Linux Analysis Report
na.elf

Overview

General Information

Sample name:	na.elf
Analysis ID:	1528795
MD5:	67dcded9ebefd3bd426a3e65bb1d8a0e
SHA1:	d845b1f3ce3885377d842b6f7b3e8ca593dbed25
SHA256:	14fc3b7aa7c33e9db2fea8b9feb81c83acea23f088c9af6ed6332fd878e25aa5
Tags:	elfMiraiuser-abuse_ch
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Deletes system log files

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Found strings indicative of a multi-platform dropper

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	Virustotal: Detection: 28%			Perma Link
Source: na.elf	ReversingLabs: Detection: 31%

Found strings indicative of a multi-platform dropper

Source: na.elf

String: .HN^Nu/proc/wgetashinitcurltftp/fdsocket/usr/bin/usr/sbin/system/mnt/mtd/app/org/z/zbin/home/app/dvr/bin/duksan/userfs/mnt/app/usr/etc/dvr/main/usr/local/var/bin/tmp/sqfs/z/bin/dvr/mnt/mtd/zconf/gm/bin/home/process/var/challenge/usr/lib/lib/systemd//usr/lib/systemd/system/system/bin//mnt//home/helper/home/davinci/usr/libexec//sbin//proc/net/tcploginntpdate./.ffdfd/proc/maps/lib//proc/self/exe

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 68.162.104.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.88.237.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 66.91.172.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.238.27.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 223.196.107.237:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.174.134.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 214.74.99.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.173.152.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.18.36.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 181.209.107.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.155.34.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.17.23.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 101.242.218.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.170.152.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.67.136.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.67.202.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 35.155.132.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.179.175.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.110.59.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.139.124.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 253.221.198.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 184.94.16.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.53.232.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.75.14.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.28.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.216.204.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 83.204.45.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 73.109.243.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.97.161.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.53.232.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 13.173.102.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.55.23.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 179.59.154.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.119.78.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.13.43.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.160.78.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.15.60.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 94.221.169.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 57.64.63.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.242.142.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 193.210.171.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 218.68.12.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.200.15.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.88.233.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 59.192.208.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 221.212.0.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 48.13.151.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.192.84.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.193.136.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 132.229.22.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.251.145.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 169.253.251.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 155.63.202.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.9.163.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.229.253.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 4.157.125.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 249.64.225.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.242.53.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 106.207.58.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.226.236.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.255.232.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 154.145.37.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.82.99.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.69.191.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 41.247.189.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 63.176.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 60.245.245.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.183.79.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.120.250.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 181.155.20.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.203.78.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 68.68.178.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.59.83.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.106.249.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.22.136.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 15.88.199.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 214.106.162.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.163.45.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 36.99.134.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.31.54.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 215.149.98.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.222.111.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.152.81.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.73.197.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 69.216.249.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.178.5.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.186.198.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.40.81.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.206.174.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 159.26.82.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.2.234.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.123.248.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.244.71.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 91.163.134.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.124.145.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.31.213.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 32.160.61.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.30.170.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 39.50.168.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.105.254.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 31.158.248.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.133.219.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 188.106.222.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.68.139.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.129.30.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.130.72.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.171.98.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.173.107.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.49.91.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 42.156.49.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 93.137.185.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.202.196.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.48.84.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.251.110.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.82.54.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.15.131.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 129.90.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.118.122.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.138.244.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.5.74.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.48.174.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 61.99.231.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.36.197.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 110.72.65.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 88.8.66.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.75.67.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.102.142.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.4.18.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.27.198.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.37.124.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.143.114.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.84.43.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.161.226.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 36.109.218.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.76.237.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.99.212.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.248.40.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.134.243.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.211.52.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 158.171.213.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.212.165.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 255.168.197.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.79.29.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 51.116.224.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 22.128.171.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.210.20.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 94.10.187.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 255.103.241.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 254.252.40.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.127.70.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.236.140.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 155.170.159.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.13.102.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.216.224.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 194.48.33.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 253.193.82.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.198.33.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.167.187.245:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 65.107.248.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.214.243.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 134.232.126.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.150.177.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.100.66.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 202.22.169.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 109.161.99.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.194.42.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.138.85.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.22.166.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 108.32.57.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.226.118.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 222.74.25.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 142.135.73.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.95.95.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.31.35.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 113.218.200.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.226.184.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.81.202.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 30.132.63.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 111.122.238.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.165.100.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.105.250.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.13.164.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.42.26.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.134.89.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 77.125.8.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.129.243.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.228.194.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.0.149.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 160.106.132.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 104.114.2.199:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 250.234.192.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.22.7.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.63.213.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.85.225.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 1.62.189.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 244.136.209.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 197.27.25.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 35.215.105.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.201.241.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 17.25.14.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.168.29.199:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.27.25.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.238.125.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.230.248.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 86.121.241.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.127.20.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.67.113.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.181.195.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.48.136.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.141.168.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.6.110.110:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 27.139.158.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 44.58.84.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 13.65.35.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.202.84.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.135.76.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.138.208.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.52.188.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.73.231.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 115.104.54.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 129.23.184.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 41.128.180.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.108.161.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 83.46.163.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.32.198.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.154.116.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 65.164.78.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.7.46.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 207.23.65.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.245.246.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 145.123.115.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 183.2.32.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.172.163.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.141.151.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.73.114.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.225.248.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 209.91.85.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.54.215.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.167.64.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.41.218.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 211.100.84.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.58.210.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.235.60.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 167.107.102.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 134.53.111.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.234.33.158:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.148.251.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.97.35.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 191.136.1.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 124.159.218.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.143.65.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 243.146.62.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.217.167.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.153.189.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.244.83.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.140.116.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.211.43.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 106.118.136.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.21.6.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.108.180.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.59.96.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 211.28.197.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.70.176.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 97.129.219.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.194.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.13.54.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.129.222.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.36.11.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.212.142.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.13.107.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.209.98.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.105.155.26:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 108.204.13.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.69.115.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.8.217.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.142.122.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 138.180.66.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 70.45.254.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 111.104.248.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.206.225.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.83.62.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.169.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 98.18.67.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.73.40.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.126.39.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 207.27.198.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.150.21.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.3.200.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 145.231.237.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.209.195.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.171.76.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.151.138.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.36.53.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.57.16.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 74.177.96.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.164.89.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.206.253.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.37.94.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.18.163.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.156.58.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.29.100.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 193.95.134.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.22.112.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.170.226.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 200.151.33.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.91.209.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 203.224.83.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 82.233.184.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.251.194.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.83.153.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.106.219.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.50.86.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.175.16.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 200.240.191.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.120.172.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.100.52.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 176.35.92.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 216.44.148.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 123.221.38.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.31.162.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 136.92.167.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 61.105.175.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.23.171.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 158.238.193.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.16.29.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 189.116.116.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.222.170.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 202.133.130.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 126.135.35.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 53.231.139.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.204.77.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 51.251.160.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.166.164.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 244.211.155.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 161.252.165.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.161.18.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.78.53.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.192.199.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.55.214.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.112.183.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.81.185.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.139.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.115.243.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 189.215.76.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.205.239.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 102.43.183.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.110.150.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.29.129.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 143.220.100.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 18.160.163.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 143.221.87.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.175.75.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.161.231.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 138.29.56.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.69.177.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.121.170.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.242.223.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.194.105.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 213.136.249.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.144.123.205:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 183.211.48.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 42.37.216.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 169.19.223.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.138.144.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.137.9.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.84.48.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.1.118.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.144.55.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 219.255.48.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.246.244.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.37.184.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 52.59.12.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.68.71.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.128.11.167:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 167.81.119.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 162.154.247.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.107.75.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.202.202.242:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 177.242.35.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.232.29.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 223.23.180.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.128.92.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.147.239.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.106.130.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.123.189.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.189.126.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 32.69.9.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.248.51.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.122.241.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.91.123.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 54.138.188.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 215.136.174.167:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.106.71.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 53.142.206.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.188.4.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 74.16.48.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.58.249.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.221.196.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.115.212.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.118.100.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.144.24.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 57.157.78.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 166.194.94.122:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.235.233.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.106.93.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.79.189.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 15.229.189.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 91.137.101.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.106.253.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.194.162.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.115.55.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 194.195.34.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.100.163.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.219.142.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.148.116.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.196.87.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.17.142.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 34.108.229.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 54.136.189.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.74.127.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.92.1.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.58.79.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 133.131.79.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 213.121.58.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 85.40.240.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 124.19.126.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.20.123.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.97.29.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.102.63.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.89.14.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.237.105.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.126.255.118:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.243.78.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 122.205.92.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.214.186.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 154.123.11.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.132.51.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.82.4.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 44.234.33.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 179.214.244.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.14.194.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 178.146.233.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.221.187.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.118.96.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.195.148.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.229.146.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.213.254.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.242.240.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 104.12.3.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 17.148.252.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 126.45.87.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.224.224.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.177.172.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.41.199.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 18.162.155.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.37.107.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.42.179.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 73.47.17.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 31.147.203.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 81.129.21.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.84.137.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.33.227.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 14.254.205.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.233.31.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.87.19.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.53.58.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.103.192.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.185.7.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 93.153.112.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.194.212.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.81.42.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 77.109.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.75.137.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 152.64.204.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.64.2.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.161.193.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.177.18.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 66.0.199.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.200.201.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 82.37.107.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 27.172.45.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 132.183.146.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 250.169.126.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.184.194.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 243.86.157.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.164.220.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.36.154.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.144.234.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 28.69.240.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 184.102.192.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 188.136.51.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 159.248.135.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 240.230.110.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 142.89.15.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 4.114.127.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.151.105.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 48.36.59.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.253.65.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.37.97.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 60.154.242.172:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5461)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 68.162.104.75
Source: unknown	TCP traffic detected without corresponding DNS query: 147.148.157.78
Source: unknown	TCP traffic detected without corresponding DNS query: 241.3.40.75
Source: unknown	TCP traffic detected without corresponding DNS query: 150.254.165.74
Source: unknown	TCP traffic detected without corresponding DNS query: 192.86.142.13
Source: unknown	TCP traffic detected without corresponding DNS query: 29.37.254.227
Source: unknown	TCP traffic detected without corresponding DNS query: 95.88.237.222
Source: unknown	TCP traffic detected without corresponding DNS query: 60.80.130.42
Source: unknown	TCP traffic detected without corresponding DNS query: 46.136.205.195
Source: unknown	TCP traffic detected without corresponding DNS query: 133.237.87.36
Source: unknown	TCP traffic detected without corresponding DNS query: 14.87.228.179
Source: unknown	TCP traffic detected without corresponding DNS query: 121.197.151.242
Source: unknown	TCP traffic detected without corresponding DNS query: 34.122.139.23
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.168.129
Source: unknown	TCP traffic detected without corresponding DNS query: 86.119.19.197
Source: unknown	TCP traffic detected without corresponding DNS query: 64.132.243.249
Source: unknown	TCP traffic detected without corresponding DNS query: 223.50.21.235
Source: unknown	TCP traffic detected without corresponding DNS query: 66.91.172.14
Source: unknown	TCP traffic detected without corresponding DNS query: 81.194.117.26
Source: unknown	TCP traffic detected without corresponding DNS query: 207.79.234.100
Source: unknown	TCP traffic detected without corresponding DNS query: 187.97.157.59
Source: unknown	TCP traffic detected without corresponding DNS query: 140.30.68.215
Source: unknown	TCP traffic detected without corresponding DNS query: 83.107.73.199
Source: unknown	TCP traffic detected without corresponding DNS query: 196.7.247.126
Source: unknown	TCP traffic detected without corresponding DNS query: 192.196.104.212
Source: unknown	TCP traffic detected without corresponding DNS query: 150.43.255.187
Source: unknown	TCP traffic detected without corresponding DNS query: 87.238.27.57
Source: unknown	TCP traffic detected without corresponding DNS query: 54.58.205.134
Source: unknown	TCP traffic detected without corresponding DNS query: 81.33.202.134
Source: unknown	TCP traffic detected without corresponding DNS query: 253.12.217.115
Source: unknown	TCP traffic detected without corresponding DNS query: 68.65.216.185
Source: unknown	TCP traffic detected without corresponding DNS query: 42.255.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 223.196.107.237
Source: unknown	TCP traffic detected without corresponding DNS query: 60.207.120.241
Source: unknown	TCP traffic detected without corresponding DNS query: 205.174.134.215
Source: unknown	TCP traffic detected without corresponding DNS query: 177.67.148.124
Source: unknown	TCP traffic detected without corresponding DNS query: 155.70.245.180
Source: unknown	TCP traffic detected without corresponding DNS query: 214.74.99.99
Source: unknown	TCP traffic detected without corresponding DNS query: 41.32.26.7
Source: unknown	TCP traffic detected without corresponding DNS query: 107.23.13.65
Source: unknown	TCP traffic detected without corresponding DNS query: 139.79.243.54
Source: unknown	TCP traffic detected without corresponding DNS query: 221.142.97.79
Source: unknown	TCP traffic detected without corresponding DNS query: 62.96.139.3
Source: unknown	TCP traffic detected without corresponding DNS query: 156.118.177.235
Source: unknown	TCP traffic detected without corresponding DNS query: 72.204.252.191
Source: unknown	TCP traffic detected without corresponding DNS query: 217.93.0.217
Source: unknown	TCP traffic detected without corresponding DNS query: 83.39.4.246
Source: unknown	TCP traffic detected without corresponding DNS query: 66.188.198.167
Source: unknown	TCP traffic detected without corresponding DNS query: 3.35.82.72
Source: unknown	TCP traffic detected without corresponding DNS query: 92.244.152.61

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.evad.linELF@0/0@2/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5464)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5464)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5464)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5461)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5461.1.00007ffd99b6a000.00007ffd99b8b000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5461.1.000055e9e6dee000.000055e9e6e73000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: na.elf, 5461.1.00007ffd99b6a000.00007ffd99b8b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: na.elf, 5461.1.000055e9e6dee000.000055e9e6e73000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
97.222.195.175	unknown	United States	6167	CELLCO-PARTUS	false
69.212.49.62	unknown	United States	7018	ATT-INTERNET4US	false
150.71.200.65	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
167.15.125.53	unknown	United States	20426	PWC-ASUS	false
20.38.220.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
117.36.109.211	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
178.157.210.97	unknown	Denmark	43557	ASEMNETDK	false
176.129.181.94	unknown	France	5410	BOUYGTEL-ISPFR	false
193.238.142.89	unknown	Switzerland	16111	ONLINE-CONSULTINGCH	false
144.147.189.210	unknown	United States	1460	DNIC-ASBLK-01458-01460US	false
86.184.165.157	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
42.179.207.33	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
42.197.176.249	unknown	China	7497	CSTNET-AS-APComputerNetworkInformationCenterCN	false
213.9.148.141	unknown	Spain	12541	BTESPANABTESDatacenterandhostingASNES	false
202.187.30.181	unknown	Malaysia	9930	TTNET-MYTIMEdotComBerhadMY	false
51.24.132.200	unknown	United States	2686	ATGS-MMD-ASUS	false
24.233.238.240	unknown	United States	46687	MAXXSOUTH-BROADBANDUS	false
30.145.185.9	unknown	United States	7922	COMCAST-7922US	false
3.60.59.47	unknown	United States	8987	AMAZONEXPANSIONGB	false
5.185.35.105	unknown	Poland	5617	TPNETPL	false
78.164.202.17	unknown	Turkey	9121	TTNETTR	false
196.81.153.51	unknown	Morocco	6713	IAM-ASMA	false
101.242.218.218	unknown	China	17429	BGCTVNETBEIJINGGEHUACATVNETWORKCOLTDCN	false
166.64.126.174	unknown	Australia	58681	NSWPOLSERV-AS-APNewSouthWalesPoliceAU	false
247.73.173.81	unknown	Reserved	unknown	unknown	false
118.205.104.82	unknown	China	9506	SINGTEL-FIBRESingtelFibreBroadbandSG	false
57.141.231.32	unknown	Belgium	2686	ATGS-MMD-ASUS	false
86.148.62.128	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
187.136.246.77	unknown	Mexico	8151	UninetSAdeCVMX	false
57.161.107.242	unknown	Belgium	2686	ATGS-MMD-ASUS	false
24.188.77.93	unknown	United States	6128	CABLE-NET-1US	false
105.72.9.248	unknown	Morocco	36884	MAROCCONNECTMA	false
153.159.204.96	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
219.42.91.213	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
145.242.154.72	unknown	France	1101	IP-EEND-ASIP-EENDBVNL	false
86.205.128.240	unknown	France	3215	FranceTelecom-OrangeFR	false
5.212.238.254	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
209.202.64.187	unknown	Canada	852	ASN852CA	false
136.75.201.60	unknown	United States	60311	ONEFMCH	false
201.0.129.68	unknown	Brazil	27699	TELEFONICABRASILSABR	false
179.248.151.91	unknown	Brazil	26615	TIMSABR	false
9.149.57.217	unknown	United States	3356	LEVEL3US	false
108.29.68.78	unknown	United States	701	UUNETUS	false
82.82.87.98	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
81.222.25.189	unknown	Russian Federation	3216	SOVAM-ASRU	false
128.152.121.189	unknown	United States	542	ARNETCA	false
152.16.217.229	unknown	United States	13371	DUKE-INTERCHANGEUS	false
142.212.75.93	unknown	Canada	13576	SDNW-13576US	false
128.36.201.213	unknown	United States	29	YALE-ASUS	false
12.7.254.250	unknown	United States	30115	WIDEVOICEUS	false
248.37.94.243	unknown	Reserved	unknown	unknown	false
4.127.49.107	unknown	United States	3356	LEVEL3US	false
159.75.40.91	unknown	China	1257	TELE2EU	false
83.156.177.252	unknown	France	12322	PROXADFR	false
184.186.97.254	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
148.143.218.171	unknown	France	3246	TDCSONGTele2BusinessTDCSwedenSE	false
248.175.139.252	unknown	Reserved	unknown	unknown	false
79.24.32.57	unknown	Italy	3269	ASN-IBSNAZIT	false
7.172.115.126	unknown	United States	3356	LEVEL3US	false
123.79.144.49	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
35.234.44.61	unknown	United States	15169	GOOGLEUS	false
19.231.228.114	unknown	United States	3	MIT-GATEWAYSUS	false
117.180.246.23	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
219.190.43.218	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
85.158.191.34	unknown	Russian Federation	43060	IPLUS-ASUZ	false
109.101.90.237	unknown	Romania	9050	RTDBucharestRomaniaRO	false
167.61.58.70	unknown	Uruguay	6057	AdministracionNacionaldeTelecomunicacionesUY	false
97.119.231.187	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
163.99.185.96	unknown	France	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
25.187.55.46	unknown	United Kingdom	7922	COMCAST-7922US	false
1.142.198.96	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
32.27.144.137	unknown	United States	2686	ATGS-MMD-ASUS	false
143.103.75.216	unknown	United States	13636	NEC-LABORATORIES-AMERICA-INCUS	false
143.101.34.167	unknown	United States	13636	NEC-LABORATORIES-AMERICA-INCUS	false
16.112.211.191	unknown	United States	unknown	unknown	false
154.5.136.46	unknown	Canada	852	ASN852CA	false
205.68.28.167	unknown	United States	647	DNIC-ASBLK-00616-00665US	false
2.198.207.119	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
145.102.68.77	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
31.150.115.87	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
17.139.170.54	unknown	United States	714	APPLE-ENGINEERINGUS	false
72.19.246.87	unknown	United States	17358	ETOLL1CA	false
44.223.211.251	unknown	United States	14618	AMAZON-AESUS	false
100.75.236.76	unknown	Reserved	701	UUNETUS	false
112.84.4.108	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
183.39.184.112	unknown	China	4816	CHINANET-IDC-GDChinaTelecomGroupCN	false
123.18.32.94	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
47.35.168.133	unknown	United States	20115	CHARTER-20115US	false
88.233.14.106	unknown	Turkey	9121	TTNETTR	false
240.105.5.219	unknown	Reserved	unknown	unknown	false
217.82.4.129	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
74.39.67.98	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
1.114.37.67	unknown	Japan	37903	EMOBILEYmobileCorporationJP	false
106.132.108.221	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
191.250.255.168	unknown	Brazil	18881	TELEFONICABRASILSABR	false
22.253.129.154	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
46.187.189.226	unknown	Poland	43118	EAW-ASEastandWestNetworkPL	false
166.196.211.237	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
14.192.251.14	unknown	Malaysia	9534	MAXIS-AS1-APBinariangBerhadMY	false
101.0.66.237	unknown	Australia	55803	DIGITALPACIFIC-AUDigitalPacificPtyLtdAustraliaAU	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.24	true

AV Detection

Multi AV Scanner detection for submitted file

Source: na.elf	Virustotal: Detection: 28%			Perma Link
Source: na.elf	ReversingLabs: Detection: 31%

Found strings indicative of a multi-platform dropper

Source: na.elf

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 68.162.104.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.88.237.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 66.91.172.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.238.27.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 223.196.107.237:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.174.134.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 214.74.99.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.173.152.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.18.36.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 181.209.107.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.155.34.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.17.23.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 101.242.218.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.170.152.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.67.136.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.67.202.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 35.155.132.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.179.175.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.110.59.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.139.124.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 253.221.198.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 184.94.16.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.53.232.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.75.14.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.28.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.216.204.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 83.204.45.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 73.109.243.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.97.161.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.53.232.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 13.173.102.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.55.23.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 179.59.154.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.119.78.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.13.43.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.160.78.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.15.60.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 94.221.169.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 57.64.63.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.242.142.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 193.210.171.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 218.68.12.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.200.15.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.88.233.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 59.192.208.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 221.212.0.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 48.13.151.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.192.84.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.193.136.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 132.229.22.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.251.145.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 169.253.251.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 155.63.202.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.9.163.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.229.253.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 4.157.125.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 249.64.225.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.242.53.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 106.207.58.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.226.236.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.255.232.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 154.145.37.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.82.99.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 62.69.191.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 41.247.189.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 63.176.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 60.245.245.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.183.79.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.120.250.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 181.155.20.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.203.78.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 68.68.178.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.59.83.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.106.249.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.22.136.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 15.88.199.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 214.106.162.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.163.45.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 36.99.134.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.31.54.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 215.149.98.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.222.111.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.152.81.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.73.197.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 69.216.249.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.178.5.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.186.198.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.40.81.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.206.174.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 159.26.82.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.2.234.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.123.248.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.244.71.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 91.163.134.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.124.145.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.31.213.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 32.160.61.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.30.170.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 39.50.168.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.105.254.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 31.158.248.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.133.219.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 188.106.222.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.68.139.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.129.30.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.130.72.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.171.98.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.173.107.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 29.49.91.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 42.156.49.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 93.137.185.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.202.196.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.48.84.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.251.110.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.82.54.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.15.131.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 129.90.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.118.122.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.138.244.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.5.74.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.48.174.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 61.99.231.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.36.197.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 110.72.65.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 88.8.66.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.75.67.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.102.142.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.4.18.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.27.198.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.37.124.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.143.114.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.84.43.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.161.226.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 36.109.218.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.76.237.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 99.99.212.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.248.40.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.134.243.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.211.52.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 158.171.213.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.212.165.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 255.168.197.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.79.29.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 51.116.224.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 22.128.171.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.210.20.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 94.10.187.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 255.103.241.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 254.252.40.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.127.70.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.236.140.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 155.170.159.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.13.102.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.216.224.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 194.48.33.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 253.193.82.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.198.33.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.167.187.245:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 65.107.248.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.214.243.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 134.232.126.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.150.177.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.100.66.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 202.22.169.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 109.161.99.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.194.42.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.138.85.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.22.166.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 108.32.57.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.226.118.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 222.74.25.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 142.135.73.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.95.95.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 55.31.35.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 113.218.200.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.226.184.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.81.202.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 30.132.63.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 111.122.238.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.165.100.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.105.250.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.13.164.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.42.26.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.134.89.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 77.125.8.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.129.243.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.228.194.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.0.149.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 160.106.132.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 104.114.2.199:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 250.234.192.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.22.7.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.63.213.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.85.225.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 1.62.189.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 244.136.209.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 197.27.25.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 35.215.105.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.201.241.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 17.25.14.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.168.29.199:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.27.25.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.238.125.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.230.248.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 86.121.241.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.127.20.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.67.113.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.181.195.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.48.136.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.141.168.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.6.110.110:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 27.139.158.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 44.58.84.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 13.65.35.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.202.84.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.135.76.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 212.138.208.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.52.188.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.73.231.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 115.104.54.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 129.23.184.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 41.128.180.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.108.161.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 83.46.163.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 47.32.198.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.154.116.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 65.164.78.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 119.7.46.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 207.23.65.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 204.245.246.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 145.123.115.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 183.2.32.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.172.163.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.141.151.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.73.114.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.225.248.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 209.91.85.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.54.215.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.167.64.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 84.41.218.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 211.100.84.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.58.210.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 26.235.60.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 167.107.102.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 134.53.111.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.234.33.158:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.148.251.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.97.35.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 191.136.1.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 124.159.218.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.143.65.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 243.146.62.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.217.167.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.153.189.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.244.83.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 12.140.116.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 107.211.43.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 106.118.136.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.21.6.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.108.180.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.59.96.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 211.28.197.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.70.176.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 97.129.219.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 19.194.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 76.13.54.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.129.222.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.36.11.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.212.142.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 96.13.107.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.209.98.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 131.105.155.26:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 108.204.13.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 58.69.115.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.8.217.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.142.122.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 138.180.66.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 70.45.254.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 111.104.248.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.206.225.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 50.83.62.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.169.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 98.18.67.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.73.40.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.126.39.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 207.27.198.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.150.21.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.3.200.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 145.231.237.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.209.195.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 64.171.76.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.151.138.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.36.53.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 2.57.16.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 74.177.96.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.164.89.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 3.206.253.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.37.94.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 180.18.163.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.156.58.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.29.100.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 193.95.134.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.22.112.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.170.226.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 200.151.33.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.91.209.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 203.224.83.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 82.233.184.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.251.194.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.83.153.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.106.219.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.50.86.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.175.16.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 200.240.191.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 45.120.172.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.100.52.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 176.35.92.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 216.44.148.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 123.221.38.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 49.31.162.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 136.92.167.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 61.105.175.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 220.23.171.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 158.238.193.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.16.29.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 189.116.116.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 25.222.170.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 202.133.130.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 126.135.35.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 53.231.139.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 40.204.77.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 51.251.160.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.166.164.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 244.211.155.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 161.252.165.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 75.161.18.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.78.53.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.192.199.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 149.55.214.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.112.183.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.81.185.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.139.192.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.115.243.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 189.215.76.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 196.205.239.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 102.43.183.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.110.150.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.29.129.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 143.220.100.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 18.160.163.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 143.221.87.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.175.75.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.161.231.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 138.29.56.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.69.177.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.121.170.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 206.242.223.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.194.105.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 213.136.249.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.144.123.205:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 183.211.48.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 42.37.216.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 169.19.223.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 195.138.144.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.137.9.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 156.84.48.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.1.118.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.144.55.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 219.255.48.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.246.244.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 103.37.184.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 52.59.12.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.68.71.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.128.11.167:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 167.81.119.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 162.154.247.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.107.75.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.202.202.242:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 177.242.35.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.232.29.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 223.23.180.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 23.128.92.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.147.239.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 168.106.130.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 199.123.189.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.189.126.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 32.69.9.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.248.51.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 92.122.241.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.91.123.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 54.138.188.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 215.136.174.167:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 153.106.71.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 53.142.206.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.188.4.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 74.16.48.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.58.249.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 117.221.196.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.115.212.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.118.100.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.144.24.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 57.157.78.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 166.194.94.122:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 118.235.233.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 114.106.93.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 242.79.189.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 15.229.189.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 91.137.101.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 148.106.253.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.194.162.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.115.55.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 194.195.34.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 146.100.163.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.219.142.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.148.116.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 182.196.87.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 174.17.142.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 34.108.229.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 54.136.189.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.74.127.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.92.1.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 248.58.79.99:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 133.131.79.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 213.121.58.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 85.40.240.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 124.19.126.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 246.20.123.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 79.97.29.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.102.63.196:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 21.89.14.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 87.237.105.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.126.255.118:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.243.78.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 122.205.92.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 11.214.186.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 154.123.11.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.132.51.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 38.82.4.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 44.234.33.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 179.214.244.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 135.14.194.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 178.146.233.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 137.221.187.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 147.118.96.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 252.195.148.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 95.229.146.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 173.213.254.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.242.240.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 104.12.3.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 17.148.252.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 126.45.87.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 20.224.224.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 170.177.172.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.41.199.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 18.162.155.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 112.37.107.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 46.42.179.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 73.47.17.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 31.147.203.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 81.129.21.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 208.84.137.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 198.33.227.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 14.254.205.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 16.233.31.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 67.87.19.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.53.58.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.103.192.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 89.185.7.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 93.153.112.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 24.194.212.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 217.81.42.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 77.109.30.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 151.75.137.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 152.64.204.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 56.64.2.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 205.161.193.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 72.177.18.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 66.0.199.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 241.200.201.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 82.37.107.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 27.172.45.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 132.183.146.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 250.169.126.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 210.184.194.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 243.86.157.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 185.164.220.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 105.36.154.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 247.144.234.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 28.69.240.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 184.102.192.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 188.136.51.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 159.248.135.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 240.230.110.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 142.89.15.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 4.114.127.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 130.151.105.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 48.36.59.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 33.253.65.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 171.37.97.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:27749 -> 60.154.242.172:2323

Sample listens on a socket

Source: /tmp/na.elf (PID: 5461)

Socket: 127.0.0.1:1234

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 68.162.104.75
Source: unknown	TCP traffic detected without corresponding DNS query: 147.148.157.78
Source: unknown	TCP traffic detected without corresponding DNS query: 241.3.40.75
Source: unknown	TCP traffic detected without corresponding DNS query: 150.254.165.74
Source: unknown	TCP traffic detected without corresponding DNS query: 192.86.142.13
Source: unknown	TCP traffic detected without corresponding DNS query: 29.37.254.227
Source: unknown	TCP traffic detected without corresponding DNS query: 95.88.237.222
Source: unknown	TCP traffic detected without corresponding DNS query: 60.80.130.42
Source: unknown	TCP traffic detected without corresponding DNS query: 46.136.205.195
Source: unknown	TCP traffic detected without corresponding DNS query: 133.237.87.36
Source: unknown	TCP traffic detected without corresponding DNS query: 14.87.228.179
Source: unknown	TCP traffic detected without corresponding DNS query: 121.197.151.242
Source: unknown	TCP traffic detected without corresponding DNS query: 34.122.139.23
Source: unknown	TCP traffic detected without corresponding DNS query: 157.245.168.129
Source: unknown	TCP traffic detected without corresponding DNS query: 86.119.19.197
Source: unknown	TCP traffic detected without corresponding DNS query: 64.132.243.249
Source: unknown	TCP traffic detected without corresponding DNS query: 223.50.21.235
Source: unknown	TCP traffic detected without corresponding DNS query: 66.91.172.14
Source: unknown	TCP traffic detected without corresponding DNS query: 81.194.117.26
Source: unknown	TCP traffic detected without corresponding DNS query: 207.79.234.100
Source: unknown	TCP traffic detected without corresponding DNS query: 187.97.157.59
Source: unknown	TCP traffic detected without corresponding DNS query: 140.30.68.215
Source: unknown	TCP traffic detected without corresponding DNS query: 83.107.73.199
Source: unknown	TCP traffic detected without corresponding DNS query: 196.7.247.126
Source: unknown	TCP traffic detected without corresponding DNS query: 192.196.104.212
Source: unknown	TCP traffic detected without corresponding DNS query: 150.43.255.187
Source: unknown	TCP traffic detected without corresponding DNS query: 87.238.27.57
Source: unknown	TCP traffic detected without corresponding DNS query: 54.58.205.134
Source: unknown	TCP traffic detected without corresponding DNS query: 81.33.202.134
Source: unknown	TCP traffic detected without corresponding DNS query: 253.12.217.115
Source: unknown	TCP traffic detected without corresponding DNS query: 68.65.216.185
Source: unknown	TCP traffic detected without corresponding DNS query: 42.255.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 223.196.107.237
Source: unknown	TCP traffic detected without corresponding DNS query: 60.207.120.241
Source: unknown	TCP traffic detected without corresponding DNS query: 205.174.134.215
Source: unknown	TCP traffic detected without corresponding DNS query: 177.67.148.124
Source: unknown	TCP traffic detected without corresponding DNS query: 155.70.245.180
Source: unknown	TCP traffic detected without corresponding DNS query: 214.74.99.99
Source: unknown	TCP traffic detected without corresponding DNS query: 41.32.26.7
Source: unknown	TCP traffic detected without corresponding DNS query: 107.23.13.65
Source: unknown	TCP traffic detected without corresponding DNS query: 139.79.243.54
Source: unknown	TCP traffic detected without corresponding DNS query: 221.142.97.79
Source: unknown	TCP traffic detected without corresponding DNS query: 62.96.139.3
Source: unknown	TCP traffic detected without corresponding DNS query: 156.118.177.235
Source: unknown	TCP traffic detected without corresponding DNS query: 72.204.252.191
Source: unknown	TCP traffic detected without corresponding DNS query: 217.93.0.217
Source: unknown	TCP traffic detected without corresponding DNS query: 83.39.4.246
Source: unknown	TCP traffic detected without corresponding DNS query: 66.188.198.167
Source: unknown	TCP traffic detected without corresponding DNS query: 3.35.82.72
Source: unknown	TCP traffic detected without corresponding DNS query: 92.244.152.61

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal56.evad.linELF@0/0@2/0

Data Obfuscation

Sample tries to access files in /etc/config/ (typical for OpenWRT routers)

Source: /tmp/na.elf (PID: 5464)

File: /etc/config

Jump to behavior

Creates hidden files and/or directories

Source: /tmp/na.elf (PID: 5464)	Directory: /root/.cache	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.ssh	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.config	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /root/.local	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.X11-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.Test-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.font-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.ICE-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /tmp/.XIM-unix	Jump to behavior
Source: /tmp/na.elf (PID: 5464)	Directory: /etc/.java	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes system log files

Source: /tmp/na.elf (PID: 5464)

Log files deleted: /var/log/kern.log

Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/na.elf (PID: 5461)

Queries kernel information via 'uname':

Jump to behavior

Source: na.elf, 5461.1.00007ffd99b6a000.00007ffd99b8b000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-m68k/tmp/na.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/na.elf
Source: na.elf, 5461.1.000055e9e6dee000.000055e9e6e73000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: na.elf, 5461.1.00007ffd99b6a000.00007ffd99b8b000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: na.elf, 5461.1.000055e9e6dee000.000055e9e6e73000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k

ID:	1528795
Product:	CloudBasic
Start time:	11:03:51
Start date:	08.10.2024
Sample:	na.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	67dcded9ebefd3bd426a3e65bb1d8a0e
SHA1:	d845b1f3ce3885377d842b6f7b3e8ca593dbed25
SHA256:	14fc3b7aa7c33e9db2fea8b9feb81c83acea23f088c9af6ed6332fd878e25aa5
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report na.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
na.elf