Linux Analysis Report ovLjmo5UoE

Overview

General Information

Sample Name:	ovLjmo5UoE
Analysis ID:	452448
MD5:	96468aa8293a504d9431860381691baf
SHA1:	a2e7baff712d4a1a41b2b83f60e0afcbaa774190
SHA256:	6596ffeba4d8ea7bc59db3f41d511c1241263f9dd3c01a5657c89279bc8c4fd5
Tags:	32elfmipsmirai
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Opens /sys/class/net/* files useful for querying network interface information

Sample is packed with UPX

Sample tries to kill many processes (SIGKILL)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Reads system information from the proc file system

Sample contains only a LOAD segment without any section mappings

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: ovLjmo5UoE	Virustotal: Detection: 39%			Perma Link
Source: ovLjmo5UoE	ReversingLabs: Detection: 35%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.206.52.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.46.140.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.141.18.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.158.189.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.137.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.187.182.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.53.43.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.76.107.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.39.133.145: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.210.184.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.217.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 38.145.126.167: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.38.200.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 150.140.128.36: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 164.82.21.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57730
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57730
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 118.89.161.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.176.245: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.1.101.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 157.131.120.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 117.79.147.220: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 109.3.180.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.222.50.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.202.93.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.104.94.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.14.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 76.182.2.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 38.77.33.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.164.211.67: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.220.238.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.3.103.127: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.16.228.55: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 71.71.149.239: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.236.99.217: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 165.156.24.254: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57756
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57756
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40118
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.91.209.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.162.131.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 41.182.170.84: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.3.9.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.15.101.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.164.87: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.189.50.150: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.249.251.103: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.68.16.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.226.132.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.151.208.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.244.183.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.80.223.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.238.179.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.204.86.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 178.250.156.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.216.34.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.136.107.165: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.138.182.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.212.95.148: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57784
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.187.31.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40152
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40152
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.210.144.142: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.225.40.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.86.223.11: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.58.81.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.235.40.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.46.32.7: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.223.78.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.62.111.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.185.200.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.181.61.244: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.67.205.104: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.138.6.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 211.0.203.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 42.146.38.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.171.165.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.79.228.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.38.92.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.104.29.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.104.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.11.167.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.102.240.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57816
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57816
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.207.34.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.205.109.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 195.123.196.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40184
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40184
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.59.157.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.96.225.243: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.16.49.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.137.116.218: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.10.109.92: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.145.21.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.237.204.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.112.224.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 146.113.182.29: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.149.41.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.19.192.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.165.188: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 187.63.81.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.6.113.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.171.215.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 107.149.132.212: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.136.46.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.17.215.33: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 104.246.110.169: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 38.145.68.165: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.166.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57852
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57852
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 47.224.244.56: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.100.61.125: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.160.80.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40226
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40226
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.157.94.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.173.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 61.148.75.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.167.57: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.51.143.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.25.85: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.102.145.203: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.173.229.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.10.241.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.58.29.45: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52292
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52292
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.136.42.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.142.28.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.245.68.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 58.229.25.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.213.239.9: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 66.216.100.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57928
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57928
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.73.183.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.54.50.116: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.189.53.52: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.236.103.122: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.245.37.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 142.11.200.85: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.132.71.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 139.162.188.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40300
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40300
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.213.231.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.165.189: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.228.249.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.189.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 168.138.51.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.227.139.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.197.74.218: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.22.1.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57962
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57962
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.202.108.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.115.181: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.8.159.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.194.176.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.249.86.56: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.72.15.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.180.175.139:23 -> 192.168.2.20:42776
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.66.180.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.217.91.154: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.247.84.154: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40348
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40348
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.235.155.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.103.225.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.94.119.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.183.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.237.181.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.238.212.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.201.158.49: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.192.226.58: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.217.23.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.194.255.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 208.83.33.178: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 210.1.58.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 114.38.72.71: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.168.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 111.240.194.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.100.194.137: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.180.174.88: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.206.15.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.200.173.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58000
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58000
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 220.247.116.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.170.72.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.222.255.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.6.123.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.14.146.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.90.157.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.201.62: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 141.98.40.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.3.109.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40398
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40398
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.59.125.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 45.50.201.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.38.242.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.61.112.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.135.46: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.169.218.117: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 193.38.231.77: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 222.227.12.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.22.190.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.157.99.174: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.209.83.237: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.218.117.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.54.120.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.33.241.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.157.1.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 198.72.198.235: -> 192.168.2.20:
Source: Traffic	Snort IDS: 2023434 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0vizxv) 192.168.2.20:52194 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58076
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58076
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.136.120.190: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 186.236.190.82: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.124.62.149:23 -> 192.168.2.20:54750
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.85.172.143: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.215.42.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.104.201.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 139.162.85.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.243.43.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.229.179.132: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 68.53.85.3: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48746
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.190.179.205: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52476
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52476
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57590
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.34.156.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.37.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 2023449 ET TROJAN Possible Linux.Mirai Login Attempt (vizxv) 192.168.2.20:52222 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 122.14.200.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 201.91.97.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40456
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40456
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.132.152.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.211.98.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.232.103.205: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.255.80.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.217.41.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.26.127.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 80.178.217.39:23 -> 192.168.2.20:50378
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 80.178.217.39:23 -> 192.168.2.20:50378
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48780
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 103.242.0.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.95.22.153: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.20:52252 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 193.80.96.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.217.127.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.203.183.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58118
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48804
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.213.211.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.117.93.90: -> 192.168.2.20:

Opens /sys/class/net/* files useful for querying network interface information

Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/uevent	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/phys_port_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/dev_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/lo/phys_port_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/lo/dev_id	Jump to behavior

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.20:35686 -> 37.230.137.227:1312

Sample listens on a socket

Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/sbin/sshd (PID: 4602)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4602)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4722)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4722)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4818)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4818)	Socket: [::]::22	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 76.213.67.173
Source: unknown	TCP traffic detected without corresponding DNS query: 179.205.5.65
Source: unknown	TCP traffic detected without corresponding DNS query: 61.153.233.170
Source: unknown	TCP traffic detected without corresponding DNS query: 207.227.209.173
Source: unknown	TCP traffic detected without corresponding DNS query: 171.78.44.24
Source: unknown	TCP traffic detected without corresponding DNS query: 106.127.255.204
Source: unknown	TCP traffic detected without corresponding DNS query: 58.226.155.34
Source: unknown	TCP traffic detected without corresponding DNS query: 246.232.49.78
Source: unknown	TCP traffic detected without corresponding DNS query: 191.41.100.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.185.178.168
Source: unknown	TCP traffic detected without corresponding DNS query: 84.123.113.61
Source: unknown	TCP traffic detected without corresponding DNS query: 44.158.120.198
Source: unknown	TCP traffic detected without corresponding DNS query: 142.213.109.21
Source: unknown	TCP traffic detected without corresponding DNS query: 93.53.253.241
Source: unknown	TCP traffic detected without corresponding DNS query: 108.134.218.175
Source: unknown	TCP traffic detected without corresponding DNS query: 146.224.14.156
Source: unknown	TCP traffic detected without corresponding DNS query: 61.108.93.79
Source: unknown	TCP traffic detected without corresponding DNS query: 180.78.14.186
Source: unknown	TCP traffic detected without corresponding DNS query: 201.244.205.166
Source: unknown	TCP traffic detected without corresponding DNS query: 98.36.135.212
Source: unknown	TCP traffic detected without corresponding DNS query: 168.174.231.242
Source: unknown	TCP traffic detected without corresponding DNS query: 123.232.167.199
Source: unknown	TCP traffic detected without corresponding DNS query: 9.195.127.44
Source: unknown	TCP traffic detected without corresponding DNS query: 179.156.207.215
Source: unknown	TCP traffic detected without corresponding DNS query: 116.218.236.8
Source: unknown	TCP traffic detected without corresponding DNS query: 169.217.183.31
Source: unknown	TCP traffic detected without corresponding DNS query: 106.32.83.100
Source: unknown	TCP traffic detected without corresponding DNS query: 247.61.232.15
Source: unknown	TCP traffic detected without corresponding DNS query: 195.56.215.241
Source: unknown	TCP traffic detected without corresponding DNS query: 57.192.68.113
Source: unknown	TCP traffic detected without corresponding DNS query: 149.42.143.229
Source: unknown	TCP traffic detected without corresponding DNS query: 172.233.225.100
Source: unknown	TCP traffic detected without corresponding DNS query: 183.204.18.102
Source: unknown	TCP traffic detected without corresponding DNS query: 2.162.159.163
Source: unknown	TCP traffic detected without corresponding DNS query: 59.115.76.5
Source: unknown	TCP traffic detected without corresponding DNS query: 13.205.47.249
Source: unknown	TCP traffic detected without corresponding DNS query: 47.80.23.223
Source: unknown	TCP traffic detected without corresponding DNS query: 244.162.61.181
Source: unknown	TCP traffic detected without corresponding DNS query: 80.181.253.238
Source: unknown	TCP traffic detected without corresponding DNS query: 120.0.37.110
Source: unknown	TCP traffic detected without corresponding DNS query: 17.113.161.8
Source: unknown	TCP traffic detected without corresponding DNS query: 174.139.81.39
Source: unknown	TCP traffic detected without corresponding DNS query: 243.213.237.102
Source: unknown	TCP traffic detected without corresponding DNS query: 207.118.80.185
Source: unknown	TCP traffic detected without corresponding DNS query: 183.175.49.51
Source: unknown	TCP traffic detected without corresponding DNS query: 159.136.86.95
Source: unknown	TCP traffic detected without corresponding DNS query: 69.194.204.4
Source: unknown	TCP traffic detected without corresponding DNS query: 82.5.236.115
Source: unknown	TCP traffic detected without corresponding DNS query: 37.230.137.227
Source: unknown	TCP traffic detected without corresponding DNS query: 76.181.217.1

Source: ovLjmo5UoE

String found in binary or memory: http://upx.sf.net

System Summary:

Sample tries to kill many processes (SIGKILL)

Source: /tmp/ovLjmo5UoE (PID: 4586)	SIGKILL sent: pid: 1339, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4586, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1059, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1065, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1091, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1362, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1363, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3289, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3308, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3484, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3491, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3496, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3501, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3596, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3601, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3606, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3611, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3616, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3790, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3791, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4592, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4602, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4614, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4679, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4722, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4590, result: successful	Jump to behavior

Sample contains only a LOAD segment without any section mappings

Source: LOAD without section mappings

Program segment: 0x100000

Sample tries to kill a process (SIGKILL)

Source: /tmp/ovLjmo5UoE (PID: 4586)	SIGKILL sent: pid: 1339, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4586, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1059, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1065, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1091, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1362, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1363, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3289, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3308, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3484, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3491, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3496, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3501, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3596, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3601, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3606, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3611, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3616, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3790, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3791, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4592, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4602, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4614, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4679, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4722, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4590, result: successful	Jump to behavior

Source: classification engine

Classification label: mal76.spre.troj.spyw.evad.lin@0/8@0/0

Data Obfuscation:

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior:

Creates hidden files and/or directories

Source: /usr/sbin/NetworkManager (PID: 4614)

Directory: /root/.cache

Jump to behavior

Enumerates processes within the "proc" file system

Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/514/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4722/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4602/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4586/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4586/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/483/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior

Reads system information from the proc file system

Source: /usr/lib/snapd/snapd (PID: 4679)	Reads from proc file: /proc/sys/net/core/somaxconn	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4679)	Reads from proc file: /proc/sys/kernel/hostname	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Reads from proc file: /proc/sys/net/core/somaxconn	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Reads from proc file: /proc/sys/kernel/hostname	Jump to behavior

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/ovLjmo5UoE (PID: 4571)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 4654)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4679)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 4776)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Queries kernel information via 'uname':	Jump to behavior

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
212.243.120.245	unknown	Switzerland	60190	EASTMETALSAG-ASCH	false
107.80.78.92	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
141.183.198.210	unknown	United States	197921	HBTFJO	false
223.183.33.196	unknown	India	45609	BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService	false
62.202.137.250	unknown	Switzerland	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
48.202.252.22	unknown	United States	2686	ATGS-MMD-ASUS	false
57.75.159.0	unknown	Belgium	51964	ORANGE-BUSINESS-SERVICES-IPSN-ASNFR	false
87.12.93.142	unknown	Italy	3269	ASN-IBSNAZIT	false
17.251.231.224	unknown	United States	714	APPLE-ENGINEERINGUS	false
246.229.188.194	unknown	Reserved	unknown	unknown	false
169.143.167.214	unknown	United States	26121	JEPPESENUS	false
58.200.126.102	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
112.62.71.0	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
212.192.40.64	unknown	Russian Federation	8411	OmskStateUniversityofFMDostoevskyRU	false
71.101.175.126	unknown	United States	701	UUNETUS	false
102.101.70.174	unknown	Morocco	36925	ASMediMA	false
85.34.217.17	unknown	Italy	3269	ASN-IBSNAZIT	false
84.4.51.252	unknown	France	8228	CEGETEL-ASFR	false
151.250.59.213	unknown	Turkey	34984	TELLCOM-ASTR	false
39.27.35.122	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
66.249.208.7	unknown	United States	263783	TelefonicaMovilesElSalvadorSAdeCVSV	false
189.149.208.100	unknown	Mexico	8151	UninetSAdeCVMX	false
148.88.191.96	unknown	United Kingdom	786	JANETJiscServicesLimitedGB	false
75.254.245.174	unknown	United States	22394	CELLCOUS	false
126.71.54.80	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
63.82.137.206	unknown	United States	22530	DLKCOREUS	false
13.183.171.172	unknown	United States	7018	ATT-INTERNET4US	false
63.34.62.30	unknown	United States	16509	AMAZON-02US	false
16.128.90.54	unknown	United States	unknown	unknown	false
164.68.58.122	unknown	United States	33491	COMCAST-33491US	false
14.9.218.72	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
19.31.71.136	unknown	United States	3	MIT-GATEWAYSUS	false
154.232.39.223	unknown	Cote D'ivoire	36974	AFNET-ASCI	false
121.240.24.72	unknown	India	4755	TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP	false
125.230.178.235	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
126.97.253.94	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
43.80.136.150	unknown	Japan	4249	LILLY-ASUS	false
148.82.30.56	unknown	Norway	2116	ASN-CATCHCOMNO	false
32.219.167.7	unknown	United States	46690	SNET-FCCUS	false
203.69.188.213	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
182.12.230.65	unknown	Indonesia	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
178.166.54.39	unknown	Portugal	12353	VODAFONE-PTVodafonePortugalPT	false
123.43.115.37	unknown	Korea Republic of	6619	SAMSUNGSDS-AS-KRSamsungSDSIncKR	false
139.3.152.138	unknown	Germany	15486	MATERNA-ASDE	false
197.136.200.27	unknown	Kenya	36914	KENET-ASKE	false
90.199.44.81	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
72.97.169.72	unknown	United States	22394	CELLCOUS	false
163.34.66.70	unknown	Norway	2830	MCI-DUAL-HOMED-CUSTOMERSGB	false
39.250.54.83	unknown	Indonesia	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
120.159.142.193	unknown	Australia	135887	TELSTRA-BELONG-APTelstraCorporationAU	false
98.64.51.118	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
17.225.120.248	unknown	United States	714	APPLE-ENGINEERINGUS	false
136.134.215.169	unknown	United States	60311	ONEFMCH	false
252.178.25.110	unknown	Reserved	unknown	unknown	false
27.55.158.39	unknown	Thailand	132061	REALMOVE-AS-APRealmoveCompanyLimitedTH	false
88.188.222.189	unknown	France	12322	PROXADFR	false
54.61.128.52	unknown	United States	14618	AMAZON-AESUS	false
141.179.46.50	unknown	Saudi Arabia	197921	HBTFJO	false
180.93.201.254	unknown	Viet Nam	7602	SPT-AS-VNSaigonPostelCorporationVN	false
196.163.215.25	unknown	South Africa	328065	Vast-Networks-ASZA	false
253.163.201.180	unknown	Reserved	unknown	unknown	false
12.99.29.172	unknown	United States	7018	ATT-INTERNET4US	false
150.203.102.36	unknown	Australia	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
192.184.168.97	unknown	United States	7065	SONOMAUS	false
158.221.30.171	unknown	United States	8556	LEVANTISCH	false
207.139.218.205	unknown	United States	701	UUNETUS	false
121.106.141.196	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
123.211.244.90	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
241.191.141.51	unknown	Reserved	unknown	unknown	false
117.27.93.243	unknown	China	133776	CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCN	false
242.69.219.211	unknown	Reserved	unknown	unknown	false
154.128.36.72	unknown	Egypt	37069	MOBINILEG	false
135.162.207.106	unknown	United States	14962	NCR-252US	false
133.164.200.47	unknown	Japan	11363	FUJITSU-USAUS	false
194.192.157.80	unknown	Denmark	3292	TDCTDCASDK	false
34.39.115.118	unknown	United States	2686	ATGS-MMD-ASUS	false
14.201.38.78	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
97.58.156.221	unknown	United States	22394	CELLCOUS	false
133.18.186.30	unknown	Japan	24282	KIRKAGOYAJAPANIncJP	false
72.249.127.250	unknown	United States	55045	TEKTONICUS	false
83.106.154.9	unknown	United Kingdom	2529	DEMON-INTERNETNowmaintainedbyCableWirelessWorldwide	false
173.254.89.32	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
216.167.124.0	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
165.188.193.247	unknown	United States	7046	RFC2270-UUNET-CUSTOMERUS	false
188.194.255.126	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	true
34.11.95.205	unknown	United States	2686	ATGS-MMD-ASUS	false
197.44.77.126	unknown	Egypt	8452	TE-ASTE-ASEG	false
208.251.30.111	unknown	United States	4208	THE-ISERV-COMPANYUS	false
101.122.220.109	unknown	China	133612	VODAFONE-AS-APVodafoneAustraliaPtyLtdAU	false
218.62.23.71	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
220.188.110.53	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
182.224.230.163	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
16.156.54.149	unknown	United States	unknown	unknown	false
63.237.52.235	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
83.142.228.128	unknown	United Kingdom	20860	IOMART-ASGB	false
252.23.58.9	unknown	Reserved	unknown	unknown	false
45.161.168.68	unknown	Argentina	265751	CooperativadeProvisiondeObrasyServiciosPublicosdeBa	false
71.232.108.2	unknown	United States	7922	COMCAST-7922US	false
126.92.157.231	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
250.53.43.75	unknown	Reserved	unknown	unknown	false

Name	Type	MD5	SHA1	SHA256
/proc/4602/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/proc/4722/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/proc/4818/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/run/sshd.pid	ASCII text	600AFFBB4A2E9025B7D50F6E1814B400	2DE94308B4453700D378CB9EF5BC75D22949188E	C0B67778CE4256AEAC48B6D9CEE4A690221DA0A6A54FE04C5205577A5E655662
/var/cache/snapd/sections.M3RYNM10pCQM	ASCII text	966FD91045792732666DBA4D113B0D48	9DCADCCCE036C48AEADCA9632A6E8EBADC69EE18	244EB764054FECCD5D77FAD9273ECC7C1B427551FA153876C889C59D1959630D
/var/cache/snapd/sections.nCHfbhTWJ818	ASCII text	966FD91045792732666DBA4D113B0D48	9DCADCCCE036C48AEADCA9632A6E8EBADC69EE18	244EB764054FECCD5D77FAD9273ECC7C1B427551FA153876C889C59D1959630D

AV Detection:

Multi AV Scanner detection for submitted file

Source: ovLjmo5UoE	Virustotal: Detection: 39%			Perma Link
Source: ovLjmo5UoE	ReversingLabs: Detection: 35%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.206.52.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.46.140.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.141.18.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.158.189.216: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.137.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.187.182.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.53.43.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.76.107.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.39.133.145: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.210.184.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.105.217.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 38.145.126.167: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.38.200.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 150.140.128.36: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 164.82.21.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57730
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57730
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 118.89.161.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.221.176.245: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.1.101.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 157.131.120.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 117.79.147.220: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 109.3.180.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.222.50.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.202.93.158: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.104.94.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.133.14.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 76.182.2.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 38.77.33.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.242.148.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.164.211.67: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.220.238.22: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.3.103.127: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.16.228.55: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 71.71.149.239: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.236.99.217: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 165.156.24.254: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57756
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57756
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40118
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 109.91.209.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.162.131.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 41.182.170.84: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.3.9.19: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.15.101.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.78.164.87: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.189.50.150: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.249.251.103: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.68.16.151: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.226.132.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.151.208.202: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.244.183.161: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.80.223.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.238.179.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.204.86.30: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 178.250.156.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 50.220.200.185: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.216.34.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57270
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.136.107.165: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.138.182.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.212.95.148: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57784
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57784
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.187.31.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40152
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40152
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 185.210.144.142: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.225.40.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.86.223.11: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.58.81.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.235.40.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.46.32.7: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.223.78.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.62.111.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.185.200.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.181.61.244: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.67.205.104: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.138.6.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 211.0.203.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 42.146.38.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.171.165.105: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.79.228.83: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.38.92.86: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.104.29.28: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.104.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.11.167.168: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.102.240.129: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57816
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57816
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.207.34.90: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.205.109.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 195.123.196.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40184
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40184
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57308
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.59.157.50: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.96.225.243: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 31.16.49.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.137.116.218: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 24.10.109.92: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.145.21.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.237.204.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.112.224.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 146.113.182.29: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.149.41.166: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 37.19.192.13: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.165.165.188: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 187.63.81.2: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.6.113.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.171.215.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 107.149.132.212: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45122
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.136.46.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 73.17.215.33: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 104.246.110.169: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 38.145.68.165: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.166.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57852
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57852
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 47.224.244.56: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.100.61.125: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.160.80.8: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40226
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40226
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.157.94.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.173.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 61.148.75.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.167.57: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57366
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.51.143.97: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 46.93.25.85: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.102.145.203: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.173.229.53: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.10.241.39: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.58.29.45: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52292
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52292
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.136.42.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.142.28.175: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.245.68.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 58.229.25.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.213.239.9: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 66.216.100.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57928
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57928
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.73.183.10: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.54.50.116: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.189.53.52: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45200
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.236.103.122: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.245.37.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 142.11.200.85: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.132.71.234: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 139.162.188.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40300
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40300
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.213.231.118: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.165.189: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.228.249.207: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.189.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 168.138.51.252: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.227.139.98: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 81.197.74.218: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 172.22.1.1: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57434
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:57962
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:57962
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.202.108.214: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.115.181: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.8.159.180: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.194.176.76: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.249.86.56: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.72.15.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.180.175.139:23 -> 192.168.2.20:42776
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.66.180.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.217.91.154: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45258
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.247.84.154: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40348
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40348
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.235.155.18: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.103.225.23: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.94.119.124: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 92.210.183.138: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.237.181.159: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 156.238.212.60: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.201.158.49: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.192.226.58: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.217.23.68: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 188.194.255.126: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 208.83.33.178: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 210.1.58.221: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 114.38.72.71: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 218.248.168.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 111.240.194.130: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.100.194.137: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.180.174.88: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.206.15.128: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 104.200.173.31: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58000
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58000
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 220.247.116.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.170.72.61: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.222.255.248: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 77.6.123.199: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 89.14.146.24: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.90.157.37: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.253.201.62: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 141.98.40.196: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 112.161.50.31:23 -> 192.168.2.20:57494
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.3.109.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40398
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40398
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.59.125.43: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 45.50.201.121: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45318
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 45.38.242.95: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.61.112.131: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.96.135.46: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 84.169.218.117: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 193.38.231.77: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 222.227.12.140: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.22.190.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.157.99.174: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 213.209.83.237: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.218.117.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 185.54.120.139: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 95.33.241.210: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 87.157.1.253: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 198.72.198.235: -> 192.168.2.20:
Source: Traffic	Snort IDS: 2023434 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0vizxv) 192.168.2.20:52194 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58076
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58076
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.136.120.190: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 186.236.190.82: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 222.124.62.149:23 -> 192.168.2.20:54750
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.85.172.143: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 83.215.42.54: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.104.201.70: -> 192.168.2.20:
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 139.162.85.233: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.243.43.164: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.229.179.132: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 68.53.85.3: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48746
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 85.190.179.205: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 123.28.129.115:23 -> 192.168.2.20:52476
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 123.28.129.115:23 -> 192.168.2.20:52476
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.161.50.31:23 -> 192.168.2.20:57590
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 78.34.156.149: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.14.37.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 716 INFO TELNET access 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 2023449 ET TROJAN Possible Linux.Mirai Login Attempt (vizxv) 192.168.2.20:52222 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 122.14.200.176: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 201.91.97.198: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 59.115.194.8:23 -> 192.168.2.20:40456
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 59.115.194.8:23 -> 192.168.2.20:40456
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 80.132.152.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 93.211.98.249: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 79.232.103.205: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 217.255.80.14: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 88.217.41.160: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 178.26.127.38: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 80.178.217.39:23 -> 192.168.2.20:50378
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 80.178.217.39:23 -> 192.168.2.20:50378
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48780
Source: Traffic	Snort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 103.242.0.226: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 168.95.22.153: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.205.250.146:23 -> 192.168.2.20:45386
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.20:52252 -> 91.84.219.112:23
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 193.80.96.224: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 94.217.127.79: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 2.203.183.81: -> 192.168.2.20:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 83.252.195.75:23 -> 192.168.2.20:58118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 83.252.195.75:23 -> 192.168.2.20:58118
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.8.221.169:23 -> 192.168.2.20:48804
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.213.211.209: -> 192.168.2.20:
Source: Traffic	Snort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 212.117.93.90: -> 192.168.2.20:

Opens /sys/class/net/* files useful for querying network interface information

Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/uevent	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/phys_port_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/ens160/dev_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/lo/phys_port_id	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Opens: /sys/class/net/lo/dev_id	Jump to behavior

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.20:35686 -> 37.230.137.227:1312

Sample listens on a socket

Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4586)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::23	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::52869	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/sbin/sshd (PID: 4602)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4602)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4722)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4722)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4818)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 4818)	Socket: [::]::22	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 76.213.67.173
Source: unknown	TCP traffic detected without corresponding DNS query: 179.205.5.65
Source: unknown	TCP traffic detected without corresponding DNS query: 61.153.233.170
Source: unknown	TCP traffic detected without corresponding DNS query: 207.227.209.173
Source: unknown	TCP traffic detected without corresponding DNS query: 171.78.44.24
Source: unknown	TCP traffic detected without corresponding DNS query: 106.127.255.204
Source: unknown	TCP traffic detected without corresponding DNS query: 58.226.155.34
Source: unknown	TCP traffic detected without corresponding DNS query: 246.232.49.78
Source: unknown	TCP traffic detected without corresponding DNS query: 191.41.100.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.185.178.168
Source: unknown	TCP traffic detected without corresponding DNS query: 84.123.113.61
Source: unknown	TCP traffic detected without corresponding DNS query: 44.158.120.198
Source: unknown	TCP traffic detected without corresponding DNS query: 142.213.109.21
Source: unknown	TCP traffic detected without corresponding DNS query: 93.53.253.241
Source: unknown	TCP traffic detected without corresponding DNS query: 108.134.218.175
Source: unknown	TCP traffic detected without corresponding DNS query: 146.224.14.156
Source: unknown	TCP traffic detected without corresponding DNS query: 61.108.93.79
Source: unknown	TCP traffic detected without corresponding DNS query: 180.78.14.186
Source: unknown	TCP traffic detected without corresponding DNS query: 201.244.205.166
Source: unknown	TCP traffic detected without corresponding DNS query: 98.36.135.212
Source: unknown	TCP traffic detected without corresponding DNS query: 168.174.231.242
Source: unknown	TCP traffic detected without corresponding DNS query: 123.232.167.199
Source: unknown	TCP traffic detected without corresponding DNS query: 9.195.127.44
Source: unknown	TCP traffic detected without corresponding DNS query: 179.156.207.215
Source: unknown	TCP traffic detected without corresponding DNS query: 116.218.236.8
Source: unknown	TCP traffic detected without corresponding DNS query: 169.217.183.31
Source: unknown	TCP traffic detected without corresponding DNS query: 106.32.83.100
Source: unknown	TCP traffic detected without corresponding DNS query: 247.61.232.15
Source: unknown	TCP traffic detected without corresponding DNS query: 195.56.215.241
Source: unknown	TCP traffic detected without corresponding DNS query: 57.192.68.113
Source: unknown	TCP traffic detected without corresponding DNS query: 149.42.143.229
Source: unknown	TCP traffic detected without corresponding DNS query: 172.233.225.100
Source: unknown	TCP traffic detected without corresponding DNS query: 183.204.18.102
Source: unknown	TCP traffic detected without corresponding DNS query: 2.162.159.163
Source: unknown	TCP traffic detected without corresponding DNS query: 59.115.76.5
Source: unknown	TCP traffic detected without corresponding DNS query: 13.205.47.249
Source: unknown	TCP traffic detected without corresponding DNS query: 47.80.23.223
Source: unknown	TCP traffic detected without corresponding DNS query: 244.162.61.181
Source: unknown	TCP traffic detected without corresponding DNS query: 80.181.253.238
Source: unknown	TCP traffic detected without corresponding DNS query: 120.0.37.110
Source: unknown	TCP traffic detected without corresponding DNS query: 17.113.161.8
Source: unknown	TCP traffic detected without corresponding DNS query: 174.139.81.39
Source: unknown	TCP traffic detected without corresponding DNS query: 243.213.237.102
Source: unknown	TCP traffic detected without corresponding DNS query: 207.118.80.185
Source: unknown	TCP traffic detected without corresponding DNS query: 183.175.49.51
Source: unknown	TCP traffic detected without corresponding DNS query: 159.136.86.95
Source: unknown	TCP traffic detected without corresponding DNS query: 69.194.204.4
Source: unknown	TCP traffic detected without corresponding DNS query: 82.5.236.115
Source: unknown	TCP traffic detected without corresponding DNS query: 37.230.137.227
Source: unknown	TCP traffic detected without corresponding DNS query: 76.181.217.1

Source: ovLjmo5UoE

String found in binary or memory: http://upx.sf.net

System Summary:

Sample tries to kill many processes (SIGKILL)

Source: /tmp/ovLjmo5UoE (PID: 4586)	SIGKILL sent: pid: 1339, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4586, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1059, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1065, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1091, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1362, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1363, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3289, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3308, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3484, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3491, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3496, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3501, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3596, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3601, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3606, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3611, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3616, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3790, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3791, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4592, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4602, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4614, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4679, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4722, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4590, result: successful	Jump to behavior

Sample contains only a LOAD segment without any section mappings

Source: LOAD without section mappings

Program segment: 0x100000

Sample tries to kill a process (SIGKILL)

Source: /tmp/ovLjmo5UoE (PID: 4586)	SIGKILL sent: pid: 1339, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4586, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1059, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1065, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1091, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1362, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 1363, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3289, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3308, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3484, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3491, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3496, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3501, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3596, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3601, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3606, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3611, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3616, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3790, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 3791, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4592, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4602, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4614, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4679, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4722, result: successful	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	SIGKILL sent: pid: 4590, result: successful	Jump to behavior

Source: classification engine

Classification label: mal76.spre.troj.spyw.evad.lin@0/8@0/0

Data Obfuscation:

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior:

Creates hidden files and/or directories

Source: /usr/sbin/NetworkManager (PID: 4614)

Directory: /root/.cache

Jump to behavior

Enumerates processes within the "proc" file system

Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1065/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3484/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1059/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/514/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4722/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4602/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4586/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/4586/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3496/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3491/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/483/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/exe	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior
Source: /tmp/ovLjmo5UoE (PID: 4590)	File opened: /proc/3525/fd	Jump to behavior

Reads system information from the proc file system

Source: /usr/lib/snapd/snapd (PID: 4679)	Reads from proc file: /proc/sys/net/core/somaxconn	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4679)	Reads from proc file: /proc/sys/kernel/hostname	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Reads from proc file: /proc/sys/net/core/somaxconn	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Reads from proc file: /proc/sys/kernel/hostname	Jump to behavior

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/ovLjmo5UoE (PID: 4571)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/sbin/NetworkManager (PID: 4614)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 4654)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4679)	Queries kernel information via 'uname':	Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 4776)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/snapd/snapd (PID: 4799)	Queries kernel information via 'uname':	Jump to behavior

ID:	452448
Product:	CloudBasic
Start time:	11:25:16
Start date:	22.07.2021
Sample:	ovLjmo5UoE
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX
MD5:	96468aa8293a504d9431860381691baf
SHA1:	a2e7baff712d4a1a41b2b83f60e0afcbaa774190
SHA256:	6596ffeba4d8ea7bc59db3f41d511c1241263f9dd3c01a5657c89279bc8c4fd5
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report ovLjmo5UoE

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Malware Analysis System Evasion:

Screenshots

Network Map

Contacted Public IPs