Edit tour

Linux Analysis Report
Satan.sh4.elf

Overview

General Information

Sample name:	Satan.sh4.elf
Analysis ID:	1561567
MD5:	07b06943894956ea32a91f710ea8d52f
SHA1:	07792e889b4b5ad805a6a3bf396d8d4e1ed28fef
SHA256:	bf8509f487041673a7d00e7b117dac810967acb7caa30c1e3cbca2d748370248
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561567
Start date and time:	2024-11-23 19:52:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Satan.sh4.elf
Detection:	MAL
Classification:	mal64.linELF@0/0@0/0

Warnings

VT rate limit hit for: Satan.sh4.elf

Runtime Messages

Command:	/tmp/Satan.sh4.elf
PID:	6240
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

Satan.sh4.elf (PID: 6240, Parent: 6162, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/Satan.sh4.elf

Satan.sh4.elf New Fork (PID: 6242, Parent: 6240)

Satan.sh4.elf New Fork (PID: 6244, Parent: 6242)

Satan.sh4.elf New Fork (PID: 6245, Parent: 6242)

Satan.sh4.elf New Fork (PID: 6254, Parent: 6240)

Satan.sh4.elf New Fork (PID: 6256, Parent: 6240)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Satan.sh4.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1108c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1112c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F

Memory Dumps

Source	Rule	Description	Author	Strings
6240.1.00007f6770400000.00007f6770414000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1108c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1112c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6244.1.00007f6770400000.00007f6770414000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1108c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1112c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6254.1.00007f6770400000.00007f6770414000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1108c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1112c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6242.1.00007f6770400000.00007f6770414000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11078:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1108c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11104:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11118:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1112c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11140:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11154:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11168:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1117c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11190:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x111f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11208:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Satan.sh4.elf PID: 6240	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x208f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20a3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20b7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20cb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20df:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x20f3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2107:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x211b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x212f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2143:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2157:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x216b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x217f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x2193:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21a7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21bb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21cf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21e3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x21f7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x220b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x221f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Satan.sh4.elf PID: 6242	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x8be7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8bfb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c0f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c23:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c37:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c4b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c5f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c73:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c87:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8c9b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8caf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8cc3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8cd7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8ceb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8cff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d13:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d27:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d3b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d4f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d63:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x8d77:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Satan.sh4.elf PID: 6244	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x63b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x63f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6404:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6418:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x642c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6440:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6454:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6468:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x647c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6490:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x64f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x651c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x6544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Satan.sh4.elf PID: 6254	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xc12e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc142:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc156:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc16a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc17e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc192:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1a6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1ba:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1ce:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1e2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc1f6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc20a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc21e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc232:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc246:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc25a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc26e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc282:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc296:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc2aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc2be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 3 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Satan.sh4.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Satan.sh4.elf

ReversingLabs: Detection: 65%

Source: global traffic

TCP traffic: 192.168.2.23:38370 -> 193.84.71.119:3778

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119
Source: unknown	TCP traffic detected without corresponding DNS query: 193.84.71.119

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: Satan.sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6240.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6244.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6254.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6242.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Satan.sh4.elf PID: 6240, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Satan.sh4.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Satan.sh4.elf PID: 6244, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Satan.sh4.elf PID: 6254, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: /proc/net/tcp.x86.x86_64.arm.arm5.arm6.arm7.mips.mipsel.sh4.ppc/proc/proc/%d/exe/proc/%s/statusrName:%s/bin/busybox/bin/systemd/usr/bintest/tmp/condi/tmp/zxcr9999/tmp/condinetwork/var/condibot/var/zxcr9999/var/CondiBot/var/condinet/bin/watchdog193.84.71.119

Source: ELF static info symbol of initial sample

.symtab present: no

Source: Satan.sh4.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6240.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6244.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6254.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6242.1.00007f6770400000.00007f6770414000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Satan.sh4.elf PID: 6240, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Satan.sh4.elf PID: 6242, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Satan.sh4.elf PID: 6244, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Satan.sh4.elf PID: 6254, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.linELF@0/0@0/0

Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/6226/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/6240/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/6245/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/4509/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/4504/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/Satan.sh4.elf (PID: 6240)	File opened: /proc/1809/status	Jump to behavior

Source: /tmp/Satan.sh4.elf (PID: 6240)

Queries kernel information via 'uname':

Jump to behavior

Source: Satan.sh4.elf, 6240.1.0000563f9f38c000.0000563f9f416000.rw-.sdmp, Satan.sh4.elf, 6242.1.0000563f9f38c000.0000563f9f3ef000.rw-.sdmp, Satan.sh4.elf, 6244.1.0000563f9f38c000.0000563f9f3ef000.rw-.sdmp, Satan.sh4.elf, 6254.1.0000563f9f38c000.0000563f9f416000.rw-.sdmp	Binary or memory string: ?V5!/etc/qemu-binfmt/sh4
Source: Satan.sh4.elf, 6240.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6242.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6244.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6254.1.00007ffd370df000.00007ffd37100000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: Satan.sh4.elf, 6240.1.0000563f9f38c000.0000563f9f416000.rw-.sdmp, Satan.sh4.elf, 6242.1.0000563f9f38c000.0000563f9f3ef000.rw-.sdmp, Satan.sh4.elf, 6244.1.0000563f9f38c000.0000563f9f3ef000.rw-.sdmp, Satan.sh4.elf, 6254.1.0000563f9f38c000.0000563f9f416000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: Satan.sh4.elf, 6240.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6242.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6244.1.00007ffd370df000.00007ffd37100000.rw-.sdmp, Satan.sh4.elf, 6254.1.00007ffd370df000.00007ffd37100000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/Satan.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Satan.sh4.elf

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Satan.sh4.elf	66%	ReversingLabs	Linux.Trojan.Mirai
Satan.sh4.elf	100%	Avira	LINUX/Mirai.bonb

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
193.84.71.119	unknown	Poland	199478	RADIOCABLE-ASES	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
193.84.71.119	Satan.i686.elf	Get hash	malicious	Unknown	Browse
	Satan.mpsl.elf	Get hash	malicious	Unknown	Browse
	Satan.arm.elf	Get hash	malicious	Mirai	Browse
	Satan.sh4.elf	Get hash	malicious	Unknown	Browse
	Satan.arm7.elf	Get hash	malicious	Mirai	Browse
	Satan.m68k.elf	Get hash	malicious	Mirai	Browse
	Satan.ppc.elf	Get hash	malicious	Unknown	Browse
	Satan.mips.elf	Get hash	malicious	Unknown	Browse
	Satan.arm6.elf	Get hash	malicious	Unknown	Browse
	Satan.x86_64.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	main_arm.elf	Get hash	malicious	Mirai	Browse
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	sora.arm6.elf	Get hash	malicious	Mirai	Browse
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	Mozi.m.elf	Get hash	malicious	Unknown	Browse
	yakuza.m68k.elf	Get hash	malicious	Mirai	Browse
91.189.91.42	main_ppc.elf	Get hash	malicious	Mirai	Browse
	main_arm.elf	Get hash	malicious	Mirai	Browse
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	sora.arm6.elf	Get hash	malicious	Mirai	Browse
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse
	.i.elf	Get hash	malicious	Unknown	Browse
	Mozi.m.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RADIOCABLE-ASES	Satan.i686.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.mpsl.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.arm.elf	Get hash	malicious	Mirai	Browse	193.84.71.119
	Satan.sh4.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.arm7.elf	Get hash	malicious	Mirai	Browse	193.84.71.119
	Satan.m68k.elf	Get hash	malicious	Mirai	Browse	193.84.71.119
	Satan.ppc.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.mips.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.arm6.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
	Satan.x86_64.elf	Get hash	malicious	Unknown	Browse	193.84.71.119
CANONICAL-ASGB	main_ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sora.arm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
CANONICAL-ASGB	main_ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	main_arm.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sora.arm6.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
INIT7CH	main_ppc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	main_arm.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sshd.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sshd.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sora.arm6.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	wheiuwa4.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	.i.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	Mozi.m.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.604505444439499
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Satan.sh4.elf
File size:	82'652 bytes
MD5:	07b06943894956ea32a91f710ea8d52f
SHA1:	07792e889b4b5ad805a6a3bf396d8d4e1ed28fef
SHA256:	bf8509f487041673a7d00e7b117dac810967acb7caa30c1e3cbca2d748370248
SHA512:	5652ae9ae5b686f2dda8044173f966fe07d54168f465520cdb68d092dcc3800e3633c21499aa31ab7bfa19883f38ac46090817d854d3a30586c05779258665df
SSDEEP:	1536:UR5/Vxvh7ZyIzFZZclZcHXJP/cmPdGkMxkr:q/L57ZyIzFbEmpZQxM
TLSH:	A6839D21F0141CE6C8630674F0E8ED75471369F522A62CB26EEEE9A184F368DF44EF94
File Content Preview:	.ELF.....................@.4...LA......4. ...(...............@...@.l4..l4...............@...@B..@B.0...............Q.td..............................././"O.n......#.@........#.*@l...&O.n.l..................................././.../.a"O.!...n...a.b("...q.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	<unknown>
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x4001a0
Flags:	0xc
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	82252
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x2e	0x0	0x6	AX	4
.text	PROGBITS	0x4000e0	0xe0	0x10e80	0x0	0x6	AX	32
.fini	PROGBITS	0x410f60	0x10f60	0x22	0x0	0x6	AX	4
.rodata	PROGBITS	0x410f84	0x10f84	0x24e8	0x0	0x2	A	4
.ctors	PROGBITS	0x4240dc	0x140dc	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x4240e4	0x140e4	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x4240f0	0x140f0	0x1c	0x0	0x3	WA	4
.bss	NOBITS	0x42410c	0x1410c	0xaec	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x1410c	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1346c	0x1346c	6.7750	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x140dc	0x4240dc	0x4240dc	0x30	0xb1c	2.5285	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 19:52:51.402385950 CET	38370	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:51.526242018 CET	3778	38370	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:51.526330948 CET	38370	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:51.535614014 CET	38370	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:51.661292076 CET	3778	38370	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:51.661358118 CET	38370	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:51.788260937 CET	3778	38370	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:51.973301888 CET	43928	443	192.168.2.23	91.189.91.42
Nov 23, 2024 19:52:53.885695934 CET	3778	38370	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:53.886240005 CET	38370	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:54.024185896 CET	3778	38370	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:54.887795925 CET	38372	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:55.060094118 CET	3778	38372	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:55.060214996 CET	38372	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:55.061206102 CET	38372	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:55.310348988 CET	3778	38372	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:55.310482025 CET	38372	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:55.439275026 CET	3778	38372	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:57.294713974 CET	38374	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:57.348507881 CET	42836	443	192.168.2.23	91.189.91.43
Nov 23, 2024 19:52:57.422826052 CET	3778	38374	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:57.422885895 CET	38374	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:57.441612959 CET	38374	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:57.556001902 CET	3778	38372	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:57.556107044 CET	38372	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:57.599812984 CET	3778	38374	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:57.599870920 CET	38374	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:57.827945948 CET	3778	38372	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:57.828843117 CET	3778	38374	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:58.557687998 CET	38376	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:58.628350019 CET	42516	80	192.168.2.23	109.202.202.202
Nov 23, 2024 19:52:58.682259083 CET	3778	38376	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:58.682365894 CET	38376	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:58.683419943 CET	38376	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:58.920471907 CET	3778	38376	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:58.920623064 CET	38376	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:59.051934004 CET	3778	38376	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:59.718673944 CET	3778	38374	193.84.71.119	192.168.2.23
Nov 23, 2024 19:52:59.719186068 CET	38374	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:52:59.844702005 CET	3778	38374	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:00.720752001 CET	38378	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:00.860152960 CET	3778	38378	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:00.860388994 CET	38378	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:00.861228943 CET	38378	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:00.998317957 CET	3778	38378	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:00.998497963 CET	38378	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:01.119927883 CET	3778	38378	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:01.196643114 CET	3778	38376	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:01.196960926 CET	38376	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:01.316528082 CET	3778	38376	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:02.198577881 CET	38380	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:02.321492910 CET	3778	38380	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:02.321739912 CET	38380	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:02.322652102 CET	38380	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:02.442126989 CET	3778	38380	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:02.442266941 CET	38380	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:02.561851025 CET	3778	38380	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:03.172044992 CET	3778	38378	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:03.172523022 CET	38378	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:03.300079107 CET	3778	38378	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:04.174022913 CET	38382	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:04.301023960 CET	3778	38382	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:04.301198006 CET	38382	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:04.302409887 CET	38382	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:04.428525925 CET	3778	38382	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:04.428673983 CET	38382	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:04.557497978 CET	3778	38382	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:04.640716076 CET	3778	38380	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:04.640985966 CET	38380	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:04.761203051 CET	3778	38380	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:05.642573118 CET	38384	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:05.782427073 CET	3778	38384	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:05.782705069 CET	38384	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:05.783916950 CET	38384	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:05.921252012 CET	3778	38384	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:05.921418905 CET	38384	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:06.045510054 CET	3778	38384	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:06.593930960 CET	3778	38382	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:06.594271898 CET	38382	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:06.715620041 CET	3778	38382	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:07.596282005 CET	38386	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:07.787851095 CET	3778	38386	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:07.788093090 CET	38386	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:07.789160013 CET	38386	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:07.916610003 CET	3778	38386	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:07.916762114 CET	38386	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:08.054217100 CET	3778	38386	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:08.149966002 CET	3778	38384	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:08.150278091 CET	38384	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:08.283776999 CET	3778	38384	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:09.152139902 CET	38388	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:09.307115078 CET	3778	38388	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:09.307346106 CET	38388	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:09.308813095 CET	38388	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:09.433592081 CET	3778	38388	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:09.433717966 CET	38388	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:09.800107002 CET	3778	38388	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:10.118743896 CET	3778	38386	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:10.118974924 CET	38386	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:10.285510063 CET	3778	38386	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:11.121721029 CET	38390	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:11.344916105 CET	3778	38390	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:11.345175028 CET	38390	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:11.346724033 CET	38390	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:11.466483116 CET	3778	38390	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:11.466665030 CET	38390	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:11.587174892 CET	3778	38390	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:11.609632969 CET	3778	38388	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:11.609993935 CET	38388	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:11.755820990 CET	3778	38388	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:12.194642067 CET	43928	443	192.168.2.23	91.189.91.42
Nov 23, 2024 19:53:12.611968040 CET	38392	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:12.754168987 CET	3778	38392	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:12.754419088 CET	38392	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:12.755829096 CET	38392	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:12.894469023 CET	3778	38392	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:12.894579887 CET	38392	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:13.027631998 CET	3778	38392	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:13.712527990 CET	3778	38390	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:13.712815046 CET	38390	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:13.952941895 CET	3778	38390	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:14.714951992 CET	38394	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:14.873183012 CET	3778	38394	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:14.873414993 CET	38394	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:14.874939919 CET	38394	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:15.030599117 CET	3778	38394	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:15.030730963 CET	38394	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:15.118740082 CET	3778	38392	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:15.120311975 CET	38392	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:15.194379091 CET	3778	38394	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:15.247245073 CET	3778	38392	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:16.122721910 CET	38396	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:16.249438047 CET	3778	38396	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:16.249553919 CET	38396	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:16.250561953 CET	38396	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:16.403521061 CET	3778	38396	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:16.403769970 CET	38396	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:16.539670944 CET	3778	38396	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:17.228230953 CET	3778	38394	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:17.228447914 CET	38394	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:17.349565983 CET	3778	38394	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:18.230911016 CET	38398	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:18.353249073 CET	3778	38398	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:18.353399038 CET	38398	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:18.354850054 CET	38398	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:18.476192951 CET	3778	38398	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:18.476321936 CET	38398	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:18.596719027 CET	3778	38398	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:18.650033951 CET	3778	38396	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:18.650185108 CET	38396	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:18.770311117 CET	3778	38396	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:19.652601957 CET	38400	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:19.774899960 CET	3778	38400	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:19.775099993 CET	38400	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:19.776603937 CET	38400	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:19.896315098 CET	3778	38400	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:19.896553040 CET	38400	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:20.017837048 CET	3778	38400	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:20.713054895 CET	3778	38398	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:20.713185072 CET	38398	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:20.832720041 CET	3778	38398	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:21.715374947 CET	38402	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:21.872236967 CET	3778	38402	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:21.872493029 CET	38402	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:21.874156952 CET	38402	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:21.999952078 CET	3778	38402	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:22.000199080 CET	38402	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:22.094234943 CET	3778	38400	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:22.094475031 CET	38400	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:22.119673967 CET	3778	38402	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:22.239584923 CET	3778	38400	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:23.097012997 CET	38404	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:23.220838070 CET	3778	38404	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:23.220990896 CET	38404	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:23.222280979 CET	38404	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:23.348448992 CET	3778	38404	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:23.348561049 CET	38404	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:23.470268965 CET	3778	38404	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:24.172312021 CET	3778	38402	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:24.172575951 CET	38402	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:24.292260885 CET	3778	38402	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:24.480920076 CET	42836	443	192.168.2.23	91.189.91.43
Nov 23, 2024 19:53:25.174700975 CET	38406	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:25.395632982 CET	3778	38406	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:25.395797968 CET	38406	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:25.397268057 CET	38406	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:25.533721924 CET	3778	38406	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:25.533916950 CET	38406	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:25.588568926 CET	3778	38404	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:25.588793993 CET	38404	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:25.653484106 CET	3778	38406	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:25.720870972 CET	3778	38404	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:26.590257883 CET	38408	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:26.716650009 CET	3778	38408	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:26.716814995 CET	38408	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:26.717901945 CET	38408	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:26.964747906 CET	3778	38408	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:26.964890003 CET	38408	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:27.084706068 CET	3778	38408	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:27.813179016 CET	3778	38406	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:27.813354015 CET	38406	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:27.977165937 CET	3778	38406	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:28.576298952 CET	42516	80	192.168.2.23	109.202.202.202
Nov 23, 2024 19:53:28.815080881 CET	38410	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:28.937076092 CET	3778	38410	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:28.937186003 CET	38410	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:28.938164949 CET	38410	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:29.083400011 CET	3778	38410	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:29.083548069 CET	38410	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:29.214149952 CET	3778	38408	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:29.214312077 CET	38408	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:29.330254078 CET	3778	38410	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:29.345048904 CET	3778	38408	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:30.216227055 CET	38412	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:30.360739946 CET	3778	38412	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:30.360867023 CET	38412	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:30.361989021 CET	38412	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:30.485269070 CET	3778	38412	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:30.485400915 CET	38412	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:30.605532885 CET	3778	38412	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:31.323201895 CET	3778	38410	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:31.323550940 CET	38410	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:31.470805883 CET	3778	38410	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:32.325716019 CET	38414	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:32.446193933 CET	3778	38414	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:32.446329117 CET	38414	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:32.447525978 CET	38414	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:32.568309069 CET	3778	38414	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:32.568492889 CET	38414	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:32.681982040 CET	3778	38412	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:32.682221889 CET	38412	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:32.689953089 CET	3778	38414	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:32.803277969 CET	3778	38412	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:33.684636116 CET	38416	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:33.844343901 CET	3778	38416	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:33.844846964 CET	38416	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:33.846005917 CET	38416	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:33.966739893 CET	3778	38416	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:33.967029095 CET	38416	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:34.086920977 CET	3778	38416	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:34.813199043 CET	3778	38414	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:34.813499928 CET	38414	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:34.933072090 CET	3778	38414	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:35.815623045 CET	38418	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:35.935774088 CET	3778	38418	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:35.935919046 CET	38418	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:35.937258005 CET	38418	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:36.073307991 CET	3778	38418	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:36.073504925 CET	38418	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:36.141313076 CET	3778	38416	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:36.141623974 CET	38416	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:36.208127022 CET	3778	38418	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:36.263925076 CET	3778	38416	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:37.143779993 CET	38420	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:37.302098036 CET	3778	38420	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:37.302283049 CET	38420	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:37.303945065 CET	38420	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:37.556819916 CET	3778	38420	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:37.557102919 CET	38420	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:37.676700115 CET	3778	38420	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:38.275527000 CET	3778	38418	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:38.275800943 CET	38418	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:38.395268917 CET	3778	38418	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:39.277959108 CET	38422	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:39.401170969 CET	3778	38422	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:39.401431084 CET	38422	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:39.402925968 CET	38422	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:39.529377937 CET	3778	38422	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:39.529524088 CET	38422	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:39.655946016 CET	3778	38422	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:39.876183033 CET	3778	38420	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:39.876447916 CET	38420	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:39.996319056 CET	3778	38420	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:40.878249884 CET	38424	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:41.004596949 CET	3778	38424	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:41.004827976 CET	38424	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:41.006202936 CET	38424	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:41.132400036 CET	3778	38424	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:41.132606030 CET	38424	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:41.252199888 CET	3778	38424	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:41.705269098 CET	3778	38422	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:41.705601931 CET	38422	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:41.831950903 CET	3778	38422	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:42.707773924 CET	38426	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:42.828681946 CET	3778	38426	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:42.828835011 CET	38426	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:42.830221891 CET	38426	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:42.964827061 CET	3778	38426	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:42.965017080 CET	38426	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:43.116488934 CET	3778	38426	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:43.338416100 CET	3778	38424	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:43.338634014 CET	38424	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:43.471618891 CET	3778	38424	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:44.340576887 CET	38428	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:44.460799932 CET	3778	38428	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:44.461060047 CET	38428	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:44.462239981 CET	38428	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:44.634089947 CET	3778	38428	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:44.634248972 CET	38428	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:44.896739960 CET	3778	38428	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:45.169504881 CET	3778	38426	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:45.169785976 CET	38426	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:45.295766115 CET	3778	38426	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:46.171885014 CET	38430	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:46.457484961 CET	3778	38430	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:46.457799911 CET	38430	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:46.459088087 CET	38430	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:46.578613997 CET	3778	38430	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:46.578862906 CET	38430	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:46.699713945 CET	3778	38430	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:46.838341951 CET	3778	38428	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:46.838794947 CET	38428	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:46.963984013 CET	3778	38428	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:47.841025114 CET	38432	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:47.967801094 CET	3778	38432	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:47.968153000 CET	38432	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:47.969367027 CET	38432	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:48.252751112 CET	3778	38432	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:48.253014088 CET	38432	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:48.372646093 CET	3778	38432	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:48.854157925 CET	3778	38430	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:48.854688883 CET	38430	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:48.986730099 CET	3778	38430	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:49.856635094 CET	38434	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:49.998691082 CET	3778	38434	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:49.998959064 CET	38434	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:50.000811100 CET	38434	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:50.120254993 CET	3778	38434	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:50.120578051 CET	38434	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:50.240070105 CET	3778	38434	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:50.427017927 CET	3778	38432	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:50.427475929 CET	38432	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:50.570811033 CET	3778	38432	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:51.429708004 CET	38436	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:51.549350977 CET	3778	38436	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:51.549479008 CET	38436	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:51.550843954 CET	38436	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:51.670304060 CET	3778	38436	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:51.670559883 CET	38436	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:51.790083885 CET	3778	38436	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:52.401614904 CET	3778	38434	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:52.401856899 CET	38434	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:52.542812109 CET	3778	38434	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:53.148952007 CET	43928	443	192.168.2.23	91.189.91.42
Nov 23, 2024 19:53:53.404031038 CET	38438	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:53.550380945 CET	3778	38438	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:53.550462961 CET	38438	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:53.551630020 CET	38438	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:53.711888075 CET	3778	38438	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:53.711978912 CET	38438	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:53.831805944 CET	3778	38438	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:53.850620031 CET	3778	38436	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:53.850734949 CET	38436	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:53.971069098 CET	3778	38436	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:54.852574110 CET	38440	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:54.977758884 CET	3778	38440	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:54.977916002 CET	38440	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:54.979108095 CET	38440	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:55.099839926 CET	3778	38440	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:55.100013018 CET	38440	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:55.219948053 CET	3778	38440	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:55.916517019 CET	3778	38438	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:55.916676044 CET	38438	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:56.038239956 CET	3778	38438	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:56.918931007 CET	38442	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:57.045428991 CET	3778	38442	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:57.045550108 CET	38442	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:57.046781063 CET	38442	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:57.212872028 CET	3778	38442	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:57.213062048 CET	38442	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:57.313769102 CET	3778	38440	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:57.314146996 CET	38440	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:57.350075960 CET	3778	38442	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:57.434959888 CET	3778	38440	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:58.316416025 CET	38444	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:58.448781013 CET	3778	38444	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:58.448914051 CET	38444	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:58.450254917 CET	38444	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:58.771599054 CET	3778	38444	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:58.771862984 CET	38444	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:58.893315077 CET	3778	38444	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:59.428841114 CET	3778	38442	193.84.71.119	192.168.2.23
Nov 23, 2024 19:53:59.429094076 CET	38442	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:53:59.592823982 CET	3778	38442	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:00.431045055 CET	38446	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:00.571017981 CET	3778	38446	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:00.571204901 CET	38446	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:00.572423935 CET	38446	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:00.778287888 CET	3778	38446	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:00.778510094 CET	38446	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:00.816450119 CET	3778	38444	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:00.816622019 CET	38444	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:00.921171904 CET	3778	38446	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:00.941384077 CET	3778	38444	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:01.819040060 CET	38448	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:01.962263107 CET	3778	38448	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:01.962405920 CET	38448	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:01.964063883 CET	38448	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:02.084696054 CET	3778	38448	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:02.084876060 CET	38448	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:02.209722996 CET	3778	38448	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:02.985934019 CET	3778	38446	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:02.986201048 CET	38446	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:03.121670008 CET	3778	38446	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:03.988394976 CET	38450	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:04.256495953 CET	3778	38450	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:04.256613016 CET	38450	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:04.258081913 CET	38450	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:04.321875095 CET	3778	38448	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:04.322072029 CET	38448	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:04.422621012 CET	3778	38450	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:04.422805071 CET	38450	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:04.494951963 CET	3778	38448	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:04.616262913 CET	3778	38450	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:05.323967934 CET	38452	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:05.443475008 CET	3778	38452	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:05.443687916 CET	38452	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:05.445188999 CET	38452	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:05.591136932 CET	3778	38452	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:05.591250896 CET	38452	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:05.715876102 CET	3778	38452	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:06.548108101 CET	3778	38450	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:06.548504114 CET	38450	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:06.689691067 CET	3778	38450	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:07.550501108 CET	38454	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:07.670114994 CET	3778	38454	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:07.670207977 CET	38454	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:07.671080112 CET	38454	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:07.790735006 CET	3778	38454	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:07.790853977 CET	38454	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:07.854100943 CET	3778	38452	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:07.854222059 CET	38452	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:07.920517921 CET	3778	38454	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:07.975105047 CET	3778	38452	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:08.855990887 CET	38456	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:08.982991934 CET	3778	38456	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:08.983088970 CET	38456	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:08.984467030 CET	38456	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:09.151473045 CET	3778	38456	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:09.151684046 CET	38456	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:09.277457952 CET	3778	38456	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:09.985707998 CET	3778	38454	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:09.985918999 CET	38454	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:10.105746984 CET	3778	38454	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:10.988518000 CET	38458	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:11.108253002 CET	3778	38458	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:11.108400106 CET	38458	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:11.109555960 CET	38458	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:11.235452890 CET	3778	38458	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:11.235608101 CET	38458	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:11.313930035 CET	3778	38456	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:11.314285994 CET	38456	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:11.357418060 CET	3778	38458	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:11.474735975 CET	3778	38456	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:12.316740990 CET	38460	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:12.466603994 CET	3778	38460	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:12.466861010 CET	38460	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:12.468060970 CET	38460	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:12.802905083 CET	3778	38460	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:12.803075075 CET	38460	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:12.922626019 CET	3778	38460	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:13.510822058 CET	3778	38458	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:13.511188984 CET	38458	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:13.682327032 CET	3778	38458	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:14.513223886 CET	38462	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:14.636302948 CET	3778	38462	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:14.636531115 CET	38462	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:14.637619972 CET	38462	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:14.776473999 CET	3778	38462	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:14.776664019 CET	38462	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:14.898986101 CET	3778	38462	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:15.041899920 CET	3778	38460	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:15.042274952 CET	38460	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:15.162405968 CET	3778	38460	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:16.044821978 CET	38464	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:16.164449930 CET	3778	38464	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:16.164767027 CET	38464	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:16.166249990 CET	38464	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:16.289041042 CET	3778	38464	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:16.289324999 CET	38464	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:16.409030914 CET	3778	38464	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:16.958604097 CET	3778	38462	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:16.958930969 CET	38462	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:17.081682920 CET	3778	38462	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:17.960560083 CET	38466	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:18.101372004 CET	3778	38466	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:18.101486921 CET	38466	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:18.102380037 CET	38466	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:18.228046894 CET	3778	38466	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:18.228208065 CET	38466	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:18.348421097 CET	3778	38466	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:18.497014999 CET	3778	38464	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:18.497234106 CET	38464	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:18.616889000 CET	3778	38464	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:19.499588013 CET	38468	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:19.629575968 CET	3778	38468	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:19.629889011 CET	38468	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:19.631170034 CET	38468	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:19.875535011 CET	3778	38468	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:19.875802994 CET	38468	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:20.037748098 CET	3778	38468	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:20.409008026 CET	3778	38466	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:20.409337044 CET	38466	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:20.535708904 CET	3778	38466	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:21.411309004 CET	38470	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:21.530919075 CET	3778	38470	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:21.531348944 CET	38470	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:21.532675028 CET	38470	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:21.654783010 CET	3778	38470	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:21.655149937 CET	38470	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:21.782867908 CET	3778	38470	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:22.100122929 CET	3778	38468	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:22.100434065 CET	38468	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:22.220000982 CET	3778	38468	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:23.103030920 CET	38472	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:23.229475975 CET	3778	38472	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:23.229722023 CET	38472	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:23.231190920 CET	38472	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:23.356456995 CET	3778	38472	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:23.356681108 CET	38472	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:23.477370977 CET	3778	38472	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:23.993901968 CET	3778	38470	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:23.994357109 CET	38470	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:24.120589972 CET	3778	38470	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:24.997015953 CET	38474	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:25.116810083 CET	3778	38474	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:25.117053986 CET	38474	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:25.118581057 CET	38474	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:25.238576889 CET	3778	38474	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:25.238823891 CET	38474	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:25.360918045 CET	3778	38474	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:25.682796001 CET	3778	38472	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:25.683199883 CET	38472	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:25.809525013 CET	3778	38472	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:26.686333895 CET	38476	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:26.809700012 CET	3778	38476	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:26.809870005 CET	38476	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:26.811501026 CET	38476	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:26.936758041 CET	3778	38476	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:26.936929941 CET	38476	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:27.058777094 CET	3778	38476	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:27.439496994 CET	3778	38474	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:27.440098047 CET	38474	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:27.562284946 CET	3778	38474	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:28.442195892 CET	38478	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:28.562195063 CET	3778	38478	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:28.562396049 CET	38478	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:28.564470053 CET	38478	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:28.687175035 CET	3778	38478	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:28.687567949 CET	38478	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:28.813987017 CET	3778	38478	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:29.245254040 CET	3778	38476	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:29.245757103 CET	38476	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:29.371367931 CET	3778	38476	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:30.248490095 CET	38480	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:30.370415926 CET	3778	38480	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:30.370763063 CET	38480	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:30.372437000 CET	38480	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:30.492093086 CET	3778	38480	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:30.492371082 CET	38480	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:30.612060070 CET	3778	38480	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:30.917341948 CET	3778	38478	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:30.917679071 CET	38478	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:31.044220924 CET	3778	38478	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:31.919578075 CET	38482	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:32.046196938 CET	3778	38482	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:32.046322107 CET	38482	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:32.047559023 CET	38482	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:32.172991991 CET	3778	38482	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:32.173429966 CET	38482	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:32.293123960 CET	3778	38482	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:32.690254927 CET	3778	38480	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:32.690861940 CET	38480	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:32.816169977 CET	3778	38480	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:33.693377972 CET	38484	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:33.815639973 CET	3778	38484	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:33.815929890 CET	38484	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:33.817430973 CET	38484	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:33.943809986 CET	3778	38484	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:33.944242954 CET	38484	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:34.070863962 CET	3778	38484	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:34.346091032 CET	3778	38482	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:34.346507072 CET	38482	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:34.466167927 CET	3778	38482	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:35.348622084 CET	38486	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:35.472420931 CET	3778	38486	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:35.472769022 CET	38486	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:35.473941088 CET	38486	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:35.593560934 CET	3778	38486	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:35.594018936 CET	38486	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:35.713881016 CET	3778	38486	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:36.128098965 CET	3778	38484	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:36.128701925 CET	38484	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:36.249584913 CET	3778	38484	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:37.131447077 CET	38488	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:37.258038998 CET	3778	38488	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:37.258275986 CET	38488	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:37.260027885 CET	38488	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:37.385947943 CET	3778	38488	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:37.386151075 CET	38488	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:37.509579897 CET	3778	38488	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:37.808331013 CET	3778	38486	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:37.808720112 CET	38486	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:37.930422068 CET	3778	38486	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:38.810900927 CET	38490	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:38.930838108 CET	3778	38490	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:38.931137085 CET	38490	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:38.932398081 CET	38490	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:39.052073002 CET	3778	38490	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:39.052377939 CET	38490	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:39.174823999 CET	3778	38490	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:39.595761061 CET	3778	38488	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:39.596187115 CET	38488	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:39.716759920 CET	3778	38488	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:40.598859072 CET	38492	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:40.723407984 CET	3778	38492	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:40.723571062 CET	38492	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:40.724854946 CET	38492	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:40.844394922 CET	3778	38492	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:40.844543934 CET	38492	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:40.964895010 CET	3778	38492	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:41.323851109 CET	3778	38490	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:41.324151039 CET	38490	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:41.446568012 CET	3778	38490	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:42.326575994 CET	38494	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:42.446177959 CET	3778	38494	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:42.446285963 CET	38494	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:42.447556019 CET	38494	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:42.567045927 CET	3778	38494	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:42.567265034 CET	38494	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:42.687329054 CET	3778	38494	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:43.017774105 CET	3778	38492	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:43.018323898 CET	38492	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:43.138024092 CET	3778	38492	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:44.020718098 CET	38496	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:44.140553951 CET	3778	38496	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:44.140733957 CET	38496	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:44.142029047 CET	38496	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:44.261575937 CET	3778	38496	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:44.261867046 CET	38496	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:44.381433964 CET	3778	38496	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:44.839481115 CET	3778	38494	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:44.839776993 CET	38494	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:44.964411020 CET	3778	38494	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:45.842396021 CET	38498	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:45.963669062 CET	3778	38498	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:45.963907003 CET	38498	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:45.964978933 CET	38498	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:46.088172913 CET	3778	38498	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:46.088428974 CET	38498	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:46.213884115 CET	3778	38498	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:46.538424969 CET	3778	38496	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:46.538899899 CET	38496	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:46.658688068 CET	3778	38496	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:47.541109085 CET	38500	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:47.665096045 CET	3778	38500	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:47.665468931 CET	38500	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:47.666834116 CET	38500	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:47.788729906 CET	3778	38500	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:47.789136887 CET	38500	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:47.911966085 CET	3778	38500	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:48.370872974 CET	3778	38498	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:48.371351957 CET	38498	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:48.491204023 CET	3778	38498	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:49.373912096 CET	38502	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:49.495309114 CET	3778	38502	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:49.495502949 CET	38502	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:49.497028112 CET	38502	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:49.617153883 CET	3778	38502	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:49.617288113 CET	38502	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:49.737409115 CET	3778	38502	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:50.027103901 CET	3778	38500	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:50.027549028 CET	38500	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:50.152957916 CET	3778	38500	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:51.030292034 CET	38504	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:51.150002956 CET	3778	38504	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:51.150321960 CET	38504	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:51.152179956 CET	38504	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:51.272449017 CET	3778	38504	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:51.272670984 CET	38504	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:51.396075964 CET	3778	38504	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:51.783673048 CET	3778	38502	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:51.784262896 CET	38502	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:51.904124975 CET	3778	38502	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:52.786801100 CET	38506	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:52.909919977 CET	3778	38506	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:52.910093069 CET	38506	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:52.910866976 CET	38506	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:53.037246943 CET	3778	38506	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:53.037389040 CET	38506	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:53.163845062 CET	3778	38506	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:53.486848116 CET	3778	38504	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:53.487345934 CET	38504	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:53.606939077 CET	3778	38504	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:54.490267038 CET	38508	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:54.613734007 CET	3778	38508	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:54.614216089 CET	38508	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:54.616245031 CET	38508	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:54.742548943 CET	3778	38508	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:54.742939949 CET	38508	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:54.869587898 CET	3778	38508	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:55.295751095 CET	3778	38506	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:55.296298981 CET	38506	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:55.418045044 CET	3778	38506	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:56.298351049 CET	38510	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:56.422749043 CET	3778	38510	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:56.423054934 CET	38510	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:56.424474955 CET	38510	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:56.546385050 CET	3778	38510	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:56.546632051 CET	38510	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:56.666264057 CET	3778	38510	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:57.074206114 CET	3778	38508	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:57.074650049 CET	38508	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:57.198148966 CET	3778	38508	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:58.077306032 CET	38512	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:58.199604988 CET	3778	38512	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:58.200037003 CET	38512	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:58.201637983 CET	38512	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:58.328026056 CET	3778	38512	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:58.328244925 CET	38512	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:58.450810909 CET	3778	38512	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:58.763056993 CET	3778	38510	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:58.763540983 CET	38510	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:58.883945942 CET	3778	38510	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:59.765079021 CET	38514	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:59.890505075 CET	3778	38514	193.84.71.119	192.168.2.23
Nov 23, 2024 19:54:59.890722036 CET	38514	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:54:59.891992092 CET	38514	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:00.011627913 CET	3778	38514	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:00.011853933 CET	38514	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:00.134406090 CET	3778	38514	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:00.580848932 CET	3778	38512	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:00.581454039 CET	38512	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:00.703038931 CET	3778	38512	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:01.583277941 CET	38516	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:01.703203917 CET	3778	38516	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:01.703362942 CET	38516	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:01.704457998 CET	38516	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:01.824052095 CET	3778	38516	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:01.824220896 CET	38516	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:01.943967104 CET	3778	38516	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:02.174824953 CET	3778	38514	193.84.71.119	192.168.2.23
Nov 23, 2024 19:55:02.175127983 CET	38514	3778	192.168.2.23	193.84.71.119
Nov 23, 2024 19:55:02.301594019 CET	3778	38514	193.84.71.119	192.168.2.23

System Behavior

Analysis Process: Satan.sh4.elf PID: 6240, Parent PID: 6162

General

Start time (UTC):	18:52:50
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	/tmp/Satan.sh4.elf
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6242, Parent PID: 6240

General

Start time (UTC):	18:52:50
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6244, Parent PID: 6242

General

Start time (UTC):	18:52:50
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6245, Parent PID: 6242

General

Start time (UTC):	18:52:50
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6254, Parent PID: 6240

General

Start time (UTC):	18:52:56
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6256, Parent PID: 6240

General

Start time (UTC):	18:52:56
Start date (UTC):	23/11/2024
Path:	/tmp/Satan.sh4.elf
Arguments:	-
File size:	4139976 bytes
MD5 hash:	8943e5f8f8c280467b4472c15ae93ba9

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Satan.sh4.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Satan.sh4.elf PID: 6240, Parent PID: 6162

General

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6242, Parent PID: 6240

General

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6244, Parent PID: 6242

General

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6245, Parent PID: 6242

General

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6254, Parent PID: 6240

General

Chronological Activities

Analysis Process: Satan.sh4.elf PID: 6256, Parent PID: 6240

General

Chronological Activities

Linux Analysis Report
Satan.sh4.elf