Loading ...

Play interactive tourEdit tour

Linux Analysis Report 9Q1fc1TZq4

Overview

General Information

Sample Name:9Q1fc1TZq4
Analysis ID:553493
MD5:b192ed1edacfafee1a66012bfa2c45be
SHA1:0a3451997f43964a25b203672441f3d4b615d224
SHA256:b41bbb2bcc0d3106fd9767fe53f95329d4178ca48f3fdf700b80619b75207dba
Tags:32elfmiraisparc
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553493
Start date:15.01.2022
Start time:01:38:33
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 12s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:9Q1fc1TZq4
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.spre.troj.lin@0/0@0/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: 9Q1fc1TZq4Virustotal: Detection: 52%Perma Link
    Source: 9Q1fc1TZq4ReversingLabs: Detection: 55%

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 716 INFO TELNET access 150.129.115.17:23 -> 192.168.2.23:43010
    Source: TrafficSnort IDS: 716 INFO TELNET access 212.123.70.71:23 -> 192.168.2.23:40496
    Source: TrafficSnort IDS: 716 INFO TELNET access 212.123.70.71:23 -> 192.168.2.23:40516
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:39806
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:39806
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35412
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35412
    Source: TrafficSnort IDS: 716 INFO TELNET access 150.129.115.17:23 -> 192.168.2.23:43180
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35434
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35434
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35430
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35430
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:39852
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:39852
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35448
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35448
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35450
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35450
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35456
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35456
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35462
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35462
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35466
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35466
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35472
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35472
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35478
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35478
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35480
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35480
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:39908
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:39908
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35486
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35486
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35490
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35490
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35492
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35492
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35504
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35504
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35508
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35508
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35516
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35516
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35528
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35528
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35530
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35530
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35542
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35542
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35550
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35550
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35554
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35554
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:39976
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:39976
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35560
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35560
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35578
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35578
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35574
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35574
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35576
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35576
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35590
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35590
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35592
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35592
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35612
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35612
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:40034
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:40034
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 70.155.215.73:23 -> 192.168.2.23:35642
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 70.155.215.73:23 -> 192.168.2.23:35642
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:40072
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:40072
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:40142
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:40142
    Source: TrafficSnort IDS: 716 INFO TELNET access 176.119.210.93:23 -> 192.168.2.23:39152
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 122.52.167.198:23 -> 192.168.2.23:50186
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 122.52.167.198:23 -> 192.168.2.23:50186
    Source: TrafficSnort IDS: 716 INFO TELNET access 187.60.251.153:23 -> 192.168.2.23:57922
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:40192
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:40192
    Source: TrafficSnort IDS: 716 INFO TELNET access 67.21.178.130:23 -> 192.168.2.23:56348
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 85.133.230.240:23 -> 192.168.2.23:40246
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 85.133.230.240:23 -> 192.168.2.23:40246
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 223.13.163.141:23 -> 192.168.2.23:41608
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.222.115.44:23 -> 192.168.2.23:37756
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41672
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41676
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41682
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41684
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41686
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41690
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41694
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41696
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41700
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41704
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51854
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51860
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51866
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:51422 -> 136.144.41.15:1312
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::0Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::23Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::53413Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::80Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::52869Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)Socket: 0.0.0.0::37215Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::0Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::23Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::53413Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::80Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::52869Jump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)Socket: 0.0.0.0::37215Jump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 136.144.41.15
    Source: unknownTCP traffic detected without corresponding DNS query: 53.37.140.118
    Source: unknownTCP traffic detected without corresponding DNS query: 255.11.92.225
    Source: unknownTCP traffic detected without corresponding DNS query: 113.221.14.222
    Source: unknownTCP traffic detected without corresponding DNS query: 91.198.138.229
    Source: unknownTCP traffic detected without corresponding DNS query: 74.14.252.38
    Source: unknownTCP traffic detected without corresponding DNS query: 186.169.215.12
    Source: unknownTCP traffic detected without corresponding DNS query: 63.76.153.143
    Source: unknownTCP traffic detected without corresponding DNS query: 242.192.94.231
    Source: unknownTCP traffic detected without corresponding DNS query: 93.163.0.92
    Source: unknownTCP traffic detected without corresponding DNS query: 195.161.100.74
    Source: unknownTCP traffic detected without corresponding DNS query: 197.39.20.72
    Source: unknownTCP traffic detected without corresponding DNS query: 247.25.74.11
    Source: unknownTCP traffic detected without corresponding DNS query: 38.132.7.100
    Source: unknownTCP traffic detected without corresponding DNS query: 216.209.64.3
    Source: unknownTCP traffic detected without corresponding DNS query: 189.183.132.53
    Source: unknownTCP traffic detected without corresponding DNS query: 116.35.20.108
    Source: unknownTCP traffic detected without corresponding DNS query: 159.3.178.38
    Source: unknownTCP traffic detected without corresponding DNS query: 208.100.192.160
    Source: unknownTCP traffic detected without corresponding DNS query: 254.75.83.64
    Source: unknownTCP traffic detected without corresponding DNS query: 145.194.139.115
    Source: unknownTCP traffic detected without corresponding DNS query: 66.109.87.165
    Source: unknownTCP traffic detected without corresponding DNS query: 38.77.77.248
    Source: unknownTCP traffic detected without corresponding DNS query: 208.64.53.186
    Source: unknownTCP traffic detected without corresponding DNS query: 240.0.122.142
    Source: unknownTCP traffic detected without corresponding DNS query: 217.82.231.151
    Source: unknownTCP traffic detected without corresponding DNS query: 9.244.168.67
    Source: unknownTCP traffic detected without corresponding DNS query: 193.36.181.109
    Source: unknownTCP traffic detected without corresponding DNS query: 190.44.190.77
    Source: unknownTCP traffic detected without corresponding DNS query: 91.122.52.12
    Source: unknownTCP traffic detected without corresponding DNS query: 96.83.141.58
    Source: unknownTCP traffic detected without corresponding DNS query: 164.146.71.67
    Source: unknownTCP traffic detected without corresponding DNS query: 220.191.251.91
    Source: unknownTCP traffic detected without corresponding DNS query: 125.61.48.223
    Source: unknownTCP traffic detected without corresponding DNS query: 36.31.15.146
    Source: unknownTCP traffic detected without corresponding DNS query: 82.231.242.223
    Source: unknownTCP traffic detected without corresponding DNS query: 31.151.38.122
    Source: unknownTCP traffic detected without corresponding DNS query: 197.68.141.240
    Source: unknownTCP traffic detected without corresponding DNS query: 122.102.241.146
    Source: unknownTCP traffic detected without corresponding DNS query: 73.119.62.16
    Source: unknownTCP traffic detected without corresponding DNS query: 174.134.34.4
    Source: unknownTCP traffic detected without corresponding DNS query: 195.118.217.228
    Source: unknownTCP traffic detected without corresponding DNS query: 89.162.79.119
    Source: unknownTCP traffic detected without corresponding DNS query: 149.83.114.206
    Source: unknownTCP traffic detected without corresponding DNS query: 160.55.69.168
    Source: unknownTCP traffic detected without corresponding DNS query: 163.88.190.118
    Source: unknownTCP traffic detected without corresponding DNS query: 185.44.206.173
    Source: unknownTCP traffic detected without corresponding DNS query: 126.138.115.208
    Source: unknownTCP traffic detected without corresponding DNS query: 150.207.88.146
    Source: unknownTCP traffic detected without corresponding DNS query: 181.18.11.107

    System Summary:

    barindex
    Sample tries to kill multiple processes (SIGKILL)Show sources
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5243, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5235, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5245, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5249, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5253, result: successfulJump to behavior
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5243, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 720, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 788, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 800, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 847, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 884, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1334, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1335, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1860, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 1872, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2096, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2097, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2102, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2180, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2208, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2275, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2281, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2285, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2289, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 2294, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5235, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5245, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5249, result: successfulJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)SIGKILL sent: pid: 5253, result: successfulJump to behavior
    Source: classification engineClassification label: mal72.spre.troj.lin@0/0@0/0
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/491/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/793/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/772/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/796/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/774/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/797/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/777/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/799/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/658/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/912/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/759/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/936/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/918/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/1/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/761/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/785/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/884/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/720/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/721/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/788/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/789/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/800/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/801/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/847/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5224)File opened: /proc/904/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/5144/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/4453/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2033/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2033/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1582/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1582/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2275/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2275/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/3088/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1612/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1612/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1579/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1579/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1699/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1699/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1335/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1335/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1698/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1698/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2028/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2028/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1334/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1334/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1576/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1576/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2302/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2302/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/3236/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/3236/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2025/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2025/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2146/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2146/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/910/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/912/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/912/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/912/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/912/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/759/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/759/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/759/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/759/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/517/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2307/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2307/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/918/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/918/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/918/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/918/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/5030/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/5030/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/5151/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/4460/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/5153/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/4461/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/4462/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1594/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1594/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2285/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2285/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2281/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/2281/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1349/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1349/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1623/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1623/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/761/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/761/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/761/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/761/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1622/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1622/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/884/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/884/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/884/exeJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/884/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1983/fdJump to behavior
    Source: /tmp/9Q1fc1TZq4 (PID: 5229)File opened: /proc/1983/exeJump to behavior

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41672
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41676
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41682
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41684
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41686
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41690
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41694
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41696
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41700
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41704
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51854
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51856
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51860
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 51866
    Source: /tmp/9Q1fc1TZq4 (PID: 5222)Queries kernel information via 'uname': Jump to behavior
    Source: 9Q1fc1TZq4, 5259.1.0000000078c623b5.00000000b86fdce1.rw-.sdmpBinary or memory string: U/sparc/10 /usr/bin/qemu-sparc!/proc/5243/fd/.1P
    Source: 9Q1fc1TZq4, 5222.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5224.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5241.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5243.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5245.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5251.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5253.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5248.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5249.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5225.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5259.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5232.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5235.1.00000000e7bd0055.0000000078c623b5.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sparc
    Source: 9Q1fc1TZq4, 5222.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5224.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5241.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5243.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5245.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5251.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5253.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5248.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5249.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5225.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5259.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5232.1.00000000e7bd0055.0000000078c623b5.rw-.sdmp, 9Q1fc1TZq4, 5235.1.00000000e7bd0055.0000000078c623b5.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/sparc
    Source: 9Q1fc1TZq4, 5259.1.0000000078c623b5.00000000b86fdce1.rw-.sdmpBinary or memory string: U/sparc/10 /proc/2080/fd/50!/proc/2025/fd/11/usr/bin/vmtoolsdparc/10!/proc/2080/fd/40!/proc/2025/fd/21
    Source: 9Q1fc1TZq4, 5259.1.0000000078c623b5.00000000b86fdce1.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
    Source: 9Q1fc1TZq4, 5222.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5224.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5241.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5243.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5245.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5251.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5253.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5248.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5249.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5225.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5259.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5232.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5235.1.00000000e78673f0.000000004e74a713.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sparc/tmp/9Q1fc1TZq4SUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/9Q1fc1TZq4
    Source: 9Q1fc1TZq4, 5222.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5224.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5241.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5243.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5245.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5251.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5253.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5248.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5249.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5225.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5259.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5259.1.0000000078c623b5.00000000b86fdce1.rw-.sdmp, 9Q1fc1TZq4, 5232.1.00000000e78673f0.000000004e74a713.rw-.sdmp, 9Q1fc1TZq4, 5235.1.00000000e78673f0.000000004e74a713.rw-.sdmpBinary or memory string: /usr/bin/qemu-sparc

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553493 Sample: 9Q1fc1TZq4 Startdate: 15/01/2022 Architecture: LINUX Score: 72 44 90.251.212.225 VodafoneGB United Kingdom 2->44 46 37.182.231.163, 23 VODAFONE-IT-ASNIT Italy 2->46 48 98 other IPs or domains 2->48 50 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 Yara detected Mirai 2->54 56 Uses known network protocols on non-standard ports 2->56 10 9Q1fc1TZq4 2->10         started        signatures3 process4 process5 12 9Q1fc1TZq4 10->12         started        15 9Q1fc1TZq4 10->15         started        17 9Q1fc1TZq4 10->17         started        signatures6 60 Sample tries to kill multiple processes (SIGKILL) 12->60 19 9Q1fc1TZq4 12->19         started        21 9Q1fc1TZq4 12->21         started        23 9Q1fc1TZq4 15->23         started        26 9Q1fc1TZq4 15->26         started        28 9Q1fc1TZq4 15->28         started        process7 signatures8 30 9Q1fc1TZq4 19->30         started        32 9Q1fc1TZq4 19->32         started        34 9Q1fc1TZq4 19->34         started        58 Sample tries to kill multiple processes (SIGKILL) 23->58 36 9Q1fc1TZq4 23->36         started        38 9Q1fc1TZq4 23->38         started        process9 process10 40 9Q1fc1TZq4 30->40         started        42 9Q1fc1TZq4 30->42         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    9Q1fc1TZq452%VirustotalBrowse
    9Q1fc1TZq456%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public

    IPDomainCountryFlagASNASN NameMalicious
    211.20.10.19
    unknownTaiwan; Republic of China (ROC)
    3462HINETDataCommunicationBusinessGroupTWfalse
    169.59.118.0
    unknownUnited States
    36351SOFTLAYERUSfalse
    12.27.146.188
    unknownUnited States
    22024SPLUNK-WESTUSfalse
    97.122.201.251
    unknownUnited States
    209CENTURYLINK-US-LEGACY-QWESTUSfalse
    92.14.197.234
    unknownUnited Kingdom
    13285OPALTELECOM-ASTalkTalkCommunicationsLimitedGBfalse
    43.200.189.55
    unknownJapan4249LILLY-ASUSfalse
    135.214.247.4
    unknownUnited States
    797AMERITECH-ASUSfalse
    181.11.124.63
    unknownArgentina
    7303TelecomArgentinaSAARfalse
    148.116.96.162
    unknownUnited States
    396982GOOGLE-PRIVATE-CLOUDUSfalse
    218.247.19.102
    unknownChina
    17964DXTNETBeijingDian-Xin-TongNetworkTechnologiesCoLtdfalse
    92.169.155.202
    unknownFrance
    3215FranceTelecom-OrangeFRfalse
    255.11.112.220
    unknownReserved
    unknownunknownfalse
    245.3.184.52
    unknownReserved
    unknownunknownfalse
    186.218.250.229
    unknownBrazil
    28573CLAROSABRfalse
    163.1.73.189
    unknownUnited Kingdom
    786JANETJiscServicesLimitedGBfalse
    73.86.243.183
    unknownUnited States
    7922COMCAST-7922USfalse
    151.252.218.157
    unknownGermany
    34594OT-ASHRfalse
    133.70.198.186
    unknownJapan24268SAINSNationalUniversityCorporationShizuokaUniversityJfalse
    252.36.231.194
    unknownReserved
    unknownunknownfalse
    32.185.230.127
    unknownUnited States
    20057ATT-MOBILITY-LLC-AS20057USfalse
    153.116.140.8
    unknownUnited States
    5501FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGefalse
    135.41.207.147
    unknownUnited States
    54614CIKTELECOM-CABLECAfalse
    196.60.104.159
    unknownunknown
    37518FIBERGRIDSCfalse
    242.29.155.141
    unknownReserved
    unknownunknownfalse
    217.111.58.252
    unknownGermany
    8220COLTCOLTTechnologyServicesGroupLimitedGBfalse
    66.163.200.76
    unknownCanada
    15247RADIANT-VANCOUVERCAfalse
    242.164.138.231
    unknownReserved
    unknownunknownfalse
    145.4.3.32
    unknownNetherlands
    702UUNETUSfalse
    76.231.211.6
    unknownUnited States
    7018ATT-INTERNET4USfalse
    168.43.71.22
    unknownUnited States
    1761TDIR-CAPNETUSfalse
    75.229.27.80
    unknownUnited States
    22394CELLCOUSfalse
    174.102.62.195
    unknownUnited States
    10796TWC-10796-MIDWESTUSfalse
    210.113.80.162
    unknownKorea Republic of
    4766KIXS-AS-KRKoreaTelecomKRfalse
    217.137.54.23
    unknownUnited Kingdom
    5089NTLGBfalse
    152.25.134.106
    unknownUnited States
    81NCRENUSfalse
    180.144.209.43
    unknownJapan17511OPTAGEOPTAGEIncJPfalse
    121.132.105.18
    unknownKorea Republic of
    4766KIXS-AS-KRKoreaTelecomKRfalse
    221.182.110.53
    unknownChina
    9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
    62.114.184.227
    unknownEgypt
    36992ETISALAT-MISREGfalse
    173.1.59.247
    unknownUnited States
    26228SERVEPATHUSfalse
    20.229.247.195
    unknownUnited States
    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    27.117.29.102
    unknownKorea Republic of
    17857NAKDONGDIGITALBUSANNET-AS-KRTBroadKRfalse
    179.91.90.163
    unknownBrazil
    26599TELEFONICABRASILSABRfalse
    149.9.8.228
    unknownUnited States
    14987RETHEMHOSTINGUSfalse
    9.105.39.192
    unknownUnited States
    3356LEVEL3USfalse
    206.208.210.79
    unknownUnited States
    23177TNB-NETUSfalse
    164.196.212.57
    unknownUnited States
    2621DNIC-AS-02621USfalse
    103.234.82.181
    unknownTaiwan; Republic of China (ROC)
    17710PIINET-TWPresidentInformationCorpTWfalse
    167.145.94.0
    unknownUnited States
    25899LSNETUSfalse
    218.214.30.213
    unknownAustralia
    9443VOCUS-RETAIL-AUVocusRetailAUfalse
    173.70.19.21
    unknownUnited States
    701UUNETUSfalse
    246.36.186.129
    unknownReserved
    unknownunknownfalse
    201.231.42.137
    unknownArgentina
    10318TelecomArgentinaSAARfalse
    204.38.223.92
    unknownUnited States
    237MERIT-AS-14USfalse
    114.253.184.46
    unknownChina
    4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
    53.132.107.174
    unknownGermany
    31399DAIMLER-ASITIGNGlobalNetworkDEfalse
    172.73.89.126
    unknownUnited States
    11426TWC-11426-CAROLINASUSfalse
    242.199.130.227
    unknownReserved
    unknownunknownfalse
    93.207.9.129
    unknownGermany
    3320DTAGInternetserviceprovideroperationsDEfalse
    101.183.140.0
    unknownAustralia
    1221ASN-TELSTRATelstraCorporationLtdAUfalse
    187.210.99.34
    unknownMexico
    8151UninetSAdeCVMXfalse
    92.239.100.212
    unknownUnited Kingdom
    5089NTLGBfalse
    217.4.134.212
    unknownGermany
    3320DTAGInternetserviceprovideroperationsDEfalse
    123.87.18.189
    unknownChina
    9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
    111.92.195.214
    unknownSingapore
    45814FARIYA-PKFariyaNetworksPvtLtdPKfalse
    160.131.191.99
    unknownUnited States
    8103STATE-OF-FLAUSfalse
    86.14.109.242
    unknownUnited Kingdom
    5089NTLGBfalse
    62.132.145.248
    unknownGermany
    286KPNNLfalse
    169.236.96.126
    unknownUnited States
    22323UNIVERSITY-OF-CALIFORNIA-MERCEDUSfalse
    16.128.90.19
    unknownUnited States
    unknownunknownfalse
    48.101.49.65
    unknownUnited States
    2686ATGS-MMD-ASUSfalse
    249.210.32.222
    unknownReserved
    unknownunknownfalse
    192.208.198.17
    unknownUnited States
    6336TURN-US-ASNUSfalse
    24.150.27.121
    unknownCanada
    7992COGECOWAVECAfalse
    166.8.131.144
    unknownSwitzerland
    11798ACEDATACENTERS-AS-1USfalse
    126.168.175.209
    unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
    176.184.175.32
    unknownFrance
    5410BOUYGTEL-ISPFRfalse
    115.32.241.214
    unknownChina
    4766KIXS-AS-KRKoreaTelecomKRfalse
    182.75.16.142
    unknownIndia
    9498BBIL-APBHARTIAirtelLtdINfalse
    178.133.76.144
    unknownUkraine
    21497UMC-ASUAfalse
    176.99.56.112
    unknownRussian Federation
    59476ASROSINTRARUfalse
    90.251.212.225
    unknownUnited Kingdom
    5378VodafoneGBfalse
    84.240.96.11
    unknownFinland
    20904NETPLAZA-ASFIfalse
    179.185.47.165
    unknownBrazil
    18881TELEFONICABRASILSABRfalse
    1.142.198.68
    unknownAustralia
    1221ASN-TELSTRATelstraCorporationLtdAUfalse
    18.230.152.161
    unknownUnited States
    16509AMAZON-02USfalse
    123.71.229.193
    unknownChina
    9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
    164.7.1.167
    unknownFrance
    44013SANDVIK-ASSEfalse
    151.95.224.211
    unknownItaly
    1267ASN-WINDTREIUNETEUfalse
    161.57.94.13
    unknownUnited States
    11206FSU-AS-1USfalse
    202.59.56.79
    unknownAustralia
    9667HOSTWORKS-AS-AP5GNETWORKOPERATIONSPTYLTDAUfalse
    90.205.72.173
    unknownUnited Kingdom
    5607BSKYB-BROADBAND-ASGBfalse
    250.66.202.98
    unknownReserved
    unknownunknownfalse
    252.72.1.224
    unknownReserved
    unknownunknownfalse
    37.182.231.163
    unknownItaly
    30722VODAFONE-IT-ASNITfalse
    192.195.38.207
    unknownUnited States
    63242AS-CMN-LSUSfalse
    194.192.108.56
    unknownDenmark
    3292TDCTDCASDKfalse
    126.212.237.5
    unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
    109.54.105.56
    unknownItaly
    16232ASN-TIMServiceProviderITfalse
    192.243.129.241
    unknownUnited States
    22284AS22284-DOI-OPSUSfalse


    Runtime Messages

    Command:/tmp/9Q1fc1TZq4
    Exit Code:0
    Exit Code Info:
    Killed:False
    Standard Output:
    Connected To CNC
    Standard Error:

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    181.11.124.63BpWEfZ5bOUGet hashmaliciousBrowse

      Domains

      No context

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      SPLUNK-WESTUSZd0AiT1NLlGet hashmaliciousBrowse
      • 12.27.12.125
      4M635KGsZQGet hashmaliciousBrowse
      • 12.27.1.147
      biKMh38rahGet hashmaliciousBrowse
      • 12.27.12.124
      uonExmBR0rGet hashmaliciousBrowse
      • 12.27.12.113
      BS0Dxmu2goGet hashmaliciousBrowse
      • 12.27.66.8
      5CWZQgrWpiGet hashmaliciousBrowse
      • 12.27.12.134
      qKxXZuMvtPGet hashmaliciousBrowse
      • 12.27.59.120
      JitKPOeN6VGet hashmaliciousBrowse
      • 12.27.59.164
      UyXDmGaR6GGet hashmaliciousBrowse
      • 12.27.59.110
      vICewCRCdmGet hashmaliciousBrowse
      • 12.26.244.240
      tj2Fh7pIaRGet hashmaliciousBrowse
      • 12.26.81.6
      qvngtTJzmJGet hashmaliciousBrowse
      • 12.27.146.184
      LyJM38hR62Get hashmaliciousBrowse
      • 12.26.109.15
      qU7VOJ667IGet hashmaliciousBrowse
      • 12.27.12.143
      SOFTLAYERUS52lN2HSY7OGet hashmaliciousBrowse
      • 75.125.11.254
      VAkpLB9NSDGet hashmaliciousBrowse
      • 161.158.120.198
      1xtO9V8ku8Get hashmaliciousBrowse
      • 74.52.52.14
      40881-39611-05143-MT103.exeGet hashmaliciousBrowse
      • 158.85.87.76
      1Nb1LqIIq2Get hashmaliciousBrowse
      • 31.14.72.211
      u6tb4XMxwjGet hashmaliciousBrowse
      • 184.172.25.53
      Zd0AiT1NLlGet hashmaliciousBrowse
      • 52.116.198.154
      eoC9Q4T5rqGet hashmaliciousBrowse
      • 216.40.248.67
      phantom.x86Get hashmaliciousBrowse
      • 169.57.71.194
      tHvKFwwbTdGet hashmaliciousBrowse
      • 158.176.107.35
      sora.arm7Get hashmaliciousBrowse
      • 149.81.137.101
      wRdL20qd2BGet hashmaliciousBrowse
      • 108.229.79.35
      BOSFA Pty -Project File - PRICE REQUEST Ref#938019.94 Australia.xlsxGet hashmaliciousBrowse
      • 169.50.173.20
      iSdPRC85FyeX8HH.exeGet hashmaliciousBrowse
      • 169.60.130.133
      TKNqJsqMoYGet hashmaliciousBrowse
      • 70.85.140.194
      jerusalem.mipsGet hashmaliciousBrowse
      • 70.87.155.48
      Aw0o1T3OU3Get hashmaliciousBrowse
      • 184.172.50.11
      8NjgFrA0BQGet hashmaliciousBrowse
      • 161.202.19.208
      G1VOI453pGGet hashmaliciousBrowse
      • 198.144.31.197
      x86Get hashmaliciousBrowse
      • 169.55.195.184
      HINETDataCommunicationBusinessGroupTW52lN2HSY7OGet hashmaliciousBrowse
      • 211.21.103.87
      8p2APHSDxxGet hashmaliciousBrowse
      • 211.23.120.136
      gJlt5ysY1JGet hashmaliciousBrowse
      • 118.163.150.140
      phantom.arm7Get hashmaliciousBrowse
      • 111.252.250.102
      phantom.armGet hashmaliciousBrowse
      • 114.46.72.82
      1xtO9V8ku8Get hashmaliciousBrowse
      • 60.248.126.73
      E6dQ2XkeMEGet hashmaliciousBrowse
      • 122.120.165.225
      sGFWL8D5pGGet hashmaliciousBrowse
      • 125.231.168.118
      VfNGmDZ9QhGet hashmaliciousBrowse
      • 220.138.115.46
      wTl0adHrNTGet hashmaliciousBrowse
      • 1.172.175.198
      Gu4e88IYtQGet hashmaliciousBrowse
      • 220.134.232.117
      phantom.x86Get hashmaliciousBrowse
      • 114.38.29.67
      sora.arm7Get hashmaliciousBrowse
      • 114.37.108.45
      tqzWMGnGWpGet hashmaliciousBrowse
      • 220.143.101.187
      wRdL20qd2BGet hashmaliciousBrowse
      • 203.66.61.68
      xd.x86Get hashmaliciousBrowse
      • 118.160.32.5
      6i3SQBYjSLGet hashmaliciousBrowse
      • 114.42.104.129
      LpS8m2MdTqGet hashmaliciousBrowse
      • 114.45.165.69
      jerusalem.mipsGet hashmaliciousBrowse
      • 1.161.6.125
      jerusalem.x86Get hashmaliciousBrowse
      • 218.172.118.61

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.035748270293767
      TrID:
      • ELF Executable and Linkable format (generic) (4004/1) 100.00%
      File name:9Q1fc1TZq4
      File size:60412
      MD5:b192ed1edacfafee1a66012bfa2c45be
      SHA1:0a3451997f43964a25b203672441f3d4b615d224
      SHA256:b41bbb2bcc0d3106fd9767fe53f95329d4178ca48f3fdf700b80619b75207dba
      SHA512:6b4746660989827e03a6cbd51cf925d200e76368f9f792a7dd9dc0f0594410ea735af741d39f26fa48391f666270f39b81292a08f08f6c9e83670ab27137c1f4
      SSDEEP:768:eLobAxU6q9Hfymp0xginSYcCLUB6WsTwR11IQdszoDaS0O+DCDt:eL0AxvSHfymp0xgujcCLs6vTAIau6
      File Content Preview:.ELF...........................4...l.....4. ...(.......................................................x............dt.Q................................@..(....@.8R................#.....b0..`.....!..... ...@.....".........`......$ ... ...@...........`....

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, big endian
      Version:1 (current)
      Machine:Sparc
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x101a4
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:60012
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x100940x940x1c0x00x6AX004
      .textPROGBITS0x100b00xb00xe1800x00x6AX004
      .finiPROGBITS0x1e2300xe2300x140x00x6AX004
      .rodataPROGBITS0x1e2480xe2480x6680x00x2A008
      .ctorsPROGBITS0x2e8b40xe8b40x80x00x3WA004
      .dtorsPROGBITS0x2e8bc0xe8bc0x80x00x3WA004
      .dataPROGBITS0x2e8c80xe8c80x1640x00x3WA008
      .bssNOBITS0x2ea300xea2c0x2880x00x3WA008
      .shstrtabSTRTAB0x00xea2c0x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x100000x100000xe8b00xe8b03.38860x5R E0x10000.init .text .fini .rodata
      LOAD0xe8b40x2e8b40x2e8b40x1780x4040.31830x6RW 0x10000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 15, 2022 01:39:14.585288048 CET514221312192.168.2.23136.144.41.15
      Jan 15, 2022 01:39:14.591449976 CET6398223192.168.2.2353.37.140.118
      Jan 15, 2022 01:39:14.591506958 CET6398223192.168.2.23255.11.92.225
      Jan 15, 2022 01:39:14.591541052 CET6398223192.168.2.23113.221.14.222
      Jan 15, 2022 01:39:14.591725111 CET6398223192.168.2.2391.198.138.229
      Jan 15, 2022 01:39:14.591742992 CET6398223192.168.2.2374.14.252.38
      Jan 15, 2022 01:39:14.591742992 CET6398223192.168.2.23186.169.215.12
      Jan 15, 2022 01:39:14.591751099 CET6398223192.168.2.2363.76.153.143
      Jan 15, 2022 01:39:14.591766119 CET6398223192.168.2.23242.192.94.231
      Jan 15, 2022 01:39:14.591779947 CET6398223192.168.2.2393.163.0.92
      Jan 15, 2022 01:39:14.591792107 CET6398223192.168.2.23213.10.119.209
      Jan 15, 2022 01:39:14.591799974 CET6398223192.168.2.23195.161.100.74
      Jan 15, 2022 01:39:14.591799021 CET6398223192.168.2.23197.39.20.72
      Jan 15, 2022 01:39:14.591799974 CET6398223192.168.2.23247.25.74.11
      Jan 15, 2022 01:39:14.591804981 CET6398223192.168.2.2338.132.7.100
      Jan 15, 2022 01:39:14.591809034 CET6398223192.168.2.23216.209.64.3
      Jan 15, 2022 01:39:14.591820002 CET6398223192.168.2.23189.183.132.53
      Jan 15, 2022 01:39:14.591825962 CET6398223192.168.2.23116.35.20.108
      Jan 15, 2022 01:39:14.591871977 CET6398223192.168.2.23159.3.178.38
      Jan 15, 2022 01:39:14.591880083 CET6398223192.168.2.23208.100.192.160
      Jan 15, 2022 01:39:14.591885090 CET6398223192.168.2.23254.75.83.64
      Jan 15, 2022 01:39:14.591892004 CET6398223192.168.2.23145.194.139.115
      Jan 15, 2022 01:39:14.591901064 CET6398223192.168.2.2366.109.87.165
      Jan 15, 2022 01:39:14.591908932 CET6398223192.168.2.2338.77.77.248
      Jan 15, 2022 01:39:14.591917038 CET6398223192.168.2.23208.64.53.186
      Jan 15, 2022 01:39:14.591944933 CET6398223192.168.2.23240.0.122.142
      Jan 15, 2022 01:39:14.591960907 CET6398223192.168.2.23110.206.250.86
      Jan 15, 2022 01:39:14.591964960 CET6398223192.168.2.23217.82.231.151
      Jan 15, 2022 01:39:14.591968060 CET6398223192.168.2.239.244.168.67
      Jan 15, 2022 01:39:14.592144012 CET6398223192.168.2.23193.36.181.109
      Jan 15, 2022 01:39:14.592154980 CET6398223192.168.2.23190.44.190.77
      Jan 15, 2022 01:39:14.592156887 CET6398223192.168.2.2391.122.52.12
      Jan 15, 2022 01:39:14.592159986 CET6398223192.168.2.2396.83.141.58
      Jan 15, 2022 01:39:14.592176914 CET6398223192.168.2.23164.146.71.67
      Jan 15, 2022 01:39:14.592179060 CET6398223192.168.2.23220.191.251.91
      Jan 15, 2022 01:39:14.592186928 CET6398223192.168.2.23125.61.48.223
      Jan 15, 2022 01:39:14.592206001 CET6398223192.168.2.2336.31.15.146
      Jan 15, 2022 01:39:14.592207909 CET6398223192.168.2.23116.35.210.80
      Jan 15, 2022 01:39:14.592210054 CET6398223192.168.2.2382.231.242.223
      Jan 15, 2022 01:39:14.592212915 CET6398223192.168.2.2331.151.38.122
      Jan 15, 2022 01:39:14.592214108 CET6398223192.168.2.23197.68.141.240
      Jan 15, 2022 01:39:14.592230082 CET6398223192.168.2.23122.102.241.146
      Jan 15, 2022 01:39:14.592232943 CET6398223192.168.2.2373.119.62.16
      Jan 15, 2022 01:39:14.592237949 CET6398223192.168.2.23174.134.34.4
      Jan 15, 2022 01:39:14.592247009 CET6398223192.168.2.23195.118.217.228
      Jan 15, 2022 01:39:14.592263937 CET6398223192.168.2.2389.162.79.119
      Jan 15, 2022 01:39:14.592271090 CET6398223192.168.2.23149.83.114.206
      Jan 15, 2022 01:39:14.592279911 CET6398223192.168.2.23160.55.69.168
      Jan 15, 2022 01:39:14.592292070 CET6398223192.168.2.23163.88.190.118
      Jan 15, 2022 01:39:14.592303038 CET6398223192.168.2.23185.44.206.173
      Jan 15, 2022 01:39:14.592323065 CET6398223192.168.2.23126.138.115.208
      Jan 15, 2022 01:39:14.592504025 CET6398223192.168.2.23150.207.88.146
      Jan 15, 2022 01:39:14.592505932 CET6398223192.168.2.23181.18.11.107
      Jan 15, 2022 01:39:14.592509031 CET6398223192.168.2.23130.245.201.199
      Jan 15, 2022 01:39:14.592518091 CET6398223192.168.2.23223.115.21.159
      Jan 15, 2022 01:39:14.592528105 CET6398223192.168.2.2357.24.106.253
      Jan 15, 2022 01:39:14.592528105 CET6398223192.168.2.23114.42.180.62
      Jan 15, 2022 01:39:14.592533112 CET6398223192.168.2.2367.43.255.167
      Jan 15, 2022 01:39:14.592536926 CET6398223192.168.2.23222.161.156.88
      Jan 15, 2022 01:39:14.592538118 CET6398223192.168.2.23164.165.21.113
      Jan 15, 2022 01:39:14.592561960 CET6398223192.168.2.23101.135.97.186
      Jan 15, 2022 01:39:14.592564106 CET6398223192.168.2.23198.193.23.98
      Jan 15, 2022 01:39:14.592571974 CET6398223192.168.2.23150.226.29.252
      Jan 15, 2022 01:39:14.592573881 CET6398223192.168.2.23249.124.154.224
      Jan 15, 2022 01:39:14.592586040 CET6398223192.168.2.23166.105.192.147
      Jan 15, 2022 01:39:14.592593908 CET6398223192.168.2.2391.65.78.96
      Jan 15, 2022 01:39:14.592596054 CET6398223192.168.2.2374.99.79.25
      Jan 15, 2022 01:39:14.592596054 CET6398223192.168.2.23198.104.192.37
      Jan 15, 2022 01:39:14.592602968 CET6398223192.168.2.23109.136.114.51
      Jan 15, 2022 01:39:14.592605114 CET6398223192.168.2.2373.225.182.82
      Jan 15, 2022 01:39:14.592611074 CET6398223192.168.2.2388.73.155.15
      Jan 15, 2022 01:39:14.592622042 CET6398223192.168.2.23212.126.21.253
      Jan 15, 2022 01:39:14.592636108 CET6398223192.168.2.23122.9.195.96
      Jan 15, 2022 01:39:14.592668056 CET6398223192.168.2.23104.112.182.236
      Jan 15, 2022 01:39:14.592678070 CET6398223192.168.2.23212.173.184.225
      Jan 15, 2022 01:39:14.592694998 CET6398223192.168.2.2388.36.180.22
      Jan 15, 2022 01:39:14.592705011 CET6398223192.168.2.23181.201.10.173
      Jan 15, 2022 01:39:14.592708111 CET6398223192.168.2.23198.130.161.31
      Jan 15, 2022 01:39:14.592720985 CET6398223192.168.2.23163.220.90.30
      Jan 15, 2022 01:39:14.592720985 CET6398223192.168.2.23211.151.162.64
      Jan 15, 2022 01:39:14.592731953 CET6398223192.168.2.23243.0.100.115
      Jan 15, 2022 01:39:14.592736959 CET6398223192.168.2.2367.37.171.17
      Jan 15, 2022 01:39:14.592740059 CET6398223192.168.2.2357.109.27.108
      Jan 15, 2022 01:39:14.592746973 CET6398223192.168.2.2395.60.99.105
      Jan 15, 2022 01:39:14.592909098 CET6398223192.168.2.23135.143.145.35
      Jan 15, 2022 01:39:14.592921019 CET6398223192.168.2.2369.99.141.225
      Jan 15, 2022 01:39:14.592930079 CET6398223192.168.2.23161.149.39.143
      Jan 15, 2022 01:39:14.592933893 CET6398223192.168.2.23191.235.36.247
      Jan 15, 2022 01:39:14.592936993 CET6398223192.168.2.23123.95.102.122
      Jan 15, 2022 01:39:14.592948914 CET6398223192.168.2.2371.165.239.92
      Jan 15, 2022 01:39:14.592956066 CET6398223192.168.2.23104.48.165.237
      Jan 15, 2022 01:39:14.592957973 CET6398223192.168.2.2316.217.252.235
      Jan 15, 2022 01:39:14.592962027 CET6398223192.168.2.23195.120.145.227
      Jan 15, 2022 01:39:14.592962980 CET6398223192.168.2.2343.183.241.31
      Jan 15, 2022 01:39:14.592967033 CET6398223192.168.2.2357.35.245.213
      Jan 15, 2022 01:39:14.592974901 CET6398223192.168.2.2340.55.40.94
      Jan 15, 2022 01:39:14.592977047 CET6398223192.168.2.23204.170.134.232
      Jan 15, 2022 01:39:14.592988968 CET6398223192.168.2.232.107.15.204
      Jan 15, 2022 01:39:14.592991114 CET6398223192.168.2.23175.213.55.214
      Jan 15, 2022 01:39:14.592992067 CET6398223192.168.2.2371.108.49.177
      Jan 15, 2022 01:39:14.592993975 CET6398223192.168.2.23105.104.40.130
      Jan 15, 2022 01:39:14.592995882 CET6398223192.168.2.2371.112.88.178
      Jan 15, 2022 01:39:14.593003988 CET6398223192.168.2.23103.77.153.8
      Jan 15, 2022 01:39:14.593003988 CET6398223192.168.2.2360.95.254.126
      Jan 15, 2022 01:39:14.593014002 CET6398223192.168.2.2395.234.176.230
      Jan 15, 2022 01:39:14.593015909 CET6398223192.168.2.23139.228.101.154
      Jan 15, 2022 01:39:14.593017101 CET6398223192.168.2.2313.186.185.48
      Jan 15, 2022 01:39:14.593024015 CET6398223192.168.2.2368.209.61.206
      Jan 15, 2022 01:39:14.593024969 CET6398223192.168.2.23212.46.73.216
      Jan 15, 2022 01:39:14.593028069 CET6398223192.168.2.2361.233.17.218
      Jan 15, 2022 01:39:14.593035936 CET6398223192.168.2.23197.83.127.115
      Jan 15, 2022 01:39:14.593046904 CET6398223192.168.2.2373.76.89.75
      Jan 15, 2022 01:39:14.593066931 CET6398223192.168.2.23221.232.66.176
      Jan 15, 2022 01:39:14.593080044 CET6398223192.168.2.23199.29.116.3
      Jan 15, 2022 01:39:14.593085051 CET6398223192.168.2.23173.147.19.202
      Jan 15, 2022 01:39:14.593092918 CET6398223192.168.2.2318.107.174.151
      Jan 15, 2022 01:39:14.593115091 CET6398223192.168.2.23168.187.191.178
      Jan 15, 2022 01:39:14.593132019 CET6398223192.168.2.2343.88.156.220
      Jan 15, 2022 01:39:14.593141079 CET6398223192.168.2.23158.147.195.168
      Jan 15, 2022 01:39:14.593342066 CET6398223192.168.2.23252.195.141.164
      Jan 15, 2022 01:39:14.593343973 CET6398223192.168.2.23222.55.68.128
      Jan 15, 2022 01:39:14.593343973 CET6398223192.168.2.2382.26.93.15
      Jan 15, 2022 01:39:14.593343973 CET6398223192.168.2.238.208.157.163
      Jan 15, 2022 01:39:14.593350887 CET6398223192.168.2.23176.128.2.204
      Jan 15, 2022 01:39:14.593369007 CET6398223192.168.2.2386.34.171.226
      Jan 15, 2022 01:39:14.593372107 CET6398223192.168.2.23170.55.190.128
      Jan 15, 2022 01:39:14.593374014 CET6398223192.168.2.23152.245.76.107
      Jan 15, 2022 01:39:14.593377113 CET6398223192.168.2.2345.149.38.11
      Jan 15, 2022 01:39:14.593377113 CET6398223192.168.2.2384.60.201.42
      Jan 15, 2022 01:39:14.593384981 CET6398223192.168.2.2366.122.191.231
      Jan 15, 2022 01:39:14.593386889 CET6398223192.168.2.23157.106.88.73
      Jan 15, 2022 01:39:14.593395948 CET6398223192.168.2.2332.198.35.30
      Jan 15, 2022 01:39:14.593399048 CET6398223192.168.2.23206.101.216.125
      Jan 15, 2022 01:39:14.593399048 CET6398223192.168.2.23154.133.178.141
      Jan 15, 2022 01:39:14.593405962 CET6398223192.168.2.2337.164.119.56
      Jan 15, 2022 01:39:14.593415022 CET6398223192.168.2.2362.64.118.139
      Jan 15, 2022 01:39:14.593420029 CET6398223192.168.2.2391.131.146.75
      Jan 15, 2022 01:39:14.593430996 CET6398223192.168.2.2366.45.148.146
      Jan 15, 2022 01:39:14.593430042 CET6398223192.168.2.232.138.74.29
      Jan 15, 2022 01:39:14.593435049 CET6398223192.168.2.23175.155.249.134
      Jan 15, 2022 01:39:14.593451023 CET6398223192.168.2.23110.253.100.210
      Jan 15, 2022 01:39:14.593463898 CET6398223192.168.2.234.33.78.247
      Jan 15, 2022 01:39:14.593468904 CET6398223192.168.2.23240.109.142.31
      Jan 15, 2022 01:39:14.593491077 CET6398223192.168.2.23243.41.124.210
      Jan 15, 2022 01:39:14.593501091 CET6398223192.168.2.2387.109.46.113
      Jan 15, 2022 01:39:14.593518019 CET6398223192.168.2.23216.59.146.245
      Jan 15, 2022 01:39:14.593544960 CET6398223192.168.2.2360.208.233.182
      Jan 15, 2022 01:39:14.593545914 CET6398223192.168.2.23255.70.148.225
      Jan 15, 2022 01:39:14.593554974 CET6398223192.168.2.23104.222.14.162
      Jan 15, 2022 01:39:14.593565941 CET6398223192.168.2.23240.164.86.95
      Jan 15, 2022 01:39:14.593570948 CET6398223192.168.2.23114.16.251.70
      Jan 15, 2022 01:39:14.593573093 CET6398223192.168.2.2374.133.7.230
      Jan 15, 2022 01:39:14.593575954 CET6398223192.168.2.23210.49.174.214
      Jan 15, 2022 01:39:14.593583107 CET6398223192.168.2.23145.225.96.217
      Jan 15, 2022 01:39:14.593589067 CET6398223192.168.2.23221.187.217.70
      Jan 15, 2022 01:39:14.593602896 CET6398223192.168.2.23178.154.100.179
      Jan 15, 2022 01:39:14.593615055 CET6398223192.168.2.23193.40.26.84
      Jan 15, 2022 01:39:14.593658924 CET6398223192.168.2.23151.239.78.172
      Jan 15, 2022 01:39:14.593784094 CET6398223192.168.2.23190.206.191.253
      Jan 15, 2022 01:39:14.593826056 CET6398223192.168.2.2386.9.127.251
      Jan 15, 2022 01:39:14.593837976 CET6398223192.168.2.23123.115.32.33
      Jan 15, 2022 01:39:14.593838930 CET6398223192.168.2.2396.40.218.222
      Jan 15, 2022 01:39:14.593841076 CET6398223192.168.2.2396.202.95.87
      Jan 15, 2022 01:39:14.593841076 CET6398223192.168.2.23207.199.87.207
      Jan 15, 2022 01:39:14.593842030 CET6398223192.168.2.23146.28.54.254
      Jan 15, 2022 01:39:14.593843937 CET6398223192.168.2.23139.167.159.113
      Jan 15, 2022 01:39:14.593858957 CET6398223192.168.2.2312.85.254.167
      Jan 15, 2022 01:39:14.593882084 CET6398223192.168.2.2379.102.161.238
      Jan 15, 2022 01:39:14.593883038 CET6398223192.168.2.23249.183.144.155
      Jan 15, 2022 01:39:14.593889952 CET6398223192.168.2.23207.29.236.195
      Jan 15, 2022 01:39:14.593889952 CET6398223192.168.2.2395.181.118.66
      Jan 15, 2022 01:39:14.593893051 CET6398223192.168.2.2366.112.42.170
      Jan 15, 2022 01:39:14.593895912 CET6398223192.168.2.23253.121.194.69
      Jan 15, 2022 01:39:14.593902111 CET6398223192.168.2.2343.213.184.111
      Jan 15, 2022 01:39:14.593904018 CET6398223192.168.2.23163.160.205.109
      Jan 15, 2022 01:39:14.593905926 CET6398223192.168.2.2334.101.28.185
      Jan 15, 2022 01:39:14.593911886 CET6398223192.168.2.23117.185.166.154
      Jan 15, 2022 01:39:14.593918085 CET6398223192.168.2.23139.154.126.129
      Jan 15, 2022 01:39:14.593919992 CET6398223192.168.2.23119.173.61.77
      Jan 15, 2022 01:39:14.593928099 CET6398223192.168.2.23245.224.48.217
      Jan 15, 2022 01:39:14.593929052 CET6398223192.168.2.234.2.21.59
      Jan 15, 2022 01:39:14.593931913 CET6398223192.168.2.2373.64.201.170
      Jan 15, 2022 01:39:14.593954086 CET6398223192.168.2.2318.91.120.165
      Jan 15, 2022 01:39:14.593971968 CET6398223192.168.2.2327.193.72.118
      Jan 15, 2022 01:39:14.593988895 CET6398223192.168.2.23249.96.207.159
      Jan 15, 2022 01:39:14.593991995 CET6398223192.168.2.23155.105.235.73
      Jan 15, 2022 01:39:14.594183922 CET6398223192.168.2.23176.62.186.136
      Jan 15, 2022 01:39:14.594193935 CET6398223192.168.2.23204.166.53.207
      Jan 15, 2022 01:39:14.594198942 CET6398223192.168.2.2399.41.83.195
      Jan 15, 2022 01:39:14.594198942 CET6398223192.168.2.23205.172.115.5
      Jan 15, 2022 01:39:14.594201088 CET6398223192.168.2.23220.118.135.184
      Jan 15, 2022 01:39:14.594204903 CET6398223192.168.2.23178.139.47.7
      Jan 15, 2022 01:39:14.594214916 CET6398223192.168.2.23253.234.213.47
      Jan 15, 2022 01:39:14.594221115 CET6398223192.168.2.23242.31.53.94
      Jan 15, 2022 01:39:14.594229937 CET6398223192.168.2.2363.54.164.252
      Jan 15, 2022 01:39:14.594228983 CET6398223192.168.2.23254.192.147.130
      Jan 15, 2022 01:39:14.594232082 CET6398223192.168.2.23148.32.131.49
      Jan 15, 2022 01:39:14.594235897 CET6398223192.168.2.23106.113.161.117
      Jan 15, 2022 01:39:14.594235897 CET6398223192.168.2.23105.224.117.50
      Jan 15, 2022 01:39:14.594238997 CET6398223192.168.2.23174.255.209.164
      Jan 15, 2022 01:39:14.594249010 CET6398223192.168.2.23106.120.154.238
      Jan 15, 2022 01:39:14.594254017 CET6398223192.168.2.23211.128.219.205
      Jan 15, 2022 01:39:14.594254971 CET6398223192.168.2.23254.52.250.172
      Jan 15, 2022 01:39:14.594258070 CET6398223192.168.2.23165.163.69.126
      Jan 15, 2022 01:39:14.594259024 CET6398223192.168.2.23197.101.233.177
      Jan 15, 2022 01:39:14.594259977 CET6398223192.168.2.23247.240.63.250
      Jan 15, 2022 01:39:14.594264030 CET6398223192.168.2.23176.216.100.245
      Jan 15, 2022 01:39:14.594270945 CET6398223192.168.2.23121.188.40.206
      Jan 15, 2022 01:39:14.594274044 CET6398223192.168.2.23255.224.139.241
      Jan 15, 2022 01:39:14.594275951 CET6398223192.168.2.2327.117.168.39
      Jan 15, 2022 01:39:14.594279051 CET6398223192.168.2.2314.78.141.37
      Jan 15, 2022 01:39:14.594283104 CET6398223192.168.2.23213.0.24.188
      Jan 15, 2022 01:39:14.594291925 CET6398223192.168.2.2340.238.179.12
      Jan 15, 2022 01:39:14.594296932 CET6398223192.168.2.23156.216.90.195
      Jan 15, 2022 01:39:14.594296932 CET6398223192.168.2.23207.186.131.196
      Jan 15, 2022 01:39:14.594299078 CET6398223192.168.2.23117.223.216.169
      Jan 15, 2022 01:39:14.594300032 CET6398223192.168.2.23191.177.57.30
      Jan 15, 2022 01:39:14.594305992 CET6398223192.168.2.23144.88.154.219
      Jan 15, 2022 01:39:14.594317913 CET6398223192.168.2.239.204.151.155
      Jan 15, 2022 01:39:14.594331026 CET6398223192.168.2.238.135.200.66
      Jan 15, 2022 01:39:14.594335079 CET6398223192.168.2.2375.91.202.36
      Jan 15, 2022 01:39:14.594341040 CET6398223192.168.2.2313.86.204.5
      Jan 15, 2022 01:39:14.594351053 CET6398223192.168.2.23146.34.199.204
      Jan 15, 2022 01:39:14.594355106 CET6398223192.168.2.2337.66.189.167
      Jan 15, 2022 01:39:14.594369888 CET6398223192.168.2.23135.30.235.208
      Jan 15, 2022 01:39:14.594387054 CET6398223192.168.2.2381.4.59.123
      Jan 15, 2022 01:39:14.594392061 CET6398223192.168.2.23136.34.34.155
      Jan 15, 2022 01:39:14.594400883 CET6398223192.168.2.23208.157.62.38
      Jan 15, 2022 01:39:14.594403028 CET6398223192.168.2.2386.143.139.132
      Jan 15, 2022 01:39:14.594413996 CET