Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528794
MD5:	cdfad14bddd20a5f869279c44c218c8d
SHA1:	bab943438df31f06e1f960931a49726ec7338788
SHA256:	160ced7e154719e3c2084fcbd9c23cc8451b96381cb352d53b3fbc24444851a0
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Connects to many ports of the same IP (likely port scanning)

Deletes system log files

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	ReversingLabs: Detection: 44%
Source: na.elf	Virustotal: Detection: 28%			Perma Link

Found strings indicative of a multi-platform dropper

Source: na.elf

String: /proc//exewgetashinitcurltftp/fd/socketproc/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//bin/

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 38.60.198.180 ports 46852,61543,7193,23789,54123,2,3,7,27651,8,9,42061,49376,38429,32876,15987

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.152.35.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.85.151.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.66.163.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 12.165.233.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.110.205.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 101.254.234.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 56.6.250.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 206.135.209.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.5.141.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.220.231.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 43.177.145.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 202.180.73.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 187.34.24.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.163.109.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 131.249.97.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 193.234.64.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.22.40.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.134.21.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 167.237.149.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.253.128.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 219.117.55.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:58960 -> 38.60.198.180:23789
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.61.225.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.112.62.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.127.64.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 178.192.122.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.196.175.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 194.36.107.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.146.177.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.117.29.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.166.89.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.59.34.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 167.150.33.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 219.205.9.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.240.71.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 194.154.53.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 186.254.57.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 43.27.62.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.233.15.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.210.255.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 60.35.76.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 48.125.138.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 206.22.186.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.234.44.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.198.251.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.81.52.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.59.22.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.58.246.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.204.76.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.20.178.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.138.44.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.15.207.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.113.40.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 29.230.11.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 154.197.228.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.62.133.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 188.113.249.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 200.205.210.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 53.22.74.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.32.74.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.240.219.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.4.12.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.112.214.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.92.193.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.105.251.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.148.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 155.242.162.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 29.118.138.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 177.42.236.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 104.113.38.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.98.237.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.90.238.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.188.99.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 207.104.150.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.128.6.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 202.58.63.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.168.104.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 142.136.131.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.166.184.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.72.25.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 80.62.243.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 215.251.47.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 242.132.72.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.52.111.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.197.145.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.188.158.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 99.102.173.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.251.86.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.194.188.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 105.38.123.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 48.189.186.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.54.236.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.106.219.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 107.45.82.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.71.135.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 251.38.148.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.185.74.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.27.114.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 55.132.0.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.184.236.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.202.35.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.20.158.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.221.64.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.85.211.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 23.25.254.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 88.176.250.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 106.33.38.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.116.108.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 89.245.185.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.236.151.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.173.148.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.242.141.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 221.105.14.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 66.79.135.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.146.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.65.175.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 94.164.147.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.232.75.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.173.32.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.155.181.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.149.184.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 243.39.36.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 204.145.138.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.189.222.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.23.27.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 98.242.152.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.213.227.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.37.168.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.167.148.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.99.57.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.15.238.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.220.95.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.37.210.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 164.116.119.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 169.209.221.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 211.54.198.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.24.8.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.88.149.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.108.111.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 60.219.214.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.133.252.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 185.22.78.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.199.115.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.244.3.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 96.77.149.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.26.107.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.236.146.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.222.56.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.215.9.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 246.247.201.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 51.111.115.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 74.45.184.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.108.184.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 251.254.220.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.174.159.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.199.190.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.78.196.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 13.209.187.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.130.21.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 51.52.86.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.101.164.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.189.45.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 25.25.13.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.21.204.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 133.14.173.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.229.193.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.12.4.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 216.78.60.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 61.13.192.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 148.186.174.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.142.24.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.52.124.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.235.84.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 92.234.17.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.53.195.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 17.153.194.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.198.74.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.14.169.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.73.241.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 209.171.41.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.126.38.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 57.121.138.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.179.114.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 223.188.114.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.168.15.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.11.225.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 7.199.27.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 109.120.40.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 90.182.151.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.91.18.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.153.212.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.46.76.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.155.132.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 99.107.131.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.255.101.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 222.86.105.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.0.207.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 9.81.94.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 84.146.26.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.177.149.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.237.198.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 32.104.52.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.95.252.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.97.232.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.242.115.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.234.187.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 243.158.88.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.138.110.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.112.170.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.134.94.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 204.228.27.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.191.66.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 147.160.50.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.54.80.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.238.7.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.194.230.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.109.227.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.115.171.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.45.194.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.53.28.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.118.231.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 112.26.76.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 253.149.61.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.133.156.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.5.150.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 34.66.46.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.230.222.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.56.251.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.227.199.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.159.155.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.25.161.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.25.194.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 218.235.72.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 207.29.20.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.18.21.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 107.124.212.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.82.77.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.111.85.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.14.112.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 55.169.18.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 196.39.24.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.126.34.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 188.22.141.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.178.91.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.87.72.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 54.154.230.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 245.157.55.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.196.82.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.8.125.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.179.152.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.28.158.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.57.62.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.247.51.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 67.83.238.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.63.159.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 132.81.249.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.132.40.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.34.117.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.173.3.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.233.72.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 218.122.253.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.83.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 82.73.172.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.176.190.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.69.226.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.5.157.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 18.127.152.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 15.95.161.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 221.15.137.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 27.69.130.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 98.211.86.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 34.160.158.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.220.55.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 159.255.163.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.196.246.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.56.131.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 44.8.126.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.251.172.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 109.75.102.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.204.85.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.224.219.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.21.138.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 151.152.6.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.241.145.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 56.143.127.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.21.218.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.249.87.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.168.169.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 203.80.118.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.58.62.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 54.69.87.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 121.167.172.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.216.254.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 182.79.71.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.127.133.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.3.158.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.98.51.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 132.189.87.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 209.202.141.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.119.168.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 15.238.82.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.63.40.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 105.13.166.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.181.65.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.18.2.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 46.232.183.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.42.220.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.118.157.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.49.113.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.75.155.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.138.22.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.226.190.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.90.80.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.158.132.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.251.7.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 104.254.149.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 205.224.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 35.169.153.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.107.253.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.106.142.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 215.8.202.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.165.49.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 68.76.217.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.123.105.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.199.212.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 89.249.15.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.105.113.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.139.228.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.79.113.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.169.126.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 248.252.227.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.1.98.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 73.104.246.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.220.54.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.252.50.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.33.187.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.97.142.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.155.215.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.15.37.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 196.73.148.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 190.87.206.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.7.110.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 134.77.235.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 74.1.121.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.20.211.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.242.230.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.115.212.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.15.98.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.114.51.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.130.76.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.173.43.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.18.215.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.135.106.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.32.124.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.39.228.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.74.49.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.178.202.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.188.167.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.98.102.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.145.122.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.128.253.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.231.88.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.165.32.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.83.126.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.163.62.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.120.157.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.90.131.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 121.186.253.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.162.151.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 152.125.191.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.142.205.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.95.159.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 197.69.87.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 246.1.191.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.124.31.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.94.123.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.146.141.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.94.103.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.57.178.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.183.10.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 245.78.255.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 12.228.254.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.74.139.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 244.179.62.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.245.60.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 14.126.28.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.28.236.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 187.142.172.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.165.91.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.102.223.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 84.191.184.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.36.55.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 152.54.94.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.189.26.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.102.60.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 183.3.31.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.54.100.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 13.118.101.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 179.214.212.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 137.37.246.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.234.105.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 103.216.156.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.64.205.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.47.79.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.121.170.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.143.238.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.95.181.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 254.48.195.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 216.80.71.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.203.151.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 82.175.30.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 21.86.62.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.221.123.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.75.64.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.120.176.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.20.170.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 242.231.185.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.104.108.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.111.141.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.133.60.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.131.152.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 64.32.94.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.20.11.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.163.153.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.143.125.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 27.93.159.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 223.222.117.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 112.19.124.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 254.121.149.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.136.24.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 184.106.121.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.28.178.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 190.163.98.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.220.235.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 90.7.198.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.118.39.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 19.4.121.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.112.91.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.159.22.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.215.152.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.251.210.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.139.161.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.190.116.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.3.150.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 68.45.105.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.173.113.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 250.139.236.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 184.122.75.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.222.177.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 159.30.120.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.36.18.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.166.89.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 111.182.202.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 241.58.61.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 50.66.47.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.251.223.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.170.95.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 210.135.86.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 122.21.247.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.190.67.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 94.19.154.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.240.222.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 164.165.230.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.6.24.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.192.250.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.92.198.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.151.7.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.115.17.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.127.75.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 131.153.211.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.154.197.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.162.46.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 130.21.88.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 153.177.185.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.19.45.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 170.17.17.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.165.16.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.82.128.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 119.169.63.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.87.47.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 133.132.132.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.83.195.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 17.171.120.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.179.117.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 19.75.51.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 203.76.206.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 162.204.174.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 71.109.100.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.27.177.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.117.63.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.88.57.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.163.139.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.164.12.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.230.82.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.1.65.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 21.162.42.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.55.73.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 9.46.49.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.243.155.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 177.28.75.195:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5535)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 38.152.35.17
Source: unknown	TCP traffic detected without corresponding DNS query: 242.58.99.17
Source: unknown	TCP traffic detected without corresponding DNS query: 223.100.13.77
Source: unknown	TCP traffic detected without corresponding DNS query: 146.238.231.17
Source: unknown	TCP traffic detected without corresponding DNS query: 57.157.132.214
Source: unknown	TCP traffic detected without corresponding DNS query: 44.57.104.197
Source: unknown	TCP traffic detected without corresponding DNS query: 244.171.12.66
Source: unknown	TCP traffic detected without corresponding DNS query: 189.245.195.169
Source: unknown	TCP traffic detected without corresponding DNS query: 119.202.13.218
Source: unknown	TCP traffic detected without corresponding DNS query: 212.7.212.142
Source: unknown	TCP traffic detected without corresponding DNS query: 240.137.170.167
Source: unknown	TCP traffic detected without corresponding DNS query: 52.76.126.44
Source: unknown	TCP traffic detected without corresponding DNS query: 5.85.151.125
Source: unknown	TCP traffic detected without corresponding DNS query: 243.91.78.219
Source: unknown	TCP traffic detected without corresponding DNS query: 194.190.77.172
Source: unknown	TCP traffic detected without corresponding DNS query: 72.66.163.27
Source: unknown	TCP traffic detected without corresponding DNS query: 103.203.60.121
Source: unknown	TCP traffic detected without corresponding DNS query: 166.65.170.52
Source: unknown	TCP traffic detected without corresponding DNS query: 185.204.251.221
Source: unknown	TCP traffic detected without corresponding DNS query: 62.134.17.104
Source: unknown	TCP traffic detected without corresponding DNS query: 187.107.230.64
Source: unknown	TCP traffic detected without corresponding DNS query: 82.183.83.204
Source: unknown	TCP traffic detected without corresponding DNS query: 172.165.213.95
Source: unknown	TCP traffic detected without corresponding DNS query: 44.75.198.108
Source: unknown	TCP traffic detected without corresponding DNS query: 171.150.42.140
Source: unknown	TCP traffic detected without corresponding DNS query: 134.189.88.183
Source: unknown	TCP traffic detected without corresponding DNS query: 189.8.129.216
Source: unknown	TCP traffic detected without corresponding DNS query: 122.77.80.159
Source: unknown	TCP traffic detected without corresponding DNS query: 222.248.124.1
Source: unknown	TCP traffic detected without corresponding DNS query: 29.214.114.66
Source: unknown	TCP traffic detected without corresponding DNS query: 101.154.204.49
Source: unknown	TCP traffic detected without corresponding DNS query: 201.246.169.112
Source: unknown	TCP traffic detected without corresponding DNS query: 114.181.217.112
Source: unknown	TCP traffic detected without corresponding DNS query: 72.126.182.16
Source: unknown	TCP traffic detected without corresponding DNS query: 3.247.148.237
Source: unknown	TCP traffic detected without corresponding DNS query: 12.165.233.19
Source: unknown	TCP traffic detected without corresponding DNS query: 114.161.29.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.108.150.60
Source: unknown	TCP traffic detected without corresponding DNS query: 41.114.255.75
Source: unknown	TCP traffic detected without corresponding DNS query: 39.50.186.2
Source: unknown	TCP traffic detected without corresponding DNS query: 29.67.169.125
Source: unknown	TCP traffic detected without corresponding DNS query: 77.232.123.250
Source: unknown	TCP traffic detected without corresponding DNS query: 88.171.70.232
Source: unknown	TCP traffic detected without corresponding DNS query: 74.122.223.239
Source: unknown	TCP traffic detected without corresponding DNS query: 145.156.105.89
Source: unknown	TCP traffic detected without corresponding DNS query: 19.37.155.79
Source: unknown	TCP traffic detected without corresponding DNS query: 148.150.177.153
Source: unknown	TCP traffic detected without corresponding DNS query: 212.177.54.67
Source: unknown	TCP traffic detected without corresponding DNS query: 154.121.168.215
Source: unknown	TCP traffic detected without corresponding DNS query: 68.165.163.122

Source: global traffic	DNS traffic detected: DNS query: ru.coziest.lol
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.evad.linELF@0/0@1605/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5538)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5538)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5538)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5535)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5535.1.000055a79e3a0000.000055a79e429000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: na.elf, 5535.1.000055a79e3a0000.000055a79e429000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/sparc
Source: na.elf, 5535.1.00007ffd75c65000.00007ffd75c86000.rw-.sdmp	Binary or memory string: Ix86_64/usr/bin/qemu-sparc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5535.1.00007ffd75c65000.00007ffd75c86000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
86.64.164.128	unknown	France	15557	LDCOMNETFR	false
124.119.5.167	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
175.77.219.216	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
165.124.40.87	unknown	United States	103	NWU-ASUS	false
50.172.211.238	unknown	United States	7922	COMCAST-7922US	false
194.71.102.79	unknown	Sweden	51747	INTERNETBOLAGETSE	false
60.137.44.193	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
123.50.227.215	unknown	Japan	9614	OCTOitaCableTelecomColtdJP	false
32.167.73.48	unknown	United States	2686	ATGS-MMD-ASUS	false
57.209.24.170	unknown	Belgium	2686	ATGS-MMD-ASUS	false
76.65.107.149	unknown	Canada	577	BACOMCA	false
165.198.139.206	unknown	United States	2152	CSUNET-NWUS	false
196.100.168.167	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
94.12.54.162	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
182.87.83.169	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
117.12.4.126	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
54.235.210.177	unknown	United States	14618	AMAZON-AESUS	false
49.33.6.85	unknown	India	55836	RELIANCEJIO-INRelianceJioInfocommLimitedIN	false
51.74.185.61	unknown	United States	2686	ATGS-MMD-ASUS	false
145.74.50.83	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
39.205.243.203	unknown	Indonesia	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
218.196.214.243	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
2.107.96.225	unknown	Denmark	3292	TDCTDCASDK	false
180.212.6.163	unknown	China	17638	CHINATELECOM-TJ-AS-APASNforTIANJINProvincialNetofCT	false
49.187.103.124	unknown	Australia	4804	MPX-ASMicroplexPTYLTDAU	false
123.70.240.181	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
218.142.4.238	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
157.107.79.220	unknown	Japan	4685	ASAHI-NETAsahiNetJP	false
78.188.78.63	unknown	Turkey	9121	TTNETTR	false
141.41.78.137	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
168.66.237.77	unknown	United States	265240	ULTRANETSERVICOSEMINTERNETLTDABR	false
141.72.218.89	unknown	Germany	553	BELWUEBelWue-KoordinationEU	false
138.72.152.82	unknown	United States	30013	PIXAR-ASUS	false
212.16.201.9	unknown	Russian Federation	8920	VTC-ASRussiaVladivostokRU	false
5.183.213.141	unknown	France	37002	ReunicableRE	false
73.104.246.1	unknown	United States	7922	COMCAST-7922US	false
14.237.37.78	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
51.42.45.114	unknown	United Kingdom	2686	ATGS-MMD-ASUS	false
52.51.150.136	unknown	United States	16509	AMAZON-02US	false
46.237.122.200	unknown	Bulgaria	43205	BULSATCOM-BG-ASSofiaBG	false
128.117.141.159	unknown	United States	194	NCAR-ASUS	false
38.27.200.199	unknown	United States	29783	AS29783US	false
49.171.222.181	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
141.19.119.101	unknown	Germany	553	BELWUEBelWue-KoordinationEU	false
212.93.143.63	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
55.26.35.151	unknown	United States	319	DNIC-ASBLK-00306-00371US	false
36.0.222.124	unknown	China	2686	ATGS-MMD-ASUS	false
110.121.156.167	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
253.251.61.106	unknown	Reserved	unknown	unknown	false
118.182.17.178	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
3.247.156.111	unknown	United States	14618	AMAZON-AESUS	false
54.122.160.117	unknown	United States	16509	AMAZON-02US	false
198.61.225.44	unknown	United States	19994	RACKSPACEUS	false
131.73.72.27	unknown	United States	28075	ARLINKSAAR	false
24.193.224.2	unknown	United States	12271	TWC-12271-NYCUS	false
165.14.101.95	unknown	Japan	18271	EVONETSojitzSystemsCorporationJP	false
61.100.236.112	unknown	Korea Republic of	17609	SILLAUNIVERSITY-AS-KRSillaUnivKR	false
146.250.232.248	unknown	United States	8147	ASERICYUS	false
38.71.155.83	unknown	United States	39988	INTELLIGENT-TECHNOLOGY-SOLUTIONSUS	false
162.200.108.225	unknown	United States	7018	ATT-INTERNET4US	false
25.8.179.37	unknown	United Kingdom	7922	COMCAST-7922US	false
47.240.91.125	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
67.132.97.89	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
189.83.172.203	unknown	Brazil	7738	TelemarNorteLesteSABR	false
190.74.137.139	unknown	Venezuela	8048	CANTVServiciosVenezuelaVE	false
140.224.198.4	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
205.52.120.61	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
63.211.56.18	unknown	United States	3356	LEVEL3US	false
105.29.101.70	unknown	Mauritius	37100	SEACOM-ASMU	false
246.249.139.41	unknown	Reserved	unknown	unknown	false
221.31.66.203	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
54.195.78.61	unknown	United States	16509	AMAZON-02US	false
121.145.140.126	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
186.41.54.143	unknown	Chile	27680	TELEFONICAMOVILDECHILESACL	false
252.175.159.106	unknown	Reserved	unknown	unknown	false
6.33.123.211	unknown	United States	3356	LEVEL3US	false
211.115.107.224	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
105.146.158.192	unknown	Morocco	6713	IAM-ASMA	false
202.104.19.150	unknown	China	134764	CT-FOSHAN-IDCCHINANETGuangdongprovincenetworkCN	false
133.128.107.54	unknown	Japan	385	AFCONC-BLOCK1-ASUS	false
179.218.210.126	unknown	Brazil	28573	CLAROSABR	false
98.42.190.84	unknown	United States	7922	COMCAST-7922US	false
209.106.45.181	unknown	United States	2572	MORENETUS	false
155.36.64.52	unknown	United States	24324	KORDIA-TRANSIT-AS-APKordiaLimitedNZ	false
154.248.34.163	unknown	Algeria	36947	ALGTEL-ASDZ	false
101.249.131.41	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
134.74.201.36	unknown	United States	31822	CITY-UNIVERSITY-OF-NEW-YORKUS	false
11.8.210.109	unknown	United States	3356	LEVEL3US	false
35.26.97.220	unknown	United States	36375	UMICH-AS-5US	false
171.254.21.152	unknown	Viet Nam	7552	VIETEL-AS-APViettelGroupVN	false
82.81.105.149	unknown	Israel	8551	BEZEQ-INTERNATIONAL-ASBezeqintInternetBackboneIL	false
146.141.199.26	unknown	South Africa	2018	TENET-1ZA	false
179.100.20.139	unknown	Brazil	27699	TELEFONICABRASILSABR	false
105.23.197.253	unknown	Mauritius	37100	SEACOM-ASMU	false
115.32.188.56	unknown	China	4766	KIXS-AS-KRKoreaTelecomKR	false
214.5.204.119	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
211.192.12.203	unknown	Korea Republic of	10056	HDMF-ASHyundaiMarinFireInsuranceKR	false
113.135.106.225	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
99.241.49.128	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
105.84.228.168	unknown	Egypt	36992	ETISALAT-MISREG	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true
ru.coziest.lol	38.60.198.180	true

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	ReversingLabs: Detection: 44%
Source: na.elf	Virustotal: Detection: 28%			Perma Link

Found strings indicative of a multi-platform dropper

Source: na.elf

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 38.60.198.180 ports 46852,61543,7193,23789,54123,2,3,7,27651,8,9,42061,49376,38429,32876,15987

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.152.35.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.85.151.125:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.66.163.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 12.165.233.19:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.110.205.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 101.254.234.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 56.6.250.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 206.135.209.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.5.141.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.220.231.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 43.177.145.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 202.180.73.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 187.34.24.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.163.109.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 131.249.97.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 193.234.64.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.22.40.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.134.21.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 167.237.149.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.253.128.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 219.117.55.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:58960 -> 38.60.198.180:23789
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.61.225.78:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.112.62.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.127.64.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 178.192.122.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.196.175.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 194.36.107.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.146.177.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.117.29.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.166.89.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.59.34.127:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 167.150.33.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 219.205.9.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.240.71.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 194.154.53.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 186.254.57.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 43.27.62.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.233.15.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.210.255.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 60.35.76.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 48.125.138.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 206.22.186.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.234.44.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.198.251.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.81.52.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.59.22.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.58.246.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.204.76.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.20.178.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.138.44.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.15.207.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.113.40.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 29.230.11.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 154.197.228.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.62.133.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 188.113.249.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 200.205.210.180:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 53.22.74.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.32.74.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.240.219.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.4.12.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.112.214.206:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.92.193.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.105.251.26:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.148.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 155.242.162.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 29.118.138.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 177.42.236.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 104.113.38.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.98.237.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.90.238.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.188.99.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 207.104.150.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.128.6.228:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 202.58.63.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.168.104.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 142.136.131.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.166.184.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.72.25.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 80.62.243.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 215.251.47.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 242.132.72.60:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.52.111.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.197.145.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.188.158.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 99.102.173.175:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.251.86.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.194.188.237:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 105.38.123.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 48.189.186.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.54.236.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.106.219.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 107.45.82.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.71.135.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 251.38.148.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.185.74.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.27.114.45:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 55.132.0.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.184.236.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.202.35.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.20.158.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.221.64.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.85.211.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 23.25.254.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 88.176.250.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 106.33.38.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.116.108.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 89.245.185.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.236.151.40:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.173.148.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.242.141.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 221.105.14.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 66.79.135.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.146.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.65.175.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 94.164.147.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.232.75.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.173.32.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.155.181.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.149.184.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 243.39.36.118:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 204.145.138.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.189.222.8:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.23.27.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 98.242.152.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.213.227.242:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.37.168.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.167.148.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.99.57.67:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.15.238.28:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.220.95.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.37.210.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 164.116.119.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 169.209.221.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 211.54.198.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.24.8.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.88.149.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.108.111.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 60.219.214.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.133.252.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 185.22.78.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.199.115.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.244.3.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 96.77.149.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.26.107.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.236.146.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.222.56.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 5.215.9.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 246.247.201.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 51.111.115.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 74.45.184.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.108.184.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 251.254.220.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.174.159.188:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.199.190.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.78.196.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 13.209.187.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.130.21.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 51.52.86.100:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.101.164.238:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.189.45.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 25.25.13.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.21.204.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 133.14.173.190:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.229.193.63:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.12.4.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 216.78.60.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 61.13.192.174:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 148.186.174.99:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.142.24.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.52.124.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 129.235.84.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 92.234.17.104:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 161.53.195.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 17.153.194.81:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.198.74.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.14.169.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 3.73.241.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 209.171.41.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.126.38.170:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 57.121.138.211:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.179.114.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 223.188.114.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.168.15.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.11.225.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 7.199.27.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 109.120.40.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 90.182.151.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.91.18.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.153.212.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 240.46.76.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.155.132.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 99.107.131.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.255.101.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 222.86.105.131:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 39.0.207.2:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 9.81.94.235:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 84.146.26.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.177.149.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 108.237.198.114:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 32.104.52.90:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.95.252.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 208.97.232.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.242.115.216:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.234.187.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 243.158.88.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.138.110.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.112.170.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.134.94.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 204.228.27.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.191.66.182:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 147.160.50.24:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.54.80.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 58.238.7.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.194.230.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.109.227.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.115.171.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.45.194.149:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.53.28.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.118.231.34:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 112.26.76.113:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 253.149.61.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.133.156.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.5.150.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 34.66.46.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.230.222.255:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.56.251.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.227.199.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.159.155.160:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.25.161.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.25.194.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 218.235.72.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 207.29.20.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.18.21.138:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 107.124.212.144:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.82.77.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 136.111.85.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.14.112.96:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 55.169.18.218:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 196.39.24.167:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.126.34.18:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 188.22.141.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.178.91.75:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.87.72.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 54.154.230.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 245.157.55.169:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.196.82.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.8.125.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.179.152.217:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.28.158.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.57.62.22:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.247.51.128:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 67.83.238.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.63.159.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 132.81.249.109:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.132.40.105:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.34.117.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.173.3.191:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.233.72.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 218.122.253.120:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.83.221.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 82.73.172.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.176.190.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.69.226.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 86.5.157.110:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 18.127.152.247:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 15.95.161.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 221.15.137.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 27.69.130.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 98.211.86.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 34.160.158.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.220.55.47:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 159.255.163.108:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.196.246.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.56.131.83:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 44.8.126.27:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.251.172.207:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 109.75.102.12:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.204.85.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.224.219.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 189.21.138.117:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 151.152.6.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 199.241.145.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 56.143.127.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.21.218.73:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.249.87.16:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.168.169.200:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 203.80.118.246:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.58.62.157:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 54.69.87.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 121.167.172.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.216.254.135:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 182.79.71.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.127.133.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.3.158.172:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.98.51.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 132.189.87.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 209.202.141.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.119.168.101:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 15.238.82.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.63.40.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 105.13.166.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 87.181.65.11:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.18.2.50:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 46.232.183.87:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.42.220.141:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.118.157.224:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.49.113.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 180.75.155.58:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.138.22.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.226.190.129:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.90.80.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.158.132.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.251.7.185:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 104.254.149.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 205.224.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 35.169.153.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.107.253.199:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.106.142.177:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 215.8.202.142:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 166.165.49.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 68.76.217.208:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 79.123.105.116:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.199.212.168:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 89.249.15.93:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.105.113.166:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.139.228.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.79.113.249:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.169.126.115:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 248.252.227.35:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 72.1.98.226:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 73.104.246.1:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.220.54.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 95.252.50.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.33.187.159:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.97.142.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.155.215.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.15.37.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 196.73.148.173:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 190.87.206.254:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.7.110.121:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 134.77.235.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 74.1.121.248:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.20.211.133:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.242.230.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.115.212.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.15.98.230:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.114.51.23:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 31.130.76.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 65.173.43.111:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 11.18.215.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.135.106.225:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.32.124.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 97.39.228.15:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 91.74.49.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 135.178.202.64:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.188.167.163:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.98.102.229:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 113.145.122.103:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.128.253.82:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.231.88.7:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 70.165.32.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.83.126.66:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.163.62.140:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 138.120.157.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 120.90.131.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 121.186.253.205:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.162.151.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 152.125.191.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.142.205.119:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 181.95.159.161:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 197.69.87.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 246.1.191.86:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.124.31.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 59.94.123.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.146.141.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 38.94.103.245:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.57.178.241:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.183.10.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 245.78.255.32:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 12.228.254.38:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.74.139.213:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 244.179.62.72:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.245.60.152:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 14.126.28.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 47.28.236.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 187.142.172.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 6.165.91.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.102.223.31:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 84.191.184.71:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 255.36.55.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 152.54.94.91:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 252.189.26.194:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.102.60.56:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 183.3.31.239:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 41.54.100.89:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 13.118.101.156:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 179.214.212.62:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 137.37.246.171:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 141.234.105.223:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 103.216.156.41:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 156.64.205.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.47.79.33:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 175.121.170.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.143.238.146:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.95.181.48:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 254.48.195.10:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 216.80.71.25:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 249.203.151.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 82.175.30.176:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 21.86.62.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 110.221.123.65:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.75.64.6:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 100.120.176.59:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 81.20.170.57:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 242.231.185.234:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 49.104.108.148:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 116.111.141.79:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.133.60.69:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.131.152.46:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 64.32.94.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.20.11.68:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.163.153.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 45.143.125.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 27.93.159.219:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 223.222.117.195:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 112.19.124.13:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 254.121.149.70:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 40.136.24.122:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 184.106.121.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 26.28.178.212:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 190.163.98.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 24.220.235.165:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 90.7.198.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 77.118.39.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 19.4.121.76:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.112.91.231:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 115.159.22.49:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 195.215.152.42:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.251.210.232:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.139.161.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 1.190.116.17:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.3.150.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 68.45.105.126:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 173.173.113.39:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 250.139.236.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 184.122.75.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.222.177.198:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 159.30.120.222:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 36.36.18.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 168.166.89.193:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 111.182.202.147:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 241.58.61.178:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 50.66.47.251:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 33.251.223.162:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 85.170.95.155:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 210.135.86.151:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 122.21.247.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 30.190.67.203:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 94.19.154.130:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 176.240.222.233:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 164.165.230.98:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 75.6.24.74:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 76.192.250.215:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 117.92.198.14:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 201.151.7.244:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 171.115.17.253:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 22.127.75.227:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 131.153.211.85:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 140.154.197.84:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 217.162.46.44:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 130.21.88.202:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 153.177.185.154:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 42.19.45.204:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 170.17.17.95:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 124.165.16.21:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 52.82.128.136:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 119.169.63.88:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 247.87.47.4:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 133.132.132.123:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 191.83.195.221:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 17.171.120.55:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.179.117.112:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 19.75.51.97:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 203.76.206.77:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 162.204.174.158:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 71.109.100.210:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 125.27.177.179:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 2.117.63.201:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 160.88.57.153:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 128.163.139.61:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 114.164.12.3:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 93.230.82.197:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 149.1.65.106:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 21.162.42.186:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 146.55.73.54:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 9.46.49.52:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 144.243.155.139:2323
Source: global traffic	TCP traffic: 192.168.2.14:11841 -> 177.28.75.195:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5535)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 38.152.35.17
Source: unknown	TCP traffic detected without corresponding DNS query: 242.58.99.17
Source: unknown	TCP traffic detected without corresponding DNS query: 223.100.13.77
Source: unknown	TCP traffic detected without corresponding DNS query: 146.238.231.17
Source: unknown	TCP traffic detected without corresponding DNS query: 57.157.132.214
Source: unknown	TCP traffic detected without corresponding DNS query: 44.57.104.197
Source: unknown	TCP traffic detected without corresponding DNS query: 244.171.12.66
Source: unknown	TCP traffic detected without corresponding DNS query: 189.245.195.169
Source: unknown	TCP traffic detected without corresponding DNS query: 119.202.13.218
Source: unknown	TCP traffic detected without corresponding DNS query: 212.7.212.142
Source: unknown	TCP traffic detected without corresponding DNS query: 240.137.170.167
Source: unknown	TCP traffic detected without corresponding DNS query: 52.76.126.44
Source: unknown	TCP traffic detected without corresponding DNS query: 5.85.151.125
Source: unknown	TCP traffic detected without corresponding DNS query: 243.91.78.219
Source: unknown	TCP traffic detected without corresponding DNS query: 194.190.77.172
Source: unknown	TCP traffic detected without corresponding DNS query: 72.66.163.27
Source: unknown	TCP traffic detected without corresponding DNS query: 103.203.60.121
Source: unknown	TCP traffic detected without corresponding DNS query: 166.65.170.52
Source: unknown	TCP traffic detected without corresponding DNS query: 185.204.251.221
Source: unknown	TCP traffic detected without corresponding DNS query: 62.134.17.104
Source: unknown	TCP traffic detected without corresponding DNS query: 187.107.230.64
Source: unknown	TCP traffic detected without corresponding DNS query: 82.183.83.204
Source: unknown	TCP traffic detected without corresponding DNS query: 172.165.213.95
Source: unknown	TCP traffic detected without corresponding DNS query: 44.75.198.108
Source: unknown	TCP traffic detected without corresponding DNS query: 171.150.42.140
Source: unknown	TCP traffic detected without corresponding DNS query: 134.189.88.183
Source: unknown	TCP traffic detected without corresponding DNS query: 189.8.129.216
Source: unknown	TCP traffic detected without corresponding DNS query: 122.77.80.159
Source: unknown	TCP traffic detected without corresponding DNS query: 222.248.124.1
Source: unknown	TCP traffic detected without corresponding DNS query: 29.214.114.66
Source: unknown	TCP traffic detected without corresponding DNS query: 101.154.204.49
Source: unknown	TCP traffic detected without corresponding DNS query: 201.246.169.112
Source: unknown	TCP traffic detected without corresponding DNS query: 114.181.217.112
Source: unknown	TCP traffic detected without corresponding DNS query: 72.126.182.16
Source: unknown	TCP traffic detected without corresponding DNS query: 3.247.148.237
Source: unknown	TCP traffic detected without corresponding DNS query: 12.165.233.19
Source: unknown	TCP traffic detected without corresponding DNS query: 114.161.29.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.108.150.60
Source: unknown	TCP traffic detected without corresponding DNS query: 41.114.255.75
Source: unknown	TCP traffic detected without corresponding DNS query: 39.50.186.2
Source: unknown	TCP traffic detected without corresponding DNS query: 29.67.169.125
Source: unknown	TCP traffic detected without corresponding DNS query: 77.232.123.250
Source: unknown	TCP traffic detected without corresponding DNS query: 88.171.70.232
Source: unknown	TCP traffic detected without corresponding DNS query: 74.122.223.239
Source: unknown	TCP traffic detected without corresponding DNS query: 145.156.105.89
Source: unknown	TCP traffic detected without corresponding DNS query: 19.37.155.79
Source: unknown	TCP traffic detected without corresponding DNS query: 148.150.177.153
Source: unknown	TCP traffic detected without corresponding DNS query: 212.177.54.67
Source: unknown	TCP traffic detected without corresponding DNS query: 154.121.168.215
Source: unknown	TCP traffic detected without corresponding DNS query: 68.165.163.122

Source: global traffic	DNS traffic detected: DNS query: ru.coziest.lol
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.evad.linELF@0/0@1605/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5538)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5538)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5538)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5538)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5535)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5535.1.000055a79e3a0000.000055a79e429000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sparc
Source: na.elf, 5535.1.000055a79e3a0000.000055a79e429000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/sparc
Source: na.elf, 5535.1.00007ffd75c65000.00007ffd75c86000.rw-.sdmp	Binary or memory string: Ix86_64/usr/bin/qemu-sparc/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5535.1.00007ffd75c65000.00007ffd75c86000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sparc

ID:	1528794
Product:	CloudBasic
Start time:	11:00:05
Start date:	08.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	cdfad14bddd20a5f869279c44c218c8d
SHA1:	bab943438df31f06e1f960931a49726ec7338788
SHA256:	160ced7e154719e3c2084fcbd9c23cc8451b96381cb352d53b3fbc24444851a0
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
na.elf