Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528722
MD5:	3b7e5f47f36d3c7e8c1b0be36958c63b
SHA1:	ad2bb5cbc9949505da9c889f7ac2b3329a205cba
SHA256:	0cdd9ffe7f7029cf784dd6b3a3356e728ec43e33d4101ea54efc95641fac48b5
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Deletes system log files

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	ReversingLabs: Detection: 39%
Source: na.elf	Virustotal: Detection: 29%			Perma Link

Found strings indicative of a multi-platform dropper

Source: na.elf

String: l/proc//exewgetinitcurltftp/fdsocketproc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin/

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 145.78.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.155.22.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 164.184.255.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.6.32.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 58.222.84.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.230.225.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 51.246.133.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.86.125.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.158.46.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 244.132.19.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.54.111.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.147.142.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 152.74.113.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 206.40.48.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.227.37.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 190.91.81.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.47.225.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.97.152.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 88.7.20.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.45.27.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.139.228.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 129.51.235.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 125.137.43.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.219.24.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 77.44.197.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.212.187.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:41980 -> 154.223.21.228:7193
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.28.50.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.63.183.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.133.29.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.139.93.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 91.198.147.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.11.127.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.242.227.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.47.185.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.151.83.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 148.62.88.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 191.24.251.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.155.39.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.178.12.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.126.110.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.80.255.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.80.88.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 93.186.246.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 144.67.46.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 49.163.24.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.222.9.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.96.8.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.45.235.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.241.173.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 166.16.81.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.169.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 4.130.1.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.150.225.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 119.147.98.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.18.250.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 9.236.70.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.28.29.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.229.144.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.55.27.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 107.5.1.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.183.16.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.114.251.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.17.182.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.147.150.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.188.109.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 68.118.88.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 195.224.198.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.185.167.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.26.62.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 44.62.167.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 90.147.163.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.155.97.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.54.71.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.228.193.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.15.110.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.53.227.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 252.15.244.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.236.246.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 180.239.190.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.105.64.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.106.46.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 164.206.235.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.35.12.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.142.76.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.4.115.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.115.86.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.164.41.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 95.25.114.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 55.112.148.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 20.14.222.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 116.33.148.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 37.16.193.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.177.60.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 205.15.64.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.234.192.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 88.132.132.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.215.88.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.75.143.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.225.103.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 96.3.83.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.72.116.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.152.31.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.38.149.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.121.168.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.178.133.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.161.247.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.2.0.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 89.156.0.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 121.173.183.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 34.185.35.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.165.196.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.44.49.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.14.226.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.152.251.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.29.210.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.203.122.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.97.201.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.120.170.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.53.41.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 67.135.216.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.23.21.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.98.127.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.35.152.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.3.118.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.201.71.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 247.96.238.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.190.129.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.156.255.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 208.150.68.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.29.94.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.120.125.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 32.230.54.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 19.172.81.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.132.149.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.92.31.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 196.97.218.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 57.124.156.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.35.62.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 251.17.63.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 33.200.42.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.178.253.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.136.35.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.254.109.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 85.133.88.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 176.73.85.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 183.61.199.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.110.159.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.254.157.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.45.126.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 141.161.56.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.170.74.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 154.233.29.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.152.194.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 166.89.137.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 128.11.126.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 191.144.91.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.69.78.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.212.255.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.65.114.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 24.4.62.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.119.57.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 110.21.49.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.229.245.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.220.88.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.228.9.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.224.245.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 153.62.196.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.130.90.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.158.143.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 147.195.185.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.39.52.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 104.58.13.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.189.166.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.246.87.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.42.119.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 63.217.80.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.182.13.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.92.154.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 54.157.141.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 66.91.16.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.7.187.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.177.237.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.242.83.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 147.233.175.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.129.105.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 122.46.194.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.73.65.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 250.157.190.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.103.38.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.142.250.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.71.171.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.135.250.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.143.240.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 135.11.21.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 182.203.58.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.38.109.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.224.140.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.25.24.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.54.41.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.242.3.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.96.60.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.118.76.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 246.236.51.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 93.207.207.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 129.147.214.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.48.198.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.120.232.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.150.126.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.211.182.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.217.73.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 77.159.30.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.182.65.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.224.107.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.160.210.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.31.226.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 85.16.72.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 31.172.60.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 168.162.233.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 75.152.180.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.125.56.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.0.241.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.32.214.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.43.177.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.161.36.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 23.29.237.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 6.13.64.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.245.208.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 150.115.202.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 119.221.202.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 60.115.55.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.183.112.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.255.91.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.97.128.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 200.95.33.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.23.56.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.147.245.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 44.159.251.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 99.4.45.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 189.252.192.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.160.60.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 62.84.143.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 111.252.205.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 114.172.97.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 33.55.241.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.26.158.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 125.73.21.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.168.116.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 89.245.249.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 240.151.146.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.13.189.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.91.26.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 134.207.215.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.108.177.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.202.132.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 190.162.106.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.113.18.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 84.125.44.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.111.5.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 144.234.95.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 40.107.153.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.234.29.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.73.92.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.126.159.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.245.125.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.185.150.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 255.48.232.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.93.240.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 79.167.200.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.190.208.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.231.138.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 107.114.178.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 160.47.40.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 252.13.242.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 114.212.232.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.158.138.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.92.136.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.22.74.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.39.218.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.39.113.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 58.21.186.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.254.167.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.3.90.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 56.251.53.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.192.13.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 202.15.113.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 22.21.94.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 135.216.41.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 50.97.212.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.4.93.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.15.106.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.10.66.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 148.174.139.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 64.69.3.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.196.207.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 104.111.2.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 3.78.230.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.47.112.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 96.79.30.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.72.132.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.47.89.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 82.135.141.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.156.253.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.118.123.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.224.228.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 36.198.206.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.81.208.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 255.77.197.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.83.106.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 74.146.71.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.248.140.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 43.53.110.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 206.78.139.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.233.23.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.23.99.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.3.142.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 203.112.204.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 216.77.237.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.76.171.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 94.234.172.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.176.11.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.48.27.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.68.62.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.106.89.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 200.164.15.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.125.236.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.238.196.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.95.190.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.230.79.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.9.201.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 161.188.26.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.43.203.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 30.131.89.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.159.23.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 78.124.143.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.124.217.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 59.10.49.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.165.181.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 106.228.127.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.102.63.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 51.219.195.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.80.67.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 27.95.112.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.124.201.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.22.50.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 169.182.113.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.213.174.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.75.36.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 208.223.131.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 134.201.166.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 120.210.6.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.172.122.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 178.67.83.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.156.63.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 54.225.79.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.79.106.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 177.93.117.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 182.171.9.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 170.124.158.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 132.121.186.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 137.28.127.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 4.99.115.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.40.184.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.202.137.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.239.13.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.151.21.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.42.182.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.52.237.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.228.255.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 7.116.115.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 38.98.246.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 92.6.168.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.98.95.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.179.70.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 151.116.21.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 84.109.70.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 113.11.224.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 95.224.27.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.238.5.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.103.213.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.135.54.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.185.215.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.39.160.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 80.189.170.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.239.237.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 80.49.135.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.161.69.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 145.182.63.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.42.107.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.45.57.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.152.235.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 30.107.113.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 63.125.83.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 141.126.40.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.236.237.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.128.161.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 22.0.131.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.212.198.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.240.133.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 194.124.59.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.241.142.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.150.27.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.48.98.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 253.41.69.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 53.102.228.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.227.167.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 212.230.114.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.194.177.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 35.136.7.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.187.142.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.153.129.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.237.29.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 250.61.141.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.234.134.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 165.121.216.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 183.58.38.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.22.98.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.6.109.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 38.31.61.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.226.99.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 70.8.195.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 176.33.139.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.23.223.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 216.38.216.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.81.107.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 42.218.62.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.62.147.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.25.207.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.209.183.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.13.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.43.46.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.70.137.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 31.187.43.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.87.247.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.168.42.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.134.206.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.112.218.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 36.181.74.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 177.128.79.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.46.161.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.238.1.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.47.24.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 56.4.159.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 59.197.212.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.180.229.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 23.64.66.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.226.107.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 116.243.190.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.251.13.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.150.152.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.63.243.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.186.190.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.200.18.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.61.61.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.108.61.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.152.76.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 205.155.215.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.178.204.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 110.119.52.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 113.246.31.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 3.151.63.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.234.124.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.119.129.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 160.46.136.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.245.211.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 153.54.26.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 75.177.57.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.30.208.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.148.88.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 53.183.210.37:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.78.148.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.119.114.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.162.95.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.178.250.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.66.56.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.134.132.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.216.213.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.185.13.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.118.103.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.198.252.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.219.160.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 118.194.45.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.159.64.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.254.7.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.240.250.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.153.150.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 251.114.223.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.230.160.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.100.189.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.202.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.100.19.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 14.226.209.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 11.19.73.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 122.233.109.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.247.16.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.16.119.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.77.103.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 50.143.110.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.138.49.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.61.105.142:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5544)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 145.78.233.99
Source: unknown	TCP traffic detected without corresponding DNS query: 116.106.169.99
Source: unknown	TCP traffic detected without corresponding DNS query: 250.34.216.105
Source: unknown	TCP traffic detected without corresponding DNS query: 131.150.158.212
Source: unknown	TCP traffic detected without corresponding DNS query: 249.155.22.7
Source: unknown	TCP traffic detected without corresponding DNS query: 245.217.169.19
Source: unknown	TCP traffic detected without corresponding DNS query: 69.150.23.7
Source: unknown	TCP traffic detected without corresponding DNS query: 129.166.76.199
Source: unknown	TCP traffic detected without corresponding DNS query: 218.176.77.184
Source: unknown	TCP traffic detected without corresponding DNS query: 164.184.255.206
Source: unknown	TCP traffic detected without corresponding DNS query: 197.129.199.120
Source: unknown	TCP traffic detected without corresponding DNS query: 142.97.18.100
Source: unknown	TCP traffic detected without corresponding DNS query: 214.79.193.96
Source: unknown	TCP traffic detected without corresponding DNS query: 144.59.177.206
Source: unknown	TCP traffic detected without corresponding DNS query: 201.211.21.86
Source: unknown	TCP traffic detected without corresponding DNS query: 155.228.49.102
Source: unknown	TCP traffic detected without corresponding DNS query: 90.7.128.40
Source: unknown	TCP traffic detected without corresponding DNS query: 165.102.26.188
Source: unknown	TCP traffic detected without corresponding DNS query: 75.200.216.173
Source: unknown	TCP traffic detected without corresponding DNS query: 1.84.240.159
Source: unknown	TCP traffic detected without corresponding DNS query: 2.140.184.115
Source: unknown	TCP traffic detected without corresponding DNS query: 39.107.188.238
Source: unknown	TCP traffic detected without corresponding DNS query: 219.153.50.95
Source: unknown	TCP traffic detected without corresponding DNS query: 181.214.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 246.185.139.196
Source: unknown	TCP traffic detected without corresponding DNS query: 20.74.142.185
Source: unknown	TCP traffic detected without corresponding DNS query: 222.191.120.147
Source: unknown	TCP traffic detected without corresponding DNS query: 82.249.255.118
Source: unknown	TCP traffic detected without corresponding DNS query: 98.6.32.20
Source: unknown	TCP traffic detected without corresponding DNS query: 191.20.77.177
Source: unknown	TCP traffic detected without corresponding DNS query: 135.186.112.39
Source: unknown	TCP traffic detected without corresponding DNS query: 70.112.94.84
Source: unknown	TCP traffic detected without corresponding DNS query: 162.95.189.121
Source: unknown	TCP traffic detected without corresponding DNS query: 58.222.84.239
Source: unknown	TCP traffic detected without corresponding DNS query: 73.173.109.120
Source: unknown	TCP traffic detected without corresponding DNS query: 35.75.134.19
Source: unknown	TCP traffic detected without corresponding DNS query: 47.200.183.239
Source: unknown	TCP traffic detected without corresponding DNS query: 166.87.47.172
Source: unknown	TCP traffic detected without corresponding DNS query: 85.172.173.251
Source: unknown	TCP traffic detected without corresponding DNS query: 219.202.249.128
Source: unknown	TCP traffic detected without corresponding DNS query: 52.78.58.207
Source: unknown	TCP traffic detected without corresponding DNS query: 96.229.148.77
Source: unknown	TCP traffic detected without corresponding DNS query: 12.184.143.204
Source: unknown	TCP traffic detected without corresponding DNS query: 116.78.14.140
Source: unknown	TCP traffic detected without corresponding DNS query: 199.109.31.198
Source: unknown	TCP traffic detected without corresponding DNS query: 213.194.53.183
Source: unknown	TCP traffic detected without corresponding DNS query: 194.59.254.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.152.16.170
Source: unknown	TCP traffic detected without corresponding DNS query: 26.172.248.97
Source: unknown	TCP traffic detected without corresponding DNS query: 12.167.14.25

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.evad.linELF@0/0@2/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5548)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5548)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5548)

Log files deleted: /var/log/kern.log

Jump to behavior

ELF contains segments with high entropy indicating compressed/encrypted content

Source: na.elf

Submission file: segment LOAD with 7.001 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5544)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5544.1.00007ffc5d3f0000.00007ffc5d411000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5544.1.00007ffc5d3f0000.00007ffc5d411000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: na.elf, 5544.1.0000560d61314000.0000560d61377000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: na.elf, 5544.1.0000560d61314000.0000560d61377000.rw-.sdmp	Binary or memory string: V5!/etc/qemu-binfmt/sh4

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
82.26.236.250	unknown	United Kingdom	5089	NTLGB	false
193.155.36.160	unknown	Germany	702	UUNETUS	false
14.14.232.194	unknown	Japan	131959	YOUTVYOUCommunicationsCorporationJP	false
248.157.47.244	unknown	Reserved	unknown	unknown	false
115.210.228.58	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
149.22.102.40	unknown	United States	48945	IFNL-ASGB	false
58.86.168.109	unknown	Taiwan; Republic of China (ROC)	18042	KBTKoosBroadbandTelecomTW	false
39.229.238.197	unknown	Indonesia	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
3.214.53.107	unknown	United States	14618	AMAZON-AESUS	false
197.247.118.60	unknown	Morocco	36925	ASMediMA	false
56.236.109.159	unknown	United States	2686	ATGS-MMD-ASUS	false
245.165.248.39	unknown	Reserved	unknown	unknown	false
14.165.161.12	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
123.165.168.0	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
93.213.159.150	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
181.145.111.22	unknown	Colombia	26611	COMCELSACO	false
139.100.146.219	unknown	France	2278	ORANGELABSOrangeLabsOLPSEU	false
112.37.42.24	unknown	China	24444	CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany	false
101.155.120.112	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
100.119.198.255	unknown	Reserved	701	UUNETUS	false
49.25.247.194	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
168.68.41.219	unknown	United States	4152	USDA-1US	false
89.254.83.74	unknown	Norway	41483	NWN-ASformerNetworkNorwayAutonomousSystemNO	false
247.96.144.188	unknown	Reserved	unknown	unknown	false
107.211.214.80	unknown	United States	7018	ATT-INTERNET4US	false
2.147.123.180	unknown	Iran (ISLAMIC Republic Of)	44244	IRANCELL-ASIR	false
250.149.174.49	unknown	Reserved	unknown	unknown	false
114.239.75.206	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
81.221.227.21	unknown	Switzerland	1836	GREENgreenchAGAutonomousSystemEU	false
18.221.123.81	unknown	United States	16509	AMAZON-02US	false
252.156.125.192	unknown	Reserved	unknown	unknown	false
28.178.221.220	unknown	United States	7922	COMCAST-7922US	false
84.113.33.37	unknown	Austria	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
78.119.70.108	unknown	France	8228	CEGETEL-ASFR	false
89.189.49.194	unknown	Italy	48544	TECNOADSL-ASIT	false
156.19.217.38	unknown	United States	20115	CHARTER-20115US	false
31.71.147.67	unknown	United Kingdom	12576	EELtdGB	false
219.228.232.242	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
98.169.148.231	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
27.65.70.96	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
94.49.114.75	unknown	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
140.27.229.27	unknown	United States	23700	FASTNET-AS-IDLinknet-FastnetASNID	false
83.232.60.238	unknown	Netherlands	1136	KPNKPNNationalEU	false
109.50.110.204	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
47.136.40.216	unknown	United States	5650	FRONTIER-FRTRUS	false
174.66.57.240	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
212.126.114.245	unknown	Iraq	209565	ALSARDFIBERIQ	false
194.216.214.105	unknown	United Kingdom	702	UUNETUS	false
246.184.35.251	unknown	Reserved	unknown	unknown	false
72.120.248.199	unknown	United States	22394	CELLCOUS	false
58.121.228.87	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
21.137.9.36	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
73.81.32.135	unknown	United States	7922	COMCAST-7922US	false
62.117.177.214	unknown	Spain	12430	VODAFONE_ESES	false
98.148.193.48	unknown	United States	20001	TWC-20001-PACWESTUS	false
179.212.44.8	unknown	Brazil	28573	CLAROSABR	false
52.222.183.53	unknown	United States	16509	AMAZON-02US	false
166.152.139.122	unknown	United States	22394	CELLCOUS	false
93.8.219.206	unknown	France	15557	LDCOMNETFR	false
120.194.122.144	unknown	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
16.3.142.229	unknown	United States	unknown	unknown	false
84.240.158.199	unknown	Italy	2594	ASN-CSIIT	false
183.71.211.216	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
160.126.83.198	unknown	United States	1959	DNIC-AS-01959US	false
86.254.157.161	unknown	France	3215	FranceTelecom-OrangeFR	false
106.232.88.64	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
136.130.192.131	unknown	United States	60311	ONEFMCH	false
243.48.168.67	unknown	Reserved	unknown	unknown	false
1.253.210.140	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
162.143.204.20	unknown	United States	394283	BEACON-HEALTH-SYSTEMUS	false
32.206.187.36	unknown	United States	2686	ATGS-MMD-ASUS	false
16.211.51.70	unknown	United States	unknown	unknown	false
75.115.244.9	unknown	United States	33363	BHN-33363US	false
190.96.153.48	unknown	Colombia	3816	COLOMBIATELECOMUNICACIONESSAESPCO	false
197.152.229.125	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
76.115.85.201	unknown	United States	7922	COMCAST-7922US	false
58.137.181.91	unknown	Thailand	4750	CSLOXINFO-AS-APCSLOXINFOPUBLICCOMPANYLIMITEDTH	false
211.98.148.11	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
171.53.230.235	unknown	India	9874	STARHUB-MOBILEStarHubLtdSG	false
29.10.45.93	unknown	United States	7922	COMCAST-7922US	false
187.233.251.48	unknown	Mexico	8151	UninetSAdeCVMX	false
99.25.229.93	unknown	United States	7018	ATT-INTERNET4US	false
84.198.245.41	unknown	Belgium	6848	TELENET-ASBE	false
4.108.169.108	unknown	United States	3356	LEVEL3US	false
62.242.47.129	unknown	Denmark	3292	TDCTDCASDK	false
134.23.230.189	unknown	United States	10702	INL-ASUS	false
24.82.33.77	unknown	Canada	6327	SHAWCA	false
207.178.153.97	unknown	United States	5033	AS5033US	false
34.104.155.0	unknown	United States	15169	GOOGLEUS	false
147.251.29.56	unknown	Czech Republic	2852	CESNET2CZ	false
179.56.136.138	unknown	Chile	14117	TelefonicadelSurSACL	false
81.160.140.120	unknown	Hungary	30904	KOZHALO-ASHU	false
90.245.30.49	unknown	United Kingdom	5378	VodafoneGB	false
49.77.5.15	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
34.94.213.2	unknown	United States	15169	GOOGLEUS	false
206.211.149.89	unknown	United States	17369	CHAPNETUS	false
210.110.159.166	unknown	Korea Republic of	1237	KREONET-AS-KRKISTIKR	false
36.111.209.36	unknown	China	134756	CHINANET-NANJING-IDCCHINANETNanjingIDCnetworkCN	false
214.124.210.10	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
159.142.215.21	unknown	United States	2714	GSA-GOVUS	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.24	true

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	ReversingLabs: Detection: 39%
Source: na.elf	Virustotal: Detection: 29%			Perma Link

Found strings indicative of a multi-platform dropper

Source: na.elf

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 145.78.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.155.22.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 164.184.255.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.6.32.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 58.222.84.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.230.225.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 51.246.133.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.86.125.124:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.158.46.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 244.132.19.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.54.111.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.147.142.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 152.74.113.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 206.40.48.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.227.37.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 190.91.81.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.47.225.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.97.152.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 88.7.20.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.45.27.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.139.228.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 129.51.235.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 125.137.43.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.219.24.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 77.44.197.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.212.187.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:41980 -> 154.223.21.228:7193
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.28.50.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.63.183.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.133.29.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.139.93.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 91.198.147.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.11.127.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.242.227.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.47.185.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.151.83.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 148.62.88.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 191.24.251.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.155.39.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.178.12.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.126.110.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.80.255.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.80.88.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 93.186.246.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 144.67.46.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 49.163.24.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 26.222.9.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.96.8.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.45.235.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.241.173.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 166.16.81.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.169.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 4.130.1.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.150.225.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 119.147.98.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.18.250.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 9.236.70.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.28.29.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.229.144.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.55.27.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 107.5.1.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.183.16.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.114.251.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.17.182.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.147.150.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.188.109.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 68.118.88.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 195.224.198.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.185.167.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.26.62.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 44.62.167.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 90.147.163.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.155.97.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.54.71.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.228.193.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.15.110.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.53.227.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 252.15.244.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.236.246.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 180.239.190.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.105.64.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.106.46.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 164.206.235.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.35.12.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.142.76.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.4.115.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.115.86.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.164.41.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 95.25.114.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 55.112.148.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 20.14.222.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 116.33.148.183:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 37.16.193.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.177.60.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 205.15.64.43:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.234.192.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 88.132.132.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.215.88.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.75.143.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.225.103.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 96.3.83.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.72.116.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.152.31.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.38.149.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.121.168.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.178.133.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.161.247.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 185.2.0.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 89.156.0.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 121.173.183.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 34.185.35.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.165.196.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.44.49.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.14.226.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.152.251.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 41.29.210.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.203.122.9:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 215.97.201.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.120.170.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.53.41.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 67.135.216.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.23.21.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.98.127.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.35.152.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.3.118.196:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.201.71.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 247.96.238.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.190.129.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.156.255.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 208.150.68.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.29.94.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.120.125.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 32.230.54.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 19.172.81.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 28.132.149.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.92.31.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 196.97.218.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 57.124.156.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.35.62.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 251.17.63.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 33.200.42.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.178.253.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.136.35.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.254.109.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 85.133.88.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 176.73.85.20:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 183.61.199.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.110.159.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.254.157.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.45.126.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 141.161.56.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.170.74.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 154.233.29.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.152.194.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 166.89.137.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 128.11.126.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 191.144.91.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.69.78.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.212.255.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.65.114.214:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 24.4.62.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.119.57.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 110.21.49.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.229.245.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.220.88.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.228.9.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.224.245.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 153.62.196.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.130.90.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.158.143.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 147.195.185.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.39.52.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 104.58.13.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.189.166.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.246.87.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.42.119.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 63.217.80.132:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.182.13.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.92.154.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 54.157.141.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 66.91.16.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.7.187.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.177.237.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.242.83.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 147.233.175.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 130.129.105.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 122.46.194.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.73.65.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 250.157.190.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.103.38.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.142.250.143:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.71.171.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.135.250.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.143.240.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 135.11.21.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 182.203.58.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.38.109.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 242.224.140.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.25.24.192:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.54.41.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.242.3.80:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.96.60.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.118.76.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 246.236.51.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 93.207.207.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 129.147.214.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.48.198.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.120.232.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.150.126.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.211.182.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.217.73.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 77.159.30.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.182.65.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.224.107.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.160.210.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.31.226.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 85.16.72.209:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 31.172.60.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 168.162.233.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 75.152.180.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.125.56.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.0.241.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.32.214.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.43.177.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.161.36.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 23.29.237.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 6.13.64.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.245.208.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 150.115.202.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 119.221.202.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 60.115.55.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.183.112.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.255.91.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.97.128.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 200.95.33.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.23.56.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.147.245.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 44.159.251.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 99.4.45.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 189.252.192.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.160.60.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 62.84.143.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 111.252.205.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 114.172.97.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 33.55.241.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.26.158.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 125.73.21.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.168.116.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 89.245.249.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 240.151.146.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.13.189.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.91.26.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 134.207.215.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.108.177.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.202.132.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 190.162.106.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.113.18.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 84.125.44.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.111.5.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 144.234.95.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 40.107.153.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.234.29.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.73.92.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 87.126.159.236:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.245.125.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 167.185.150.164:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 255.48.232.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.93.240.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 79.167.200.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.190.208.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.231.138.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 107.114.178.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 160.47.40.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 252.13.242.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 114.212.232.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.158.138.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.92.136.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.22.74.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.39.218.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 17.39.113.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 58.21.186.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.254.167.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.3.90.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 56.251.53.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 163.192.13.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 202.15.113.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 22.21.94.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 135.216.41.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 50.97.212.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 248.4.93.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.15.106.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.10.66.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 148.174.139.220:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 64.69.3.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.196.207.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 104.111.2.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 3.78.230.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 98.47.112.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 96.79.30.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.72.132.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 146.47.89.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 82.135.141.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.156.253.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.118.123.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.224.228.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 36.198.206.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 174.81.208.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 255.77.197.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.83.106.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 74.146.71.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 157.248.140.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 43.53.110.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 206.78.139.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.233.23.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.23.99.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.3.142.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 203.112.204.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 216.77.237.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.76.171.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 94.234.172.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.176.11.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 12.48.27.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.68.62.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.106.89.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 200.164.15.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.125.236.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.238.196.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.95.190.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.230.79.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 142.9.201.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 161.188.26.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.43.203.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 30.131.89.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.159.23.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 78.124.143.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.124.217.187:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 59.10.49.145:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.165.181.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 106.228.127.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.102.63.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 51.219.195.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.80.67.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 27.95.112.92:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.124.201.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 101.22.50.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 169.182.113.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.213.174.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 179.75.36.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 208.223.131.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 134.201.166.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 120.210.6.240:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.172.122.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 178.67.83.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 1.156.63.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 54.225.79.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.79.106.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 177.93.117.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 182.171.9.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 170.124.158.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 132.121.186.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 137.28.127.189:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 4.99.115.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.40.184.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.202.137.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.239.13.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.151.21.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 221.42.182.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 103.52.237.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 198.228.255.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 7.116.115.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 38.98.246.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 92.6.168.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 155.98.95.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.179.70.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 151.116.21.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 84.109.70.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 113.11.224.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 95.224.27.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.238.5.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 48.103.213.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.135.54.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 222.185.215.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.39.160.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 80.189.170.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.239.237.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 80.49.135.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 16.161.69.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 145.182.63.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.42.107.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.45.57.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.152.235.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 30.107.113.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 63.125.83.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 141.126.40.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 83.236.237.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 39.128.161.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 22.0.131.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.212.198.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 245.240.133.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 194.124.59.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.241.142.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.150.27.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 214.48.98.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 253.41.69.53:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 53.102.228.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.227.167.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 212.230.114.150:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.194.177.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 35.136.7.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 188.187.142.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.153.129.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.237.29.94:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 250.61.141.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 204.234.134.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 165.121.216.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 183.58.38.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 220.22.98.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 126.6.109.243:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 38.31.61.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 52.226.99.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 70.8.195.134:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 176.33.139.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 213.23.223.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 216.38.216.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 47.81.107.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 42.218.62.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.62.147.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 181.25.207.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 138.209.183.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 2.13.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.43.46.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 100.70.137.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 31.187.43.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 72.87.247.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 219.168.42.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 143.134.206.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 109.112.218.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 36.181.74.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 177.128.79.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 131.46.161.250:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.238.1.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.47.24.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 56.4.159.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 59.197.212.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 61.180.229.102:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 23.64.66.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.226.107.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 116.243.190.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 123.251.13.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 217.150.152.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.63.243.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 175.186.190.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 249.200.18.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 140.61.61.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 139.108.61.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.152.76.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 205.155.215.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.178.204.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 110.119.52.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 113.246.31.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 3.151.63.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.234.124.29:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.119.129.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 160.46.136.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.245.211.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 153.54.26.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 75.177.57.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 108.30.208.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 71.148.88.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 53.183.210.37:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 69.78.148.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 159.119.114.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.162.95.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 210.178.250.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 86.66.56.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 18.134.132.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 81.216.213.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 97.185.13.0:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 133.118.103.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 209.198.252.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 65.219.160.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 118.194.45.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.159.64.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 29.254.7.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 199.240.250.30:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 223.153.150.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 251.114.223.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 243.230.160.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 13.100.189.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 117.202.4.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 102.100.19.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 14.226.209.5:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 11.19.73.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 122.233.109.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 112.247.16.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 171.16.119.51:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 187.77.103.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 50.143.110.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 5.138.49.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:23929 -> 173.61.105.142:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5544)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 145.78.233.99
Source: unknown	TCP traffic detected without corresponding DNS query: 116.106.169.99
Source: unknown	TCP traffic detected without corresponding DNS query: 250.34.216.105
Source: unknown	TCP traffic detected without corresponding DNS query: 131.150.158.212
Source: unknown	TCP traffic detected without corresponding DNS query: 249.155.22.7
Source: unknown	TCP traffic detected without corresponding DNS query: 245.217.169.19
Source: unknown	TCP traffic detected without corresponding DNS query: 69.150.23.7
Source: unknown	TCP traffic detected without corresponding DNS query: 129.166.76.199
Source: unknown	TCP traffic detected without corresponding DNS query: 218.176.77.184
Source: unknown	TCP traffic detected without corresponding DNS query: 164.184.255.206
Source: unknown	TCP traffic detected without corresponding DNS query: 197.129.199.120
Source: unknown	TCP traffic detected without corresponding DNS query: 142.97.18.100
Source: unknown	TCP traffic detected without corresponding DNS query: 214.79.193.96
Source: unknown	TCP traffic detected without corresponding DNS query: 144.59.177.206
Source: unknown	TCP traffic detected without corresponding DNS query: 201.211.21.86
Source: unknown	TCP traffic detected without corresponding DNS query: 155.228.49.102
Source: unknown	TCP traffic detected without corresponding DNS query: 90.7.128.40
Source: unknown	TCP traffic detected without corresponding DNS query: 165.102.26.188
Source: unknown	TCP traffic detected without corresponding DNS query: 75.200.216.173
Source: unknown	TCP traffic detected without corresponding DNS query: 1.84.240.159
Source: unknown	TCP traffic detected without corresponding DNS query: 2.140.184.115
Source: unknown	TCP traffic detected without corresponding DNS query: 39.107.188.238
Source: unknown	TCP traffic detected without corresponding DNS query: 219.153.50.95
Source: unknown	TCP traffic detected without corresponding DNS query: 181.214.0.187
Source: unknown	TCP traffic detected without corresponding DNS query: 246.185.139.196
Source: unknown	TCP traffic detected without corresponding DNS query: 20.74.142.185
Source: unknown	TCP traffic detected without corresponding DNS query: 222.191.120.147
Source: unknown	TCP traffic detected without corresponding DNS query: 82.249.255.118
Source: unknown	TCP traffic detected without corresponding DNS query: 98.6.32.20
Source: unknown	TCP traffic detected without corresponding DNS query: 191.20.77.177
Source: unknown	TCP traffic detected without corresponding DNS query: 135.186.112.39
Source: unknown	TCP traffic detected without corresponding DNS query: 70.112.94.84
Source: unknown	TCP traffic detected without corresponding DNS query: 162.95.189.121
Source: unknown	TCP traffic detected without corresponding DNS query: 58.222.84.239
Source: unknown	TCP traffic detected without corresponding DNS query: 73.173.109.120
Source: unknown	TCP traffic detected without corresponding DNS query: 35.75.134.19
Source: unknown	TCP traffic detected without corresponding DNS query: 47.200.183.239
Source: unknown	TCP traffic detected without corresponding DNS query: 166.87.47.172
Source: unknown	TCP traffic detected without corresponding DNS query: 85.172.173.251
Source: unknown	TCP traffic detected without corresponding DNS query: 219.202.249.128
Source: unknown	TCP traffic detected without corresponding DNS query: 52.78.58.207
Source: unknown	TCP traffic detected without corresponding DNS query: 96.229.148.77
Source: unknown	TCP traffic detected without corresponding DNS query: 12.184.143.204
Source: unknown	TCP traffic detected without corresponding DNS query: 116.78.14.140
Source: unknown	TCP traffic detected without corresponding DNS query: 199.109.31.198
Source: unknown	TCP traffic detected without corresponding DNS query: 213.194.53.183
Source: unknown	TCP traffic detected without corresponding DNS query: 194.59.254.22
Source: unknown	TCP traffic detected without corresponding DNS query: 20.152.16.170
Source: unknown	TCP traffic detected without corresponding DNS query: 26.172.248.97
Source: unknown	TCP traffic detected without corresponding DNS query: 12.167.14.25

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.evad.linELF@0/0@2/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5548)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5548)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5548)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5548)

Log files deleted: /var/log/kern.log

Jump to behavior

ELF contains segments with high entropy indicating compressed/encrypted content

Source: na.elf

Submission file: segment LOAD with 7.001 entropy (max. 8.0)

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5544)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5544.1.00007ffc5d3f0000.00007ffc5d411000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5544.1.00007ffc5d3f0000.00007ffc5d411000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: na.elf, 5544.1.0000560d61314000.0000560d61377000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: na.elf, 5544.1.0000560d61314000.0000560d61377000.rw-.sdmp	Binary or memory string: V5!/etc/qemu-binfmt/sh4

ID:	1528722
Product:	CloudBasic
Start time:	09:52:57
Start date:	08.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	3b7e5f47f36d3c7e8c1b0be36958c63b
SHA1:	ad2bb5cbc9949505da9c889f7ac2b3329a205cba
SHA256:	0cdd9ffe7f7029cf784dd6b3a3356e728ec43e33d4101ea54efc95641fac48b5
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
na.elf