa6c34da2f5b607
SHA256:	7b2e6cf26da000b0efd7e0b0bb85f45267f10635ea0e4b7c4c6bfd5cc07853fe
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Deletes system log files

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 39%

Found strings indicative of a multi-platform dropper

Source: na.elf

String: /proc//exewgetinitcurltftp/fdsocketproc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin/

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 154.90.62.142 ports 2,3,6,7,8,32876

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.239.228.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.202.21.34:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 49.18.1.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 20.229.73.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.99.44.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.230.228.135:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 41.183.86.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.97.139.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.85.133.255:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.163.181.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.156.120.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 25.38.228.83:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.199.143.140:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.17.253.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.214.192.24:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.190.195.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.187.72.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.41.251.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.120.61.123:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.60.146.197:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.125.225.70:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 137.21.30.232:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.242.124.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:39298 -> 154.90.62.142:32876
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.80.52.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.242.168.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.11.106.36:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.214.5.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.36.98.64:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.245.103.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.150.175.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.234.254.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.181.47.81:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.40.57.132:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 146.107.1.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.17.152.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.186.55.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 38.163.16.42:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 141.146.49.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 113.30.163.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.130.63.175:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.192.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.251.222.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.222.95.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 193.116.138.1:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 58.92.55.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.74.150.228:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.77.242.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.90.23.77:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 89.242.121.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 24.192.182.183:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.106.80.131:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.114.162.164:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.95.124.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.75.72.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 155.216.15.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.93.175.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.134.36.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.102.225.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.115.77.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.91.94.129:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.18.124.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 72.225.88.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 43.177.133.241:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 153.140.47.136:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.251.90.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 22.139.129.157:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.87.185.123:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 27.159.254.231:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.150.94.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.3.209.31:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.184.163.3:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.231.55.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.128.216.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.151.75.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.184.186.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.89.234.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 103.221.14.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.165.100.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 50.156.147.105:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.190.155.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.176.227.53:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 130.236.49.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 53.219.210.44:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.144.212.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.63.213.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 134.169.223.14:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.27.109.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.254.103.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.202.249.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.101.39.121:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 18.228.88.85:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.96.42.255:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.189.163.160:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.34.71.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 196.200.144.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.210.217.47:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 136.156.14.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.131.91.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.47.134.227:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 201.103.156.2:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 38.7.152.104:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.10.111.54:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 99.40.192.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.223.110.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.151.71.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.204.132.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 132.207.126.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 251.242.56.196:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.26.154.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.157.33.128:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.9.90.161:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 23.181.75.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 194.28.255.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.21.52.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.231.90.127:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.64.64.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 197.147.46.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 202.140.253.248:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.173.185.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.83.111.5:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.190.219.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 248.3.37.130:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.141.182.160:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.234.157.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 18.203.61.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 139.4.116.31:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.248.142.135:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.129.182.138:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.51.208.176:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 150.89.232.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 19.247.216.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 210.175.192.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 112.172.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.73.192.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.52.157.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.54.169.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.178.171.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.12.49.40:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.28.19.92:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 251.201.66.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.42.123.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 118.104.111.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.55.138.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.177.157.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.95.224.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.128.29.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.30.186.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 171.43.180.190:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.12.95.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.207.8.154:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.234.198.39:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 240.111.34.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.104.105.17:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 42.48.160.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.3.31.230:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 222.212.83.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.4.236.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.192.58.1:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.252.152.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.177.92.49:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 28.221.169.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.36.92.78:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 58.62.7.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.145.90.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.96.78.14:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.19.165.73:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.42.43.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.206.237.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.201.36.49:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 195.117.58.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 250.60.236.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.64.62.53:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.106.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 202.98.79.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.69.25.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 161.176.124.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.53.20.85:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 88.203.135.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.248.177.202:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.205.128.241:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 9.77.146.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.137.152.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.58.4.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.147.255.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.144.160.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.174.161.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 17.99.153.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 13.95.12.236:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 44.134.126.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.181.21.36:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.121.104.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.21.197.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.217.253.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.243.95.7:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 197.178.152.81:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.75.188.218:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.209.67.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.6.202.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 196.170.219.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 115.190.13.73:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 44.45.173.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.54.12.122:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 179.55.223.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 35.196.193.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 28.111.21.122:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 135.119.23.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 86.104.169.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.201.99.239:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.195.101.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.25.91.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.35.88.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.82.95.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.32.48.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.247.144.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 88.102.70.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.163.45.215:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 198.118.192.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 79.69.32.131:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 219.98.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.25.28.61:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.234.133.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.71.196.215:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.158.50.111:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.0.193.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 141.3.206.200:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 121.109.5.234:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.79.30.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.63.2.197:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.246.118.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 26.25.98.140:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 99.90.240.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.141.67.144:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.148.154.104:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 65.145.72.169:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.240.7.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 33.62.75.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 65.37.131.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.129.41.121:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 82.76.74.33:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.36.112.20:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.216.56.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.23.198.32:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.241.48.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 34.201.162.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.194.113.22:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 97.118.147.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.20.112.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 132.184.34.174:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.65.111.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 189.53.99.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.159.149.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.51.213.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.47.113.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.113.19.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 156.39.211.203:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.69.149.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.215.121.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 146.131.221.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.165.110.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.115.68.252:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 163.112.82.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 74.23.56.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.0.90.249:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.135.104.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 254.198.64.112:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.19.87.168:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 103.173.235.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 252.146.230.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.88.250.154:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 129.24.226.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 242.132.233.132:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 131.42.198.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.148.89.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.43.9.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.50.162.120:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.206.40.240:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.123.11.245:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.180.17.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 176.141.120.196:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.241.222.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.188.44.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.251.20.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.219.252.92:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 41.1.215.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 35.217.76.3:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.76.240.227:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 36.165.165.180:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 129.96.64.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.5.160.80:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.227.56.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.31.169.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 143.19.106.237:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.182.25.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.10.53.240:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.149.22.5:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 241.107.67.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 22.197.110.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 137.60.94.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.147.190.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.87.95.179:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.152.236.232:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 3.89.56.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 173.99.7.47:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.145.84.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.218.28.150:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 26.242.245.120:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 14.191.208.149:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.28.98.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.115.60.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.21.22.146:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.94.62.234:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.94.171.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.250.6.190:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.65.2.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.159.46.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.80.74.151:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.46.134.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.250.250.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.102.96.177:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.81.96.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.119.43.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.246.185.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 75.212.84.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 51.133.108.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.85.14.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.177.34.230:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 194.77.247.130:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 14.138.86.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 254.245.136.137:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.106.232.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.102.217.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.220.132.238:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.213.133.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.79.244.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.68.155.239:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.63.62.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.232.215.126:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.127.55.203:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 70.183.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.6.152.206:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.28.137.22:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 144.149.179.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.191.46.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.242.177.164:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.55.204.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 19.130.79.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 63.21.247.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.50.203.217:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.14.206.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.34.73.41:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.151.73.60:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.237.249.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.95.168.142:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.217.238.55:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 201.26.196.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 178.122.174.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.178.213.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.144.226.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.165.91.105:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.13.113.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.34.14.115:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.30.230.144:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.152.237.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.97.99.50:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 118.117.63.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.218.56.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 112.9.234.246:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 47.62.67.97:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 170.125.48.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 90.143.13.32:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.93.116.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.133.113.146:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.219.167.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 47.152.163.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.124.180.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 139.29.149.162:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.132.138.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 119.212.209.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 171.149.249.43:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 178.173.73.2:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.0.60.128:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.231.57.166:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.231.105.112:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.219.119.51:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.75.0.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.224.81.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.243.48.156:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 218.100.205.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 3.170.226.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 27.154.254.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.8.75.150:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 170.6.55.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.222.78.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 219.5.114.46:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.109.8.167:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 1.31.125.219:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.187.44.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.23.154.39:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 97.226.134.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.29.136.9:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.121.82.18:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.89.231.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.92.255.113:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.244.153.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 156.68.253.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.126.29.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 154.255.115.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 70.114.27.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.160.67.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.38.185.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.211.179.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 113.84.140.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 105.163.88.233:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.176.40.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.136.112.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.103.15.174:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.180.123.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.58.57.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 245.98.66.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.205.186.237:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.181.155.158:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 1.61.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.190.16.26:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.129.55.134:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 136.50.0.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.122.213.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.138.238.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.92.26.168:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.67.176.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.182.103.34:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 222.239.113.67:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.216.71.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.112.48.79:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.55.89.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.160.164.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.175.108.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.37.66.114:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 157.119.118.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.216.219.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.142.89.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.109.89.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.230.19.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.91.173.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 12.97.121.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.96.41.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 33.177.251.16:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.141.239.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 218.233.26.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.54.147.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 195.221.157.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.183.249.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.215.159.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 134.54.232.97:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 109.66.28.191:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.240.7.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 77.42.44.27:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 161.166.190.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.182.7.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.230.57.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 15.21.64.205:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.247.160.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 4.31.215.248:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.245.49.204:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.237.186.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.61.69.56:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.153.138.4:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.147.50.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.46.133.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.65.99.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.41.133.52:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 214.120.59.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.85.224.134:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.102.30.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.136.252.41:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.40.35.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.225.154.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.128.232.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.158.255.252:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.211.176.136:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.154.152.251:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.36.87.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.199.255.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 245.96.51.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 221.243.66.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 105.172.0.236:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.89.253.149:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 189.199.147.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.63.4.182:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 82.20.236.84:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 100.66.194.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 68.56.182.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 198.148.226.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.121.85.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.107.29.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.15.124.162:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.220.194.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 15.162.184.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.241.92.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.74.69.212:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5526)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 117.239.228.10
Source: unknown	TCP traffic detected without corresponding DNS query: 89.206.164.10
Source: unknown	TCP traffic detected without corresponding DNS query: 186.26.32.10
Source: unknown	TCP traffic detected without corresponding DNS query: 135.180.12.75
Source: unknown	TCP traffic detected without corresponding DNS query: 147.143.148.61
Source: unknown	TCP traffic detected without corresponding DNS query: 252.0.168.177
Source: unknown	TCP traffic detected without corresponding DNS query: 87.227.127.14
Source: unknown	TCP traffic detected without corresponding DNS query: 184.202.21.34
Source: unknown	TCP traffic detected without corresponding DNS query: 215.209.165.190
Source: unknown	TCP traffic detected without corresponding DNS query: 70.150.36.33
Source: unknown	TCP traffic detected without corresponding DNS query: 245.248.34.34
Source: unknown	TCP traffic detected without corresponding DNS query: 3.91.105.236
Source: unknown	TCP traffic detected without corresponding DNS query: 144.48.54.246
Source: unknown	TCP traffic detected without corresponding DNS query: 253.196.90.188
Source: unknown	TCP traffic detected without corresponding DNS query: 116.20.134.94
Source: unknown	TCP traffic detected without corresponding DNS query: 84.40.91.97
Source: unknown	TCP traffic detected without corresponding DNS query: 158.221.38.177
Source: unknown	TCP traffic detected without corresponding DNS query: 219.71.79.162
Source: unknown	TCP traffic detected without corresponding DNS query: 90.207.240.103
Source: unknown	TCP traffic detected without corresponding DNS query: 36.188.128.44
Source: unknown	TCP traffic detected without corresponding DNS query: 3.50.40.74
Source: unknown	TCP traffic detected without corresponding DNS query: 74.106.38.22
Source: unknown	TCP traffic detected without corresponding DNS query: 49.18.1.223
Source: unknown	TCP traffic detected without corresponding DNS query: 45.171.162.123
Source: unknown	TCP traffic detected without corresponding DNS query: 20.229.73.198
Source: unknown	TCP traffic detected without corresponding DNS query: 142.243.70.152
Source: unknown	TCP traffic detected without corresponding DNS query: 131.49.42.95
Source: unknown	TCP traffic detected without corresponding DNS query: 189.7.175.128
Source: unknown	TCP traffic detected without corresponding DNS query: 21.249.195.202
Source: unknown	TCP traffic detected without corresponding DNS query: 176.152.84.207
Source: unknown	TCP traffic detected without corresponding DNS query: 251.213.60.83
Source: unknown	TCP traffic detected without corresponding DNS query: 153.83.43.236
Source: unknown	TCP traffic detected without corresponding DNS query: 7.227.225.159
Source: unknown	TCP traffic detected without corresponding DNS query: 204.244.82.3
Source: unknown	TCP traffic detected without corresponding DNS query: 187.91.7.200
Source: unknown	TCP traffic detected without corresponding DNS query: 92.249.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.221.134.21
Source: unknown	TCP traffic detected without corresponding DNS query: 51.88.105.183
Source: unknown	TCP traffic detected without corresponding DNS query: 242.173.180.151
Source: unknown	TCP traffic detected without corresponding DNS query: 199.206.7.30
Source: unknown	TCP traffic detected without corresponding DNS query: 200.16.151.32
Source: unknown	TCP traffic detected without corresponding DNS query: 133.76.233.169
Source: unknown	TCP traffic detected without corresponding DNS query: 199.124.131.70
Source: unknown	TCP traffic detected without corresponding DNS query: 169.192.248.16
Source: unknown	TCP traffic detected without corresponding DNS query: 165.195.43.173
Source: unknown	TCP traffic detected without corresponding DNS query: 75.75.167.253
Source: unknown	TCP traffic detected without corresponding DNS query: 60.99.44.194
Source: unknown	TCP traffic detected without corresponding DNS query: 21.216.78.186
Source: unknown	TCP traffic detected without corresponding DNS query: 204.18.84.161
Source: unknown	TCP traffic detected without corresponding DNS query: 117.32.170.133

Source: global traffic	DNS traffic detected: DNS query: fortyfivehundred.dyn
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.evad.linELF@0/0@3/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5529)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5529)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5529)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5526)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5526.1.000055adb4ad6000.000055adb4b86000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: na.elf, 5526.1.000055adb4ad6000.000055adb4b86000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: na.elf, 5526.1.00007ffeb2d66000.00007ffeb2d87000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: na.elf, 5526.1.00007ffeb2d66000.00007ffeb2d87000.rw-.sdmp	Binary or memory string: Qx86_64/usr/bin/qemu-ppc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
118.199.108.241	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
97.223.137.165	unknown	United States	6167	CELLCO-PARTUS	false
23.157.212.59	unknown	Reserved	398310	UPNETWIUS	false
169.192.248.16	unknown	United States	37611	AfrihostZA	false
25.212.247.20	unknown	United Kingdom	7922	COMCAST-7922US	false
208.122.122.95	unknown	United States	30221	T3COMUS	false
144.226.226.203	unknown	United States	6157	SPRINTLINK-HOSTINGUS	false
116.49.164.130	unknown	Hong Kong	4760	HKTIMS-APHKTLimitedHK	false
95.220.1.93	unknown	Russian Federation	12714	TI-ASMoscowRussiaRU	false
191.90.88.9	unknown	Colombia	27831	ColombiaMovilCO	false
254.12.145.12	unknown	Reserved	unknown	unknown	false
12.28.159.25	unknown	United States	7018	ATT-INTERNET4US	false
102.99.116.93	unknown	Morocco	36925	ASMediMA	false
188.160.106.215	unknown	Syrian Arab Republic	29256	INT-PDN-STE-ASSTEPDNInternalASSY	false
116.204.117.111	unknown	China	4766	KIXS-AS-KRKoreaTelecomKR	false
108.78.15.37	unknown	United States	7018	ATT-INTERNET4US	false
42.108.135.116	unknown	India	38266	VODAFONE-INVodafoneIndiaLtdIN	false
106.156.231.8	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
60.75.41.26	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
68.100.228.166	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
204.30.147.162	unknown	United States	3356	LEVEL3US	false
245.160.116.213	unknown	Reserved	unknown	unknown	false
54.171.141.178	unknown	United States	16509	AMAZON-02US	false
210.167.241.87	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
130.110.238.155	unknown	United States	600	OARNET-ASUS	false
42.247.156.240	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
133.9.194.10	unknown	Japan	17956	WASEDAWASEDAUniversityJP	false
183.187.72.187	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
208.34.161.32	unknown	United States	1239	SPRINTLINKUS	false
206.117.240.193	unknown	United States	11162	LN-CHILDRENSHOSPITAL-ASNUS	false
69.57.207.184	unknown	United States	13855	CFU-NETUS	false
138.95.59.52	unknown	United States	3549	LVLT-3549US	false
254.202.95.173	unknown	Reserved	unknown	unknown	false
35.237.180.95	unknown	United States	15169	GOOGLEUS	false
125.219.145.57	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
213.51.243.27	unknown	Netherlands	33915	TNF-ASNL	false
19.11.18.75	unknown	United States	3	MIT-GATEWAYSUS	false
194.86.11.10	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
57.182.7.163	unknown	Belgium	2686	ATGS-MMD-ASUS	false
27.43.56.3	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
100.128.4.57	unknown	United States	21928	T-MOBILE-AS21928US	false
122.30.75.207	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
161.191.179.209	unknown	United States	13474	BancodeGaliciayBuenosAiresAR	false
105.45.128.89	unknown	Egypt	37069	MOBINILEG	false
54.195.78.98	unknown	United States	16509	AMAZON-02US	false
183.243.163.249	unknown	China	56048	CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN	false
159.134.214.121	unknown	Ireland	5466	EIRCOMInternetHouseIE	false
84.55.202.65	unknown	Switzerland	12620	TICINOCOMCH	false
154.172.105.123	unknown	Ghana	30986	SCANCOMGH	false
244.63.218.152	unknown	Reserved	unknown	unknown	false
202.54.157.138	unknown	India	4755	TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP	false
36.131.159.152	unknown	China	56044	CMNET-AS-LIAONINGChinaMobilecommunicationscorporationC	false
26.120.91.158	unknown	United States	7922	COMCAST-7922US	false
9.78.108.82	unknown	United States	3356	LEVEL3US	false
212.247.87.101	unknown	Sweden	1257	TELE2EU	false
62.81.167.29	unknown	Spain	6739	ONO-ASCableuropa-ONOES	false
134.118.48.84	unknown	United States	10455	LUCENT-CIOUS	false
149.60.92.113	unknown	United States	16276	OVHFR	false
214.158.169.132	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
113.88.63.52	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
125.156.207.31	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
26.38.52.14	unknown	United States	7922	COMCAST-7922US	false
150.33.8.227	unknown	Japan	9991	SHUDO-UHiroshimaShudoUniversityJP	false
214.182.24.126	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
80.78.149.209	unknown	Czech Republic	12570	ITSELFNetworkandinternetserviceproviderCZ	false
2.231.141.144	unknown	Italy	12874	FASTWEBIT	false
114.154.139.132	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
203.214.124.91	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
83.9.141.205	unknown	Poland	5617	TPNETPL	false
126.187.126.141	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
3.144.63.27	unknown	United States	16509	AMAZON-02US	false
249.190.253.32	unknown	Reserved	unknown	unknown	false
122.217.182.142	unknown	Japan	17506	UCOMARTERIANetworksCorporationJP	false
204.105.138.3	unknown	United States	1239	SPRINTLINKUS	false
154.21.136.159	unknown	United States	174	COGENT-174US	false
9.193.150.3	unknown	United States	3356	LEVEL3US	false
11.156.0.241	unknown	United States	3356	LEVEL3US	false
40.39.119.160	unknown	United States	4249	LILLY-ASUS	false
136.186.88.169	unknown	Australia	58686	SUT-AS-APSwinburneUniversityofTechnologyAU	false
137.118.255.21	unknown	United States	40317	PEOPLESCOMMUNICATIONSUS	false
166.165.102.7	unknown	United States	22394	CELLCOUS	false
205.143.25.56	unknown	United States	30404	BSCL-11US	false
103.209.199.85	unknown	Bangladesh	134180	BRISKSYSTEMS-AS-APMdSharifulIslamTABRISKSYSTEMSBD	false
77.248.144.148	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
129.164.11.206	unknown	United States	297	AS297US	false
198.47.247.21	unknown	United States	10405	UPRR-ASN-01US	false
185.217.185.219	unknown	Lebanon	57852	CSPLB	false
151.23.113.11	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
60.94.29.171	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
98.3.116.184	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
7.19.102.244	unknown	United States	3356	LEVEL3US	false
156.17.39.214	unknown	Poland	8970	WASKWROCMAN-EDUeducationalpartofWASKnetworkWroclaw	false
112.229.131.79	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
153.30.157.3	unknown	United States	6035	DNIC-ASBLK-05800-06055US	false
243.37.28.38	unknown	Reserved	unknown	unknown	false
185.87.0.55	unknown	Germany	42221	ZURKUHL-ASDE	false
11.170.212.97	unknown	United States	3356	LEVEL3US	false
153.95.157.241	unknown	Germany	24635	SYNTAX_SYSTEMS-ASDE	false
32.109.134.57	unknown	United States	2688	ATGS-MMD-ASUS	false
159.26.180.138	unknown	United States	13900	CBNUS	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.24	true
fortyfivehundred.dyn	154.90.62.142	true

AV Detection

Antivirus / Scanner detection for submitted sample

Source: na.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: na.elf

ReversingLabs: Detection: 39%

Found strings indicative of a multi-platform dropper

Source: na.elf

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 154.90.62.142 ports 2,3,6,7,8,32876

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.239.228.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.202.21.34:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 49.18.1.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 20.229.73.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.99.44.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.230.228.135:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 41.183.86.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.97.139.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.85.133.255:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.163.181.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.156.120.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 25.38.228.83:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.199.143.140:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.17.253.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.214.192.24:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.190.195.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.187.72.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.41.251.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.120.61.123:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.60.146.197:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.125.225.70:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 137.21.30.232:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.242.124.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:39298 -> 154.90.62.142:32876
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.80.52.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.242.168.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.11.106.36:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.214.5.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.36.98.64:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.245.103.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.150.175.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.234.254.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.181.47.81:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.40.57.132:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 146.107.1.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.17.152.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.186.55.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 38.163.16.42:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 141.146.49.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 113.30.163.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.130.63.175:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.192.87.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.251.222.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.222.95.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 193.116.138.1:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 58.92.55.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.74.150.228:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.77.242.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.90.23.77:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 89.242.121.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 24.192.182.183:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.106.80.131:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.114.162.164:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.95.124.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.75.72.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 155.216.15.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.93.175.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.134.36.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.102.225.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.115.77.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.91.94.129:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.18.124.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 72.225.88.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 43.177.133.241:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 153.140.47.136:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.251.90.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 22.139.129.157:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.87.185.123:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 27.159.254.231:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.150.94.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.3.209.31:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.184.163.3:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.231.55.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.128.216.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.151.75.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.184.186.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.89.234.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 103.221.14.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.165.100.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 50.156.147.105:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.190.155.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.176.227.53:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 130.236.49.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 53.219.210.44:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.144.212.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.63.213.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 134.169.223.14:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.27.109.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.254.103.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.202.249.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.101.39.121:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 18.228.88.85:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.96.42.255:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.189.163.160:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.34.71.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 196.200.144.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.210.217.47:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 136.156.14.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.131.91.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.47.134.227:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 201.103.156.2:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 38.7.152.104:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.10.111.54:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 99.40.192.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.223.110.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.151.71.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.204.132.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 132.207.126.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 251.242.56.196:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.26.154.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.157.33.128:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.9.90.161:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 23.181.75.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 194.28.255.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.21.52.201:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.231.90.127:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.64.64.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 197.147.46.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 202.140.253.248:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 81.173.185.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.83.111.5:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.190.219.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 248.3.37.130:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.141.182.160:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.234.157.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 18.203.61.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 139.4.116.31:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.248.142.135:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.129.182.138:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.51.208.176:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 150.89.232.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 19.247.216.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 210.175.192.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 112.172.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.73.192.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.52.157.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.54.169.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.178.171.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.12.49.40:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.28.19.92:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 251.201.66.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.42.123.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 118.104.111.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.55.138.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.177.157.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.95.224.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.128.29.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.30.186.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 171.43.180.190:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.12.95.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.207.8.154:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.234.198.39:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 240.111.34.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.104.105.17:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 42.48.160.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.3.31.230:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 222.212.83.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.4.236.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.192.58.1:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.252.152.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.177.92.49:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 28.221.169.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.36.92.78:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 58.62.7.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.145.90.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.96.78.14:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.19.165.73:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.42.43.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.206.237.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.201.36.49:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 195.117.58.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 250.60.236.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.64.62.53:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.106.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 202.98.79.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.69.25.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 161.176.124.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.53.20.85:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 88.203.135.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.248.177.202:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.205.128.241:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 9.77.146.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.137.152.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.58.4.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.147.255.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.144.160.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.174.161.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 17.99.153.94:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 13.95.12.236:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 44.134.126.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.181.21.36:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.121.104.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.21.197.189:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.217.253.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.243.95.7:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 197.178.152.81:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.75.188.218:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 101.209.67.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.6.202.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 196.170.219.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 115.190.13.73:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 44.45.173.125:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.54.12.122:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 179.55.223.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 35.196.193.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 28.111.21.122:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 135.119.23.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 86.104.169.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.201.99.239:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.195.101.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.25.91.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.35.88.10:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 152.82.95.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.32.48.199:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.247.144.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 88.102.70.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.163.45.215:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 198.118.192.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 79.69.32.131:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 219.98.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.25.28.61:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.234.133.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.71.196.215:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.158.50.111:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 151.0.193.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 141.3.206.200:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 121.109.5.234:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.79.30.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 207.63.2.197:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.246.118.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 26.25.98.140:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 99.90.240.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.141.67.144:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.148.154.104:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 65.145.72.169:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.240.7.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 33.62.75.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 65.37.131.15:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 108.129.41.121:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 82.76.74.33:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.36.112.20:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.216.56.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.23.198.32:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.241.48.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 34.201.162.106:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.194.113.22:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 97.118.147.119:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.20.112.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 132.184.34.174:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.65.111.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 189.53.99.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 211.159.149.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.51.213.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.47.113.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.113.19.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 156.39.211.203:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.69.149.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.215.121.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 146.131.221.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.165.110.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.115.68.252:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 163.112.82.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 74.23.56.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.0.90.249:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.135.104.88:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 254.198.64.112:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.19.87.168:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 103.173.235.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 252.146.230.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.88.250.154:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 129.24.226.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 242.132.233.132:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 131.42.198.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.148.89.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.43.9.93:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.50.162.120:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 212.206.40.240:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.123.11.245:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.180.17.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 176.141.120.196:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.241.222.221:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.188.44.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.251.20.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.219.252.92:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 41.1.215.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 35.217.76.3:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.76.240.227:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 36.165.165.180:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 129.96.64.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 69.5.160.80:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.227.56.198:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.31.169.59:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 143.19.106.237:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.182.25.96:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.10.53.240:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 180.149.22.5:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 241.107.67.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 22.197.110.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 137.60.94.48:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 62.147.190.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 66.87.95.179:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.152.236.232:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 3.89.56.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 173.99.7.47:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 76.145.84.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.218.28.150:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 26.242.245.120:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 14.191.208.149:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.28.98.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.115.60.216:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.21.22.146:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 96.94.62.234:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.94.171.186:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.250.6.190:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.65.2.242:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.159.46.209:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.80.74.151:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 205.46.134.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.250.250.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.102.96.177:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 80.81.96.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.119.43.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.246.185.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 75.212.84.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 51.133.108.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 102.85.14.72:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 55.177.34.230:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 194.77.247.130:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 14.138.86.23:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 254.245.136.137:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.106.232.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.102.217.253:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 106.220.132.238:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 203.213.133.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.79.244.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.68.155.239:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.63.62.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 206.232.215.126:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.127.55.203:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 70.183.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.6.152.206:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.28.137.22:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 144.149.179.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 181.191.46.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.242.177.164:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.55.204.75:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 19.130.79.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 63.21.247.145:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 67.50.203.217:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.14.206.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.34.73.41:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 243.151.73.60:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.237.249.100:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.95.168.142:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.217.238.55:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 201.26.196.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 178.122.174.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 110.178.213.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.144.226.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 98.165.91.105:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 120.13.113.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.34.14.115:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 159.30.230.144:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 188.152.237.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.97.99.50:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 118.117.63.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.218.56.19:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 112.9.234.246:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 47.62.67.97:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 170.125.48.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 90.143.13.32:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.93.116.141:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.133.113.146:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.219.167.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 47.152.163.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.124.180.220:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 139.29.149.162:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 94.132.138.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 119.212.209.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 171.149.249.43:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 178.173.73.2:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.0.60.128:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 216.231.57.166:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.231.105.112:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.219.119.51:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 162.75.0.250:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 200.224.81.247:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 191.243.48.156:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 218.100.205.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 3.170.226.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 27.154.254.152:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 247.8.75.150:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 170.6.55.8:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.222.78.214:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 219.5.114.46:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 175.109.8.167:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 1.31.125.219:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 184.187.44.213:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 40.23.154.39:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 97.226.134.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 60.29.136.9:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 165.121.82.18:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 126.89.231.195:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.92.255.113:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.244.153.0:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 156.68.253.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.126.29.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 154.255.115.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 70.114.27.254:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.160.67.211:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 39.38.185.37:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.211.179.25:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 113.84.140.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 105.163.88.233:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 59.176.40.57:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 85.136.112.91:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.103.15.174:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 48.180.123.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.58.57.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 245.98.66.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 2.205.186.237:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 117.181.155.158:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 1.61.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 30.190.16.26:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.129.55.134:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 136.50.0.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.122.213.116:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 183.138.238.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 93.92.26.168:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 6.67.176.62:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.182.103.34:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 222.239.113.67:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 104.216.71.147:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.112.48.79:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.55.89.66:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 169.160.164.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 147.175.108.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 164.37.66.114:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 157.119.118.118:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.216.219.243:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 37.142.89.108:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.109.89.117:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 168.230.19.74:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 83.91.173.181:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 12.97.121.76:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 149.96.41.171:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 33.177.251.16:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 185.141.239.192:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 218.233.26.148:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.54.147.89:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 195.221.157.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 5.183.249.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.215.159.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 134.54.232.97:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 109.66.28.191:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.240.7.165:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 77.42.44.27:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 161.166.190.87:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 57.182.7.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 249.230.57.194:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 15.21.64.205:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 31.247.160.30:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 4.31.215.248:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 123.245.49.204:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 21.237.186.28:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 199.61.69.56:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 213.153.138.4:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.147.50.124:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 29.46.133.110:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 16.65.99.163:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 246.41.133.52:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 214.120.59.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 158.85.224.134:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 186.102.30.223:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.136.252.41:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.40.35.103:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 133.225.154.224:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 46.128.232.208:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 204.158.255.252:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 167.211.176.136:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 95.154.152.251:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 11.36.87.21:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 253.199.255.102:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 245.96.51.222:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 221.243.66.90:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 105.172.0.236:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 220.89.253.149:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 189.199.147.153:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 56.63.4.182:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 82.20.236.84:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 100.66.194.69:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 68.56.182.143:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 198.148.226.13:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 45.121.85.86:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 116.107.29.65:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 84.15.124.162:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 190.220.194.45:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 15.162.184.71:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 148.241.92.187:2323
Source: global traffic	TCP traffic: 192.168.2.15:21956 -> 107.74.69.212:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5526)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 117.239.228.10
Source: unknown	TCP traffic detected without corresponding DNS query: 89.206.164.10
Source: unknown	TCP traffic detected without corresponding DNS query: 186.26.32.10
Source: unknown	TCP traffic detected without corresponding DNS query: 135.180.12.75
Source: unknown	TCP traffic detected without corresponding DNS query: 147.143.148.61
Source: unknown	TCP traffic detected without corresponding DNS query: 252.0.168.177
Source: unknown	TCP traffic detected without corresponding DNS query: 87.227.127.14
Source: unknown	TCP traffic detected without corresponding DNS query: 184.202.21.34
Source: unknown	TCP traffic detected without corresponding DNS query: 215.209.165.190
Source: unknown	TCP traffic detected without corresponding DNS query: 70.150.36.33
Source: unknown	TCP traffic detected without corresponding DNS query: 245.248.34.34
Source: unknown	TCP traffic detected without corresponding DNS query: 3.91.105.236
Source: unknown	TCP traffic detected without corresponding DNS query: 144.48.54.246
Source: unknown	TCP traffic detected without corresponding DNS query: 253.196.90.188
Source: unknown	TCP traffic detected without corresponding DNS query: 116.20.134.94
Source: unknown	TCP traffic detected without corresponding DNS query: 84.40.91.97
Source: unknown	TCP traffic detected without corresponding DNS query: 158.221.38.177
Source: unknown	TCP traffic detected without corresponding DNS query: 219.71.79.162
Source: unknown	TCP traffic detected without corresponding DNS query: 90.207.240.103
Source: unknown	TCP traffic detected without corresponding DNS query: 36.188.128.44
Source: unknown	TCP traffic detected without corresponding DNS query: 3.50.40.74
Source: unknown	TCP traffic detected without corresponding DNS query: 74.106.38.22
Source: unknown	TCP traffic detected without corresponding DNS query: 49.18.1.223
Source: unknown	TCP traffic detected without corresponding DNS query: 45.171.162.123
Source: unknown	TCP traffic detected without corresponding DNS query: 20.229.73.198
Source: unknown	TCP traffic detected without corresponding DNS query: 142.243.70.152
Source: unknown	TCP traffic detected without corresponding DNS query: 131.49.42.95
Source: unknown	TCP traffic detected without corresponding DNS query: 189.7.175.128
Source: unknown	TCP traffic detected without corresponding DNS query: 21.249.195.202
Source: unknown	TCP traffic detected without corresponding DNS query: 176.152.84.207
Source: unknown	TCP traffic detected without corresponding DNS query: 251.213.60.83
Source: unknown	TCP traffic detected without corresponding DNS query: 153.83.43.236
Source: unknown	TCP traffic detected without corresponding DNS query: 7.227.225.159
Source: unknown	TCP traffic detected without corresponding DNS query: 204.244.82.3
Source: unknown	TCP traffic detected without corresponding DNS query: 187.91.7.200
Source: unknown	TCP traffic detected without corresponding DNS query: 92.249.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.221.134.21
Source: unknown	TCP traffic detected without corresponding DNS query: 51.88.105.183
Source: unknown	TCP traffic detected without corresponding DNS query: 242.173.180.151
Source: unknown	TCP traffic detected without corresponding DNS query: 199.206.7.30
Source: unknown	TCP traffic detected without corresponding DNS query: 200.16.151.32
Source: unknown	TCP traffic detected without corresponding DNS query: 133.76.233.169
Source: unknown	TCP traffic detected without corresponding DNS query: 199.124.131.70
Source: unknown	TCP traffic detected without corresponding DNS query: 169.192.248.16
Source: unknown	TCP traffic detected without corresponding DNS query: 165.195.43.173
Source: unknown	TCP traffic detected without corresponding DNS query: 75.75.167.253
Source: unknown	TCP traffic detected without corresponding DNS query: 60.99.44.194
Source: unknown	TCP traffic detected without corresponding DNS query: 21.216.78.186
Source: unknown	TCP traffic detected without corresponding DNS query: 204.18.84.161
Source: unknown	TCP traffic detected without corresponding DNS query: 117.32.170.133

Source: global traffic	DNS traffic detected: DNS query: fortyfivehundred.dyn
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal68.troj.evad.linELF@0/0@3/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5529)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5529)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5529)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5529)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5526)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5526.1.000055adb4ad6000.000055adb4b86000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: na.elf, 5526.1.000055adb4ad6000.000055adb4b86000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: na.elf, 5526.1.00007ffeb2d66000.00007ffeb2d87000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: na.elf, 5526.1.00007ffeb2d66000.00007ffeb2d87000.rw-.sdmp	Binary or memory string: Qx86_64/usr/bin/qemu-ppc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf

ID:	1528721
Product:	CloudBasic
Start time:	09:51:29
Start date:	08.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	88f2cabba74ce75002d99cb6152e279f
SHA1:	73b5f843185cc931d78699c4cfa6c34da2f5b607
SHA256:	7b2e6cf26da000b0efd7e0b0bb85f45267f10635ea0e4b7c4c6bfd5cc07853fe
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
na.elf