Play interactive tour

Edit tour

Linux Analysis Report d8dgn3wGJL

Overview

General Information

Sample Name:	d8dgn3wGJL
Analysis ID:	452442
MD5:	7c8ff25ee476a1cd89bbf529e0ac6af4
SHA1:	71e15a4c42d920302925c7d5ba05ca9f0c27a998
SHA256:	fcafcefe3e66e811cdf3362820d2a7a6f6ae6005374b535357bad4ff349fd4ec
Tags:	32elfmiraisparc
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Uses known network protocols on non-standard ports

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	452442
Start date:	22.07.2021
Start time:	11:13:15
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 41s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	d8dgn3wGJL
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	MAL
Classification:	mal60.troj.lin@0/0@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu1

d8dgn3wGJL (PID: 4577, Parent: 4498, MD5: 7c8ff25ee476a1cd89bbf529e0ac6af4) Arguments: /usr/bin/qemu-sparc /tmp/d8dgn3wGJL

d8dgn3wGJL New Fork (PID: 4579, Parent: 4577)

d8dgn3wGJL New Fork (PID: 4580, Parent: 4577)

d8dgn3wGJL New Fork (PID: 4581, Parent: 4577)

d8dgn3wGJL New Fork (PID: 4586, Parent: 4581)

d8dgn3wGJL New Fork (PID: 4589, Parent: 4581)

d8dgn3wGJL New Fork (PID: 4590, Parent: 4581)

cleanup

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: d8dgn3wGJL

Virustotal: Detection: 52%

Perma Link

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.149.119.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.217.150.42: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.247.122.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.93.207.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.226.91.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.143.81.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.93.123.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.200.163.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.80.250.104: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.94.210.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 71.93.5.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.93.12.45: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 124.156.224.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 58.84.7.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.254.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.125.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.198.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 212.114.226.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.4.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.11.163.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.41.32.46: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 68.149.236.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.227.232.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.157.128.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.141.64.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.113.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.144.146.49: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.81.151.59: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.192.60.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.118.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.191.190: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.146.155.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.166.216.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.80.250.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.135.119.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 47.229.222.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.6.30.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.240.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 23.231.80.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 27.29.140.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 218.97.37.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.97.24.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.12.217.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.74.42.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 75.227.207.59:23 -> 192.168.2.20:45260
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 153.120.21.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.224.216.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.151.127.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.121.107.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.189.144: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.105.153: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.55.27.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 184.164.65.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 107.10.249.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 150.95.47.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.248.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.169.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.194.133.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.183.225.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.249.71.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.216.40.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.78.97.142: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.73.64.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.163.109.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.47.20.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.207.133.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 135.148.4.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.82.111.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.255.161.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 18.144.83.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.103.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.130.39.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.118.176.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.52.55.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.6.124.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.95.2.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.213.197: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.51.177.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.56.14.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.195.137.51: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.33.155.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.18.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.194.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.156.248.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.135.213.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.189.141.182: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 5.8.126.213: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.132.46.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.53.160.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 23.28.89.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.79.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.17.147: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.191.152: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.130.161.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 121.5.175.241: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.187.46.27:23 -> 192.168.2.20:60006
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.174.41.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 45.149.0.193: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.104.174.184: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.156.206.75: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.234.1.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.73.148.255: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.150.160.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 164.106.225.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.35.100.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.160.66.100: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.59.214.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.102.75.137: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.51.53.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.10.4.32: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.29.131.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.53.159.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.56.244.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.164.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.171.89: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 1.234.41.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.187.33: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 158.43.20.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.183.249.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.211.25.72: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.153.62.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 176.119.33.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.83.176.57: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 75.64.225.7: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.111.109: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.156.46.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.101.46.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.127.145: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.94.92.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.201.150.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.188.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.1.105.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.75.119.231: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.95.115.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 203.218.44.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.4.218.157: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.172.248.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.6.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.102.194.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 189.90.240.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.223.196.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.245.10.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.136.94.162: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.11.240.179: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.69.214.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 61.213.90.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.204.99.251: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.128.47.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.247.61.41: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.77.240.189: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.232.138.116: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.171.180.78: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.150.196.172: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.83.188: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.142.212.167: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.157.93.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.103.216.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.151.106: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.16.241.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.19.78.5: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.201.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.41.242.192: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 149.172.24.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.240.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.20.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.132.34: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 156.251.133.58: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.92.112.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.72.11.195: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.77.64.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.202.238.220: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 65.199.0.219: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 91.235.136.87: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.213.54.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.97.23.35: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 160.16.149.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.125.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.6.159.228: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 89.252.188.73: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.152.56.101: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.209.255.222: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 72.76.192.206: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.10.0.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 86.66.74.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.179.68.223: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.3.57.111: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.96.179.123: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.141.71.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.188.205.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.213.61.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.139.255.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.79.152.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.54.120.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 83.68.16.199:23 -> 192.168.2.20:44360
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.135.122.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.9.42.169: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 69.51.31.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.127.90.145:23 -> 192.168.2.20:48594
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.196.181.239: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 173.10.70.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 32.114.112.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.28.161.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.62.166.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.114.68.119: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.154.247.82: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.1.21: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.10.101.4: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.222.150.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.22.5.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.210.27.80: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.219.3.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.207.240.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.197.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 41.182.18.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.232.160.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.22.102.132: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.122.92.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 122.254.113.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.115.178.173: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 194.102.118.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 59.158.46.180:23 -> 192.168.2.20:44532
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.205.47.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.75.172.40: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.53.106.103: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 195.21.45.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.172.81.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.12.144.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.217.87.115: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.173.75.25: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.17.220.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.116.255.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.14.78.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.64.254: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.9.83.117: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 149.87.185.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 161.8.23.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 172.80.33.170: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.199.107.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.52.113.254:23 -> 192.168.2.20:49058
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.246.154.113: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.9.3.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.153.89.187: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 193.234.156.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.86.54.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.201.167.244: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.28.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.195.145.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 40.134.62.141: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 63.241.135.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 82.54.146.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 10.201.61.246: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.61.56.65: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.214.182.74: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.233.211.194: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.228.166.230: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 192.3.221.15: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.155.185.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 77.220.252.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.71.153.91: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 90.186.8.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.19.243.17: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.244.187.227: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.135.108.1:23 -> 192.168.2.20:55136
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.76.33.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.130.66: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.46.228.99: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.251.65.120: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.142.59.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.150.125.155: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.216.104.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.171.25.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.201.131.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.13.24.92: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 154.214.16.94: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.162.159.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.220.85.55: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.158.231.238: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 119.254.62.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.87.171.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.98.224.69: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.212.209.112: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.212.200.250: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 176.95.180.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.33.49.6: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.22.6.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.222.109.36: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.232.35.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 103.3.189.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.199.54.26: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.73.81.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.246.171.232: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 79.110.188.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 128.136.244.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.222.183.71: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.91.143.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.150.25.148: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 136.0.240.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.149.17.73: -> 192.168.2.20:

Uses known network protocols on non-standard ports

Show sources

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Source: global traffic

TCP traffic: 192.168.2.20:35686 -> 37.230.137.227:1312

Source: unknown	TCP traffic detected without corresponding DNS query: 37.230.137.227
Source: unknown	TCP traffic detected without corresponding DNS query: 180.130.46.34
Source: unknown	TCP traffic detected without corresponding DNS query: 105.236.132.34
Source: unknown	TCP traffic detected without corresponding DNS query: 92.234.236.52
Source: unknown	TCP traffic detected without corresponding DNS query: 212.164.101.30
Source: unknown	TCP traffic detected without corresponding DNS query: 18.77.169.252
Source: unknown	TCP traffic detected without corresponding DNS query: 147.97.26.63
Source: unknown	TCP traffic detected without corresponding DNS query: 53.197.153.131
Source: unknown	TCP traffic detected without corresponding DNS query: 201.84.142.86
Source: unknown	TCP traffic detected without corresponding DNS query: 109.195.99.194
Source: unknown	TCP traffic detected without corresponding DNS query: 188.32.88.90
Source: unknown	TCP traffic detected without corresponding DNS query: 112.35.99.249
Source: unknown	TCP traffic detected without corresponding DNS query: 158.172.106.31
Source: unknown	TCP traffic detected without corresponding DNS query: 192.195.79.108
Source: unknown	TCP traffic detected without corresponding DNS query: 188.23.44.229
Source: unknown	TCP traffic detected without corresponding DNS query: 31.136.105.138
Source: unknown	TCP traffic detected without corresponding DNS query: 183.190.202.216
Source: unknown	TCP traffic detected without corresponding DNS query: 166.15.179.195
Source: unknown	TCP traffic detected without corresponding DNS query: 194.240.107.221
Source: unknown	TCP traffic detected without corresponding DNS query: 101.143.149.34
Source: unknown	TCP traffic detected without corresponding DNS query: 219.11.157.6
Source: unknown	TCP traffic detected without corresponding DNS query: 198.146.131.193
Source: unknown	TCP traffic detected without corresponding DNS query: 223.124.4.251
Source: unknown	TCP traffic detected without corresponding DNS query: 166.8.0.125
Source: unknown	TCP traffic detected without corresponding DNS query: 101.249.202.153
Source: unknown	TCP traffic detected without corresponding DNS query: 157.255.7.1
Source: unknown	TCP traffic detected without corresponding DNS query: 220.251.220.39
Source: unknown	TCP traffic detected without corresponding DNS query: 36.69.14.93
Source: unknown	TCP traffic detected without corresponding DNS query: 200.112.47.141
Source: unknown	TCP traffic detected without corresponding DNS query: 46.113.34.200
Source: unknown	TCP traffic detected without corresponding DNS query: 78.236.158.44
Source: unknown	TCP traffic detected without corresponding DNS query: 27.53.243.194
Source: unknown	TCP traffic detected without corresponding DNS query: 93.84.215.82
Source: unknown	TCP traffic detected without corresponding DNS query: 255.91.13.229
Source: unknown	TCP traffic detected without corresponding DNS query: 109.233.55.61
Source: unknown	TCP traffic detected without corresponding DNS query: 17.175.65.191
Source: unknown	TCP traffic detected without corresponding DNS query: 161.42.0.250
Source: unknown	TCP traffic detected without corresponding DNS query: 24.56.58.134
Source: unknown	TCP traffic detected without corresponding DNS query: 170.9.38.57
Source: unknown	TCP traffic detected without corresponding DNS query: 120.102.96.94
Source: unknown	TCP traffic detected without corresponding DNS query: 114.89.56.214
Source: unknown	TCP traffic detected without corresponding DNS query: 103.179.83.227
Source: unknown	TCP traffic detected without corresponding DNS query: 178.25.145.67
Source: unknown	TCP traffic detected without corresponding DNS query: 74.150.165.252
Source: unknown	TCP traffic detected without corresponding DNS query: 12.113.97.251
Source: unknown	TCP traffic detected without corresponding DNS query: 195.47.85.209
Source: unknown	TCP traffic detected without corresponding DNS query: 217.49.133.15
Source: unknown	TCP traffic detected without corresponding DNS query: 31.80.111.48
Source: unknown	TCP traffic detected without corresponding DNS query: 240.85.153.239
Source: unknown	TCP traffic detected without corresponding DNS query: 116.50.227.1

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal60.troj.lin@0/0@0/0

Source: submitted sample

Stderr: pc: 0001daa8 npc: 0001daac%g0-7: 00000000 00000018 00000000 00000001 000306bc 00000000 00000070 00000000%o0-7: 000306b7 f6ffad53 00000400 0000002c 0001c170 00000000 f6fface0 0001cab4 %l0-7: f6ffad40 f6ffad40 00000000 00000001 000003f0 00000004 00000000 00000000 %i0-7: 000306a4 000306a4 00000400 0000003c 0001c160 00000000 f6ffb148 0001d958 %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000%f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000psr: 04900001 (icc: N--C SPE: ---) wim: 00000001fsr: 00000000 y: 00000000: exit code = 0

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown

Network traffic detected: HTTP traffic on port 23 -> 39270

Source: /tmp/d8dgn3wGJL (PID: 4577)

Queries kernel information via 'uname':

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Non-Standard Port11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
d8dgn3wGJL	52%	Virustotal		Browse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
96.80.119.73	unknown	United States	7922	COMCAST-7922US	false
110.220.205.165	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
186.8.103.81	unknown	Uruguay	19422	TelefonicaMovilesdelUruguaySAUY	false
9.151.73.175	unknown	United States	3356	LEVEL3US	false
244.41.150.76	unknown	Reserved	unknown	unknown	false
159.169.253.102	unknown	United States	28686	AVECTRIS-ASCH	false
110.91.165.153	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
100.138.149.140	unknown	United States	21928	T-MOBILE-AS21928US	false
31.136.150.35	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
172.188.114.229	unknown	United States	7018	ATT-INTERNET4US	false
43.152.190.246	unknown	Japan	4249	LILLY-ASUS	false
173.97.209.95	unknown	United States	1239	SPRINTLINKUS	false
170.70.84.141	unknown	Mexico	10420	BancodeMexicoMX	false
208.179.154.138	unknown	United States	11509	TIERZERO-AS11509US	false
255.248.130.166	unknown	Reserved	unknown	unknown	false
59.23.230.78	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
63.139.108.31	unknown	United States	7029	WINDSTREAMUS	false
16.40.26.19	unknown	United States	unknown	unknown	false
93.171.110.72	unknown	Czech Republic	42772	A1-BY-ASBY	false
58.173.90.103	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
154.44.177.227	unknown	United States	174	COGENT-174US	false
203.54.53.98	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
210.37.80.135	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
162.128.14.245	unknown	United States	14566	AS14566US	false
152.0.189.16	unknown	Dominican Republic	6400	CompaniaDominicanadeTelefonosSADO	false
91.102.26.204	unknown	Norway	41741	BBS-ASNO	false
163.166.98.3	unknown	United Kingdom	15914	BritishAirwaysGB	false
202.135.117.234	unknown	Japan	2687	ATGS-MMD-ASUS	false
62.23.12.103	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
70.210.119.248	unknown	United States	6167	CELLCO-PARTUS	false
208.41.125.41	unknown	United States	4565	MEGAPATH2-US	false
202.146.43.79	unknown	Indonesia	38754	PRIMENET-AS-IDPRIMEDIAARMOEKADATAINTERNETPTID	false
195.225.82.230	unknown	unknown	25148	BASEFARM-ASNOslo-NorwayNO	false
96.161.248.210	unknown	United States	7922	COMCAST-7922US	false
106.79.68.135	unknown	India	45271	ICLNET-AS-APIdeaCellularLimitedIN	false
109.2.36.81	unknown	France	15557	LDCOMNETFR	false
251.25.165.77	unknown	Reserved	unknown	unknown	false
193.116.228.182	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
74.52.27.62	unknown	United States	36351	SOFTLAYERUS	false
191.103.96.36	unknown	Argentina	262932	COMPANIADECIRCUITOSCERRADOSSAAR	false
9.66.92.155	unknown	United States	3356	LEVEL3US	false
147.171.5.176	unknown	France	1942	FR-TIGREToileInformatiqueGREnobloiseEU	false
108.66.209.194	unknown	United States	7018	ATT-INTERNET4US	false
39.1.255.121	unknown	Taiwan; Republic of China (ROC)	18182	SONET-TWSonyNetworkTaiwanLimitedTW	false
60.101.227.11	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
74.140.211.184	unknown	United States	10796	TWC-10796-MIDWESTUS	false
149.147.37.110	unknown	Kuwait	42961	GPRS-ASZAINKW	false
71.94.21.166	unknown	United States	20115	CHARTER-20115US	false
217.244.187.227	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	true
158.193.29.18	unknown	Slovakia (SLOVAK Republic)	2607	SANETSlovakAcademicNetworkSK	false
177.201.129.228	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
79.66.22.135	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
94.213.158.119	unknown	Netherlands	33915	TNF-ASNL	false
73.75.1.216	unknown	United States	7922	COMCAST-7922US	false
47.225.65.210	unknown	United States	20115	CHARTER-20115US	false
13.185.102.49	unknown	United States	7018	ATT-INTERNET4US	false
39.151.168.116	unknown	China	24445	CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCN	false
98.185.68.245	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
14.231.69.168	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
65.136.64.248	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
67.135.133.193	unknown	United States	23409	AS-FOFCOSUS	false
71.101.97.146	unknown	United States	701	UUNETUS	false
121.62.40.189	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
34.92.28.213	unknown	United States	15169	GOOGLEUS	false
192.215.126.28	unknown	United States	4266	CERNET-ASN-BLOCKUS	false
34.178.238.199	unknown	United States	2686	ATGS-MMD-ASUS	false
168.252.211.92	unknown	Australia	7474	OPTUSCOM-AS01-AUSingTelOptusPtyLtdAU	false
247.40.238.252	unknown	Reserved	unknown	unknown	false
189.238.52.156	unknown	Mexico	8151	UninetSAdeCVMX	false
211.41.228.12	unknown	Korea Republic of	9943	KNCTV-ASKangNamCableTVKR	false
85.190.130.159	unknown	Germany	199610	MARBISDE	false
5.17.148.25	unknown	Russian Federation	41733	ZTELECOM-ASRU	false
45.173.189.214	unknown	Brazil	268886	WILLYNETPROVEDORBR	false
254.4.121.201	unknown	Reserved	unknown	unknown	false
74.123.239.183	unknown	United States	17030	PRIMERICA-17030US	false
153.58.29.209	unknown	United States	14962	NCR-252US	false
194.232.154.71	unknown	Austria	5403	AS5403AT	false
13.178.149.151	unknown	United States	7018	ATT-INTERNET4US	false
251.91.166.212	unknown	Reserved	unknown	unknown	false
122.9.23.116	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
210.182.182.179	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
58.231.59.184	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
75.106.120.33	unknown	United States	7155	VIASAT-SP-BACKBONEUS	false
175.252.45.55	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
195.222.62.194	unknown	Bosnia and Herzegowina	9146	BIHNETBIHNETAutonomusSystemBA	false
181.242.187.203	unknown	Colombia	26611	COMCELSACO	false
36.69.14.93	unknown	Indonesia	7713	TELKOMNET-AS-APPTTelekomunikasiIndonesiaID	false
14.180.45.48	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
221.207.216.133	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
145.87.165.122	unknown	Netherlands	29396	EUROFIBER-UNETEUROFIBERUNETNetworkNL	false
152.77.92.14	unknown	France	1942	FR-TIGREToileInformatiqueGREnobloiseEU	false
162.125.189.94	unknown	United States	19679	DROPBOXUS	false
168.37.109.99	unknown	United States	1761	TDIR-CAPNETUS	false
253.207.80.50	unknown	Reserved	unknown	unknown	false
67.66.161.97	unknown	United States	7018	ATT-INTERNET4US	false
180.85.234.147	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
73.229.102.52	unknown	United States	7922	COMCAST-7922US	false
250.156.175.16	unknown	Reserved	unknown	unknown	false
198.247.229.28	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
152.124.52.200	unknown	United States	29992	VA-TMP-COREUS	false

Runtime Messages

Command:	/tmp/d8dgn3wGJL
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Connected To CNC Unhandled trap: 0x7
Standard Error:	pc: 0001daa8 npc: 0001daac %g0-7: 00000000 00000018 00000000 00000001 000306bc 00000000 00000070 00000000 %o0-7: 000306b7 f6ffad53 00000400 0000002c 0001c170 00000000 f6fface0 0001cab4 %l0-7: f6ffad40 f6ffad40 00000000 00000001 000003f0 00000004 00000000 00000000 %i0-7: 000306a4 000306a4 00000400 0000003c 0001c160 00000000 f6ffb148 0001d958 %f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 %f08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 %f16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 %f24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 psr: 04900001 (icc: N--C SPE: ---) wim: 00000001 fsr: 00000000 y: 00000000

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LEVEL3US	sDwNKSpuhB	Get hash	malicious	Browse	8.89.10.151
	8ZJ0cPowTy	Get hash	malicious	Browse	9.190.139.100
	XuQRPW44hi	Get hash	malicious	Browse	4.17.92.85
	Taf5zLti30	Get hash	malicious	Browse	63.213.20.124
	5qpsqg7U0G	Get hash	malicious	Browse	4.223.97.64
	GEso3CniSk	Get hash	malicious	Browse	4.67.189.0
	U4r9W64doy	Get hash	malicious	Browse	8.125.111.71
	C4PozjQdGE	Get hash	malicious	Browse	9.163.192.142
	CefN2XNyFi	Get hash	malicious	Browse	63.211.32.24
	Qka3fi8NpL	Get hash	malicious	Browse	4.85.160.229
	c51w5YSYdO	Get hash	malicious	Browse	9.18.53.156
	Xr3hmBQcmw	Get hash	malicious	Browse	4.176.67.159
	xjYvqOne1t	Get hash	malicious	Browse	4.225.49.79
	rxfttQnoO5	Get hash	malicious	Browse	209.84.172.192
	sora.arm7	Get hash	malicious	Browse	4.42.84.14
	iUmNR6tkEd	Get hash	malicious	Browse	4.9.157.144
	LDWhPg4vRM	Get hash	malicious	Browse	9.160.127.38
	CGjf615z6v	Get hash	malicious	Browse	9.245.2.66
	u47x3rc20t	Get hash	malicious	Browse	4.143.149.176
	SvmxfeZM5Z	Get hash	malicious	Browse	9.26.96.16
TelefonicaMovilesdelUruguaySAUY	FN0ZF2Nm21	Get hash	malicious	Browse	186.8.115.24
COMCAST-7922US	s54l0GKMh9	Get hash	malicious	Browse	24.131.135.95
	D1dU3jQ1II	Get hash	malicious	Browse	73.221.68.185
	sDwNKSpuhB	Get hash	malicious	Browse	66.31.123.8
	A7X93JRxhp	Get hash	malicious	Browse	174.160.234.12
	92CRMNlBq8	Get hash	malicious	Browse	96.129.115.21
	XuQRPW44hi	Get hash	malicious	Browse	96.75.11.28
	Taf5zLti30	Get hash	malicious	Browse	73.105.22.60
	5qpsqg7U0G	Get hash	malicious	Browse	50.150.213.54
	LyxN1ckWTW	Get hash	malicious	Browse	73.76.173.103
	VGi1EK6T17	Get hash	malicious	Browse	96.193.32.170
	U4r9W64doy	Get hash	malicious	Browse	76.142.58.170
	C4PozjQdGE	Get hash	malicious	Browse	74.30.218.252
	CefN2XNyFi	Get hash	malicious	Browse	96.191.119.186
	7OAzOUL9cd	Get hash	malicious	Browse	67.184.88.190
	MD5OxTSc6i	Get hash	malicious	Browse	24.128.44.113
	Qka3fi8NpL	Get hash	malicious	Browse	74.156.139.185
	Xr3hmBQcmw	Get hash	malicious	Browse	96.80.132.77
	xjYvqOne1t	Get hash	malicious	Browse	73.136.89.242
	SUpODCSauS	Get hash	malicious	Browse	71.197.70.248
	sora.arm7	Get hash	malicious	Browse	98.245.173.86
CTTNETChinaTieTongTelecommunicationsCorporationCN	sDwNKSpuhB	Get hash	malicious	Browse	36.219.130.2
	A7X93JRxhp	Get hash	malicious	Browse	110.206.233.25
	Taf5zLti30	Get hash	malicious	Browse	123.87.164.15
	5qpsqg7U0G	Get hash	malicious	Browse	122.95.10.12
	U5q75RGCmQ	Get hash	malicious	Browse	122.71.101.44
	GEso3CniSk	Get hash	malicious	Browse	222.45.77.49
	BTNNG17tlh	Get hash	malicious	Browse	122.71.101.71
	U4r9W64doy	Get hash	malicious	Browse	110.216.8.38
	C4PozjQdGE	Get hash	malicious	Browse	175.75.128.119
	kb5IbEJU8c	Get hash	malicious	Browse	110.59.218.218
	7OAzOUL9cd	Get hash	malicious	Browse	122.93.45.57
	MD5OxTSc6i	Get hash	malicious	Browse	110.123.21.115
	Qka3fi8NpL	Get hash	malicious	Browse	123.88.172.170
	c51w5YSYdO	Get hash	malicious	Browse	101.147.99.54
	rxfttQnoO5	Get hash	malicious	Browse	111.151.61.171
	LDWhPg4vRM	Get hash	malicious	Browse	101.150.83.171
	CGjf615z6v	Get hash	malicious	Browse	122.73.224.9
	yZEHOt8K7X	Get hash	malicious	Browse	111.151.185.213
	ehn0f1d63M	Get hash	malicious	Browse	101.155.119.242
	qgQgEjI283	Get hash	malicious	Browse	36.221.14.98

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.035606314487842
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	d8dgn3wGJL
File size:	60412
MD5:	7c8ff25ee476a1cd89bbf529e0ac6af4
SHA1:	71e15a4c42d920302925c7d5ba05ca9f0c27a998
SHA256:	fcafcefe3e66e811cdf3362820d2a7a6f6ae6005374b535357bad4ff349fd4ec
SHA512:	176111ad556af440f0031cb0e03d15c19a16e4169d2aafef86a4d50ebc4dab3df9a8ec23eb49807732a500d04738f9c125ff7440c2f7e350a5947474183ba117
SSDEEP:	768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCDm:eL0AxvSHfymp0xgunvCkV6vTMDaul
File Content Preview:	.ELF...........................4...l.....4. ...(.......................................................x............dt.Q................................@..(....@.8R................#.....b0..`.....!..... ...@.....".........`......$ ... ...@...........`....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	Sparc
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x101a4
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	60012
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10094	0x94	0x1c	0x0	0x6	AX	4
.text	PROGBITS	0x100b0	0xb0	0xe180	0x0	0x6	AX	4
.fini	PROGBITS	0x1e230	0xe230	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x1e248	0xe248	0x668	0x0	0x2	A	8
.ctors	PROGBITS	0x2e8b4	0xe8b4	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x2e8bc	0xe8bc	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x2e8c8	0xe8c8	0x164	0x0	0x3	WA	8
.bss	NOBITS	0x2ea30	0xea2c	0x288	0x0	0x3	WA	8
.shstrtab	STRTAB	0x0	0xea2c	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000	0x10000	0xe8b0	0xe8b0	3.3883	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xe8b4	0x2e8b4	0x2e8b4	0x178	0x404	0.3183	0x6	RW	0x10000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 11:13:50.767258883 CEST	35686	1312	192.168.2.20	37.230.137.227
Jul 22, 2021 11:13:50.773401022 CEST	21724	23	192.168.2.20	180.130.46.34
Jul 22, 2021 11:13:50.773467064 CEST	21724	23	192.168.2.20	105.236.132.34
Jul 22, 2021 11:13:50.773492098 CEST	21724	23	192.168.2.20	110.194.80.32
Jul 22, 2021 11:13:50.773504019 CEST	21724	23	192.168.2.20	92.234.236.52
Jul 22, 2021 11:13:50.773514986 CEST	21724	23	192.168.2.20	212.164.101.30
Jul 22, 2021 11:13:50.773526907 CEST	21724	23	192.168.2.20	210.116.140.216
Jul 22, 2021 11:13:50.773540020 CEST	21724	23	192.168.2.20	18.77.169.252
Jul 22, 2021 11:13:50.773559093 CEST	21724	23	192.168.2.20	147.97.26.63
Jul 22, 2021 11:13:50.773575068 CEST	21724	23	192.168.2.20	53.197.153.131
Jul 22, 2021 11:13:50.773582935 CEST	21724	23	192.168.2.20	201.84.142.86
Jul 22, 2021 11:13:50.773587942 CEST	21724	23	192.168.2.20	109.195.99.194
Jul 22, 2021 11:13:50.773690939 CEST	21724	23	192.168.2.20	188.32.88.90
Jul 22, 2021 11:13:50.773689985 CEST	21724	23	192.168.2.20	112.35.99.249
Jul 22, 2021 11:13:50.773732901 CEST	21724	23	192.168.2.20	158.172.106.31
Jul 22, 2021 11:13:50.773803949 CEST	21724	23	192.168.2.20	192.195.79.108
Jul 22, 2021 11:13:50.773824930 CEST	21724	23	192.168.2.20	188.23.44.229
Jul 22, 2021 11:13:50.773843050 CEST	21724	23	192.168.2.20	31.136.105.138
Jul 22, 2021 11:13:50.773858070 CEST	21724	23	192.168.2.20	183.190.202.216
Jul 22, 2021 11:13:50.773864031 CEST	21724	23	192.168.2.20	166.15.179.195
Jul 22, 2021 11:13:50.773871899 CEST	21724	23	192.168.2.20	194.240.107.221
Jul 22, 2021 11:13:50.773878098 CEST	21724	23	192.168.2.20	101.143.149.34
Jul 22, 2021 11:13:50.773895025 CEST	21724	23	192.168.2.20	219.11.157.6
Jul 22, 2021 11:13:50.773910999 CEST	21724	23	192.168.2.20	198.146.131.193
Jul 22, 2021 11:13:50.773927927 CEST	21724	23	192.168.2.20	223.124.4.251
Jul 22, 2021 11:13:50.773982048 CEST	21724	23	192.168.2.20	166.8.0.125
Jul 22, 2021 11:13:50.773984909 CEST	21724	23	192.168.2.20	101.249.202.153
Jul 22, 2021 11:13:50.773998022 CEST	21724	23	192.168.2.20	157.255.7.1
Jul 22, 2021 11:13:50.774007082 CEST	21724	23	192.168.2.20	220.251.220.39
Jul 22, 2021 11:13:50.774017096 CEST	21724	23	192.168.2.20	36.69.14.93
Jul 22, 2021 11:13:50.774035931 CEST	21724	23	192.168.2.20	200.112.47.141
Jul 22, 2021 11:13:50.774038076 CEST	21724	23	192.168.2.20	46.113.34.200
Jul 22, 2021 11:13:50.774055004 CEST	21724	23	192.168.2.20	78.236.158.44
Jul 22, 2021 11:13:50.774065971 CEST	21724	23	192.168.2.20	27.53.243.194
Jul 22, 2021 11:13:50.774090052 CEST	21724	23	192.168.2.20	93.84.215.82
Jul 22, 2021 11:13:50.774100065 CEST	21724	23	192.168.2.20	255.91.13.229
Jul 22, 2021 11:13:50.774121046 CEST	21724	23	192.168.2.20	109.233.55.61
Jul 22, 2021 11:13:50.774166107 CEST	21724	23	192.168.2.20	17.175.65.191
Jul 22, 2021 11:13:50.774178982 CEST	21724	23	192.168.2.20	161.42.0.250
Jul 22, 2021 11:13:50.774190903 CEST	21724	23	192.168.2.20	24.56.58.134
Jul 22, 2021 11:13:50.774216890 CEST	21724	23	192.168.2.20	170.9.38.57
Jul 22, 2021 11:13:50.774216890 CEST	21724	23	192.168.2.20	120.102.96.94
Jul 22, 2021 11:13:50.774229050 CEST	21724	23	192.168.2.20	114.89.56.214
Jul 22, 2021 11:13:50.774235010 CEST	21724	23	192.168.2.20	103.179.83.227
Jul 22, 2021 11:13:50.774239063 CEST	21724	23	192.168.2.20	178.25.145.67
Jul 22, 2021 11:13:50.774277925 CEST	21724	23	192.168.2.20	74.150.165.252
Jul 22, 2021 11:13:50.774279118 CEST	21724	23	192.168.2.20	12.113.97.251
Jul 22, 2021 11:13:50.774286985 CEST	21724	23	192.168.2.20	195.47.85.209
Jul 22, 2021 11:13:50.774313927 CEST	21724	23	192.168.2.20	217.49.133.15
Jul 22, 2021 11:13:50.774317026 CEST	21724	23	192.168.2.20	31.80.111.48
Jul 22, 2021 11:13:50.774359941 CEST	21724	23	192.168.2.20	240.85.153.239
Jul 22, 2021 11:13:50.774399996 CEST	21724	23	192.168.2.20	116.50.227.1
Jul 22, 2021 11:13:50.774430037 CEST	21724	23	192.168.2.20	40.159.4.48
Jul 22, 2021 11:13:50.774451971 CEST	21724	23	192.168.2.20	78.100.119.65
Jul 22, 2021 11:13:50.774499893 CEST	21724	23	192.168.2.20	65.196.47.30
Jul 22, 2021 11:13:50.774499893 CEST	21724	23	192.168.2.20	34.97.17.5
Jul 22, 2021 11:13:50.774504900 CEST	21724	23	192.168.2.20	201.158.136.11
Jul 22, 2021 11:13:50.774509907 CEST	21724	23	192.168.2.20	221.34.115.79
Jul 22, 2021 11:13:50.774558067 CEST	21724	23	192.168.2.20	247.178.30.67
Jul 22, 2021 11:13:50.774594069 CEST	21724	23	192.168.2.20	161.164.3.35
Jul 22, 2021 11:13:50.774600029 CEST	21724	23	192.168.2.20	14.185.202.164
Jul 22, 2021 11:13:50.774602890 CEST	21724	23	192.168.2.20	66.224.64.166
Jul 22, 2021 11:13:50.774602890 CEST	21724	23	192.168.2.20	102.148.29.182
Jul 22, 2021 11:13:50.774606943 CEST	21724	23	192.168.2.20	180.144.190.181
Jul 22, 2021 11:13:50.774624109 CEST	21724	23	192.168.2.20	99.230.58.195
Jul 22, 2021 11:13:50.774627924 CEST	21724	23	192.168.2.20	75.107.205.0
Jul 22, 2021 11:13:50.774631023 CEST	21724	23	192.168.2.20	126.108.215.70
Jul 22, 2021 11:13:50.774632931 CEST	21724	23	192.168.2.20	133.95.162.230
Jul 22, 2021 11:13:50.774637938 CEST	21724	23	192.168.2.20	158.34.180.220
Jul 22, 2021 11:13:50.774646044 CEST	21724	23	192.168.2.20	183.56.189.108
Jul 22, 2021 11:13:50.774646044 CEST	21724	23	192.168.2.20	190.25.126.158
Jul 22, 2021 11:13:50.774657011 CEST	21724	23	192.168.2.20	197.236.205.164
Jul 22, 2021 11:13:50.774669886 CEST	21724	23	192.168.2.20	16.57.116.63
Jul 22, 2021 11:13:50.774672031 CEST	21724	23	192.168.2.20	210.147.38.251
Jul 22, 2021 11:13:50.774672985 CEST	21724	23	192.168.2.20	210.76.224.16
Jul 22, 2021 11:13:50.774677038 CEST	21724	23	192.168.2.20	221.212.175.201
Jul 22, 2021 11:13:50.774683952 CEST	21724	23	192.168.2.20	12.21.241.247
Jul 22, 2021 11:13:50.774688005 CEST	21724	23	192.168.2.20	59.179.208.250
Jul 22, 2021 11:13:50.774688005 CEST	21724	23	192.168.2.20	146.246.88.106
Jul 22, 2021 11:13:50.774693012 CEST	21724	23	192.168.2.20	45.127.98.77
Jul 22, 2021 11:13:50.774694920 CEST	21724	23	192.168.2.20	174.182.40.71
Jul 22, 2021 11:13:50.774703026 CEST	21724	23	192.168.2.20	105.102.213.3
Jul 22, 2021 11:13:50.774727106 CEST	21724	23	192.168.2.20	241.232.111.189
Jul 22, 2021 11:13:50.774760008 CEST	21724	23	192.168.2.20	37.104.136.110
Jul 22, 2021 11:13:50.774776936 CEST	21724	23	192.168.2.20	17.122.161.163
Jul 22, 2021 11:13:50.774784088 CEST	21724	23	192.168.2.20	169.114.134.243
Jul 22, 2021 11:13:50.774791956 CEST	21724	23	192.168.2.20	83.19.93.215
Jul 22, 2021 11:13:50.774804115 CEST	21724	23	192.168.2.20	76.31.88.222
Jul 22, 2021 11:13:50.774832010 CEST	21724	23	192.168.2.20	174.242.91.38
Jul 22, 2021 11:13:50.774846077 CEST	21724	23	192.168.2.20	2.153.178.37
Jul 22, 2021 11:13:50.774846077 CEST	21724	23	192.168.2.20	109.163.192.102
Jul 22, 2021 11:13:50.774856091 CEST	21724	23	192.168.2.20	175.8.16.158
Jul 22, 2021 11:13:50.774873972 CEST	21724	23	192.168.2.20	117.213.98.139
Jul 22, 2021 11:13:50.774893045 CEST	21724	23	192.168.2.20	45.183.123.204
Jul 22, 2021 11:13:50.776525021 CEST	21724	23	192.168.2.20	90.124.132.91
Jul 22, 2021 11:13:50.776566982 CEST	21724	23	192.168.2.20	179.192.73.212
Jul 22, 2021 11:13:50.776567936 CEST	21724	23	192.168.2.20	99.203.92.79
Jul 22, 2021 11:13:50.776568890 CEST	21724	23	192.168.2.20	103.20.203.119
Jul 22, 2021 11:13:50.776595116 CEST	21724	23	192.168.2.20	154.121.40.220
Jul 22, 2021 11:13:50.776598930 CEST	21724	23	192.168.2.20	145.81.2.22

System Behavior

Analysis Process: d8dgn3wGJL PID: 4577 Parent PID: 4498

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	/usr/bin/qemu-sparc /tmp/d8dgn3wGJL
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4579 Parent PID: 4577

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4580 Parent PID: 4577

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4581 Parent PID: 4577

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4586 Parent PID: 4581

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4589 Parent PID: 4581

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Analysis Process: d8dgn3wGJL PID: 4590 Parent PID: 4581

General

Start time:	11:13:49
Start date:	22/07/2021
Path:	/tmp/d8dgn3wGJL
Arguments:	n/a
File size:	60412 bytes
MD5 hash:	7c8ff25ee476a1cd89bbf529e0ac6af4

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report d8dgn3wGJL

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: d8dgn3wGJL PID: 4577 Parent PID: 4498

General

Analysis Process: d8dgn3wGJL PID: 4579 Parent PID: 4577

General

Analysis Process: d8dgn3wGJL PID: 4580 Parent PID: 4577

General

Analysis Process: d8dgn3wGJL PID: 4581 Parent PID: 4577

General

Analysis Process: d8dgn3wGJL PID: 4586 Parent PID: 4581

General

Analysis Process: d8dgn3wGJL PID: 4589 Parent PID: 4581

General

Analysis Process: d8dgn3wGJL PID: 4590 Parent PID: 4581

General