Edit tour
Linux
Analysis Report
uuC6SqiHEK
Overview
General Information
Sample Name: | uuC6SqiHEK |
Analysis ID: | 626460 |
MD5: | 772945ce381f38c38472a94893995e6f |
SHA1: | 62c42fe68280e67aa016afa49f844da73a1d2df1 |
SHA256: | cfcdff7a98c3829650988decae442e8daaf67cb471d13048ad0d578d8c5f63cf |
Tags: | 32elfmipsmirai |
Infos: |
Detection
Mirai
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Classification
Analysis Advice
Static ELF header machine description suggests that the sample might not execute correctly on this machine. |
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work. |
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures. |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 626460 |
Start date and time: 14/05/202203:44:04 | 2022-05-14 03:44:04 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | uuC6SqiHEK |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal64.troj.evad.lin@0/0@0/0 |
- Report size exceeded maximum capacity and may have missing network information.
- TCP Packets have been reduced to 100
Command: | /tmp/uuC6SqiHEK |
PID: | 6223 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Connected To CNC |
Standard Error: |
- system is lnxubuntu20
- uuC6SqiHEK New Fork (PID: 6225, Parent: 6223)
- uuC6SqiHEK New Fork (PID: 6326, Parent: 6225)
- uuC6SqiHEK New Fork (PID: 6328, Parent: 6225)
- uuC6SqiHEK New Fork (PID: 6330, Parent: 6328)
- uuC6SqiHEK New Fork (PID: 6343, Parent: 6330)
- uuC6SqiHEK New Fork (PID: 6345, Parent: 6330)
- uuC6SqiHEK New Fork (PID: 6332, Parent: 6328)
- uuC6SqiHEK New Fork (PID: 6333, Parent: 6328)
- uuC6SqiHEK New Fork (PID: 6226, Parent: 6223)
- uuC6SqiHEK New Fork (PID: 6227, Parent: 6223)
- uuC6SqiHEK New Fork (PID: 6231, Parent: 6227)
- uuC6SqiHEK New Fork (PID: 6337, Parent: 6231)
- uuC6SqiHEK New Fork (PID: 6339, Parent: 6231)
- uuC6SqiHEK New Fork (PID: 6233, Parent: 6227)
- uuC6SqiHEK New Fork (PID: 6234, Parent: 6227)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_12 | Yara detected Mirai | Joe Security |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: | ||
Source: | Socket: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | Program segment: |
Source: | SIGKILL sent: | ||
Source: | SIGKILL sent: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Queries kernel information via 'uname': |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 11 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
43% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
106.74.102.98 | unknown | China | 133118 | UNICOM-CNChinaUnicomIPnetworkCN | false | |
16.145.233.90 | unknown | United States | unknown | unknown | false | |
103.48.197.179 | unknown | India | 133982 | EXCITEL-AS-INExcitelBroadbandPrivateLimitedIN | false | |
94.65.166.89 | unknown | Greece | 6799 | OTENET-GRAthens-GreeceGR | false | |
4.85.99.192 | unknown | United States | 3356 | LEVEL3US | false | |
244.229.95.159 | unknown | Reserved | unknown | unknown | false | |
198.43.106.103 | unknown | United States | 8038 | 6CONNECTUS | false | |
183.193.97.71 | unknown | China | 24400 | CMNET-V4SHANGHAI-AS-APShanghaiMobileCommunicationsCoLt | false | |
199.69.193.131 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
212.49.48.110 | unknown | Poland | 3327 | CITICCITICTelecomCPCNetherlandsBVEE | false | |
79.52.33.177 | unknown | Italy | 3269 | ASN-IBSNAZIT | false | |
67.191.151.129 | unknown | United States | 7922 | COMCAST-7922US | false | |
221.60.81.122 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
159.56.8.217 | unknown | United States | 11351 | TWC-11351-NORTHEASTUS | false | |
253.158.26.187 | unknown | Reserved | unknown | unknown | false | |
152.70.164.7 | unknown | United States | 393676 | ZENEDGEUS | false | |
14.46.92.98 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
87.208.121.119 | unknown | Netherlands | 13127 | VERSATELASfortheTrans-EuropeanTele2IPTransportbackbo | false | |
146.30.9.7 | unknown | United States | 197938 | TRAVIANGAMESDE | false | |
13.225.38.199 | unknown | United States | 16509 | AMAZON-02US | false | |
252.118.152.132 | unknown | Reserved | unknown | unknown | false | |
220.134.72.61 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
167.147.188.217 | unknown | Canada | 25899 | LSNETUS | false | |
133.252.162.131 | unknown | Japan | 7687 | D-CRUISENETTOYOTADIGITALCRUISEINCORPORATEDJP | false | |
68.46.131.251 | unknown | United States | 7922 | COMCAST-7922US | false | |
158.178.211.155 | unknown | United Kingdom | 15830 | EQUINIX-CONNECT-EMEAGB | false | |
201.161.230.122 | unknown | Mexico | 28549 | CableyComunicaciondeCampecheSAdeCVMX | false | |
66.217.160.194 | unknown | United States | 7029 | WINDSTREAMUS | false | |
159.82.197.236 | unknown | United States | 16928 | UTCNETUS | false | |
161.108.200.94 | unknown | United States | 3955 | WANG-US-1US | false | |
40.207.222.239 | unknown | United States | 4249 | LILLY-ASUS | false | |
251.107.145.150 | unknown | Reserved | unknown | unknown | false | |
247.21.116.49 | unknown | Reserved | unknown | unknown | false | |
88.8.231.68 | unknown | Spain | 3352 | TELEFONICA_DE_ESPANAES | false | |
112.175.44.193 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
37.110.208.188 | unknown | Uzbekistan | 41202 | UNITELUZ | false | |
91.175.167.230 | unknown | France | 12322 | PROXADFR | false | |
101.107.22.252 | unknown | China | 4847 | CNIX-APChinaNetworksInter-ExchangeCN | false | |
117.89.208.53 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
249.17.141.60 | unknown | Reserved | unknown | unknown | false | |
208.122.146.58 | unknown | United States | 46476 | TTUHSCUS | false | |
60.238.28.32 | unknown | Japan | 2518 | BIGLOBEBIGLOBEIncJP | false | |
177.250.111.169 | unknown | Paraguay | 27866 | COPACOPY | false | |
104.214.47.103 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
174.14.19.141 | unknown | United States | 6327 | SHAWCA | false | |
193.16.95.100 | unknown | Germany | 9145 | EWETELCloppenburgerStrasse310DE | false | |
87.85.42.151 | unknown | United Kingdom | 4589 | EASYNETEasynetGlobalServicesEU | false | |
198.8.229.114 | unknown | United States | 13540 | LIBERTY-MUTUALUS | false | |
100.184.225.176 | unknown | United States | 21928 | T-MOBILE-AS21928US | false | |
141.203.224.250 | unknown | Austria | 6720 | MAGWIENAT | false | |
138.216.43.88 | unknown | Finland | 1759 | TSF-IP-CORETeliaFinlandOyjEU | false | |
39.192.61.34 | unknown | Indonesia | 23693 | TELKOMSEL-ASN-IDPTTelekomunikasiSelularID | false | |
70.186.61.172 | unknown | United States | 22773 | ASN-CXA-ALL-CCI-22773-RDCUS | false | |
173.157.32.247 | unknown | United States | 10507 | SPCSUS | false | |
255.56.80.239 | unknown | Reserved | unknown | unknown | false | |
90.110.42.134 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
24.27.166.110 | unknown | United States | 10796 | TWC-10796-MIDWESTUS | false | |
64.61.215.85 | unknown | United States | 32946 | RPU-1892US | false | |
97.170.127.8 | unknown | United States | 6167 | CELLCO-PARTUS | false | |
42.195.247.73 | unknown | China | 4249 | LILLY-ASUS | false | |
193.66.92.128 | unknown | Finland | 719 | ELISA-ASHelsinkiFinlandEU | false | |
98.39.11.74 | unknown | United States | 7922 | COMCAST-7922US | false | |
162.173.110.34 | unknown | United States | 21928 | T-MOBILE-AS21928US | false | |
65.11.58.74 | unknown | United States | 16509 | AMAZON-02US | false | |
115.103.189.181 | unknown | China | 4837 | CHINA169-BACKBONECHINAUNICOMChina169BackboneCN | false | |
78.218.113.35 | unknown | France | 12322 | PROXADFR | false | |
170.174.149.73 | unknown | United States | 11685 | HNBCOL-ASUS | false | |
250.102.71.130 | unknown | Reserved | unknown | unknown | false | |
97.173.157.158 | unknown | United States | 6167 | CELLCO-PARTUS | false | |
251.153.15.216 | unknown | Reserved | unknown | unknown | false | |
202.124.2.146 | unknown | Japan | 18126 | CTCXChubuTelecommunicationsCompanyIncJP | false | |
172.75.225.48 | unknown | United States | 11426 | TWC-11426-CAROLINASUS | false | |
157.54.61.122 | unknown | United States | 3598 | MICROSOFT-CORP-ASUS | false | |
142.165.15.143 | unknown | Canada | 803 | SASKTELCA | false | |
116.240.246.240 | unknown | Australia | 9443 | VOCUS-RETAIL-AUVocusRetailAU | false | |
20.229.247.194 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
96.120.35.241 | unknown | United States | 7922 | COMCAST-7922US | false | |
54.118.15.136 | unknown | United States | 16509 | AMAZON-02US | false | |
31.226.141.94 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
206.171.177.30 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
17.93.233.237 | unknown | United States | 714 | APPLE-ENGINEERINGUS | false | |
87.80.16.160 | unknown | United Kingdom | 5607 | BSKYB-BROADBAND-ASGB | false | |
117.246.144.137 | unknown | India | 9829 | BSNL-NIBNationalInternetBackboneIN | false | |
187.46.78.46 | unknown | Brazil | 26615 | TIMSABR | false | |
39.145.157.157 | unknown | China | 9808 | CMNET-GDGuangdongMobileCommunicationCoLtdCN | false | |
105.77.140.180 | unknown | Morocco | 36884 | MAROCCONNECTMA | false | |
37.246.127.6 | unknown | Moldova Republic of | 57598 | FIBERHOP-ASNMD | false | |
93.77.136.84 | unknown | Ukraine | 25229 | VOLIA-ASUA | false | |
184.9.206.96 | unknown | United States | 7011 | FRONTIER-AND-CITIZENSUS | false | |
79.73.27.61 | unknown | United Kingdom | 9105 | TISCALI-UKTalkTalkCommunicationsLimitedGB | false | |
81.170.168.42 | unknown | Sweden | 8473 | BAHNHOFhttpwwwbahnhofnetSE | false | |
171.29.63.199 | unknown | United Kingdom | 34457 | AMB-GENERALIDE | false | |
204.176.239.53 | unknown | United States | 701 | UUNETUS | false | |
19.1.83.197 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
130.190.252.22 | unknown | France | 1942 | FR-TIGREToileInformatiqueGREnobloiseEU | false | |
113.109.71.95 | unknown | China | 4816 | CHINANET-IDC-GDChinaTelecomGroupCN | false | |
156.226.9.176 | unknown | Seychelles | 135357 | SKHT-ASShenzhenKatherineHengTechnologyInformationCo | false | |
155.58.195.100 | unknown | United States | 23366 | LSUHEALTHSCIENCESCTRUS | false | |
36.46.16.113 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
201.115.242.113 | unknown | Mexico | 8151 | UninetSAdeCVMX | false |
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.87857528714088 |
TrID: |
|
File name: | uuC6SqiHEK |
File size: | 27244 |
MD5: | 772945ce381f38c38472a94893995e6f |
SHA1: | 62c42fe68280e67aa016afa49f844da73a1d2df1 |
SHA256: | cfcdff7a98c3829650988decae442e8daaf67cb471d13048ad0d578d8c5f63cf |
SHA512: | a2d3b5264ed4754a4c639fa28dc1076f98e99d3b3e4ce25dcfe99e4335842186b431ff11011617e9a27a02e5148c92f3721aa3b6010902763724958791a17bd4 |
SSDEEP: | 768:MLCUFskb2JgIs/E2+OocrfJiHNjfmQ2q7IoqdBqWn:oCrJgHiOJrfwmQrctH |
TLSH: | 91C2E1DFB49A38C5CD1C5CBC219D5AD115B992C7334A8F0837502DCDA57645FB8AC8B8 |
File Content Preview: | .ELF.....................V..4...........4. ...(.....................Ei..Ei....................E...E....................tUPX!d.......T...T.......T..........?.E.h;....#......b.L#4E..,,....M..D{c....j;.D .A....~.....hE.:.O........L..N.7g..\....R............. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | |
Entry Point Address: | |
Flags: | |
ELF Header Size: | |
Program Header Offset: | |
Program Header Size: | |
Number of Program Headers: | |
Section Header Offset: | |
Section Header Size: | |
Number of Section Headers: | |
Header String Table Index: |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x6945 | 0x6945 | 4.1994 | 0x5 | R E | 0x10000 | ||
LOAD | 0x18c0 | 0x4518c0 | 0x4518c0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 14, 2022 03:44:50.037815094 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
May 14, 2022 03:44:51.061796904 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
May 14, 2022 03:44:51.643457890 CEST | 60988 | 1312 | 192.168.2.23 | 107.172.197.117 |
May 14, 2022 03:44:51.660052061 CEST | 2031 | 23 | 192.168.2.23 | 81.164.18.153 |
May 14, 2022 03:44:51.660134077 CEST | 2031 | 23 | 192.168.2.23 | 81.190.24.117 |
May 14, 2022 03:44:51.660180092 CEST | 2031 | 23 | 192.168.2.23 | 176.255.189.66 |
May 14, 2022 03:44:51.660214901 CEST | 2031 | 23 | 192.168.2.23 | 169.60.0.176 |
May 14, 2022 03:44:51.660231113 CEST | 2031 | 23 | 192.168.2.23 | 158.41.69.167 |
May 14, 2022 03:44:51.660240889 CEST | 2031 | 23 | 192.168.2.23 | 201.168.217.66 |
May 14, 2022 03:44:51.660265923 CEST | 2031 | 23 | 192.168.2.23 | 149.187.54.80 |
May 14, 2022 03:44:51.660274029 CEST | 2031 | 23 | 192.168.2.23 | 186.229.17.36 |
May 14, 2022 03:44:51.660299063 CEST | 2031 | 23 | 192.168.2.23 | 156.122.41.224 |
May 14, 2022 03:44:51.660305023 CEST | 2031 | 23 | 192.168.2.23 | 162.43.188.92 |
May 14, 2022 03:44:51.660320044 CEST | 2031 | 23 | 192.168.2.23 | 80.219.143.79 |
May 14, 2022 03:44:51.660339117 CEST | 2031 | 23 | 192.168.2.23 | 73.215.253.205 |
May 14, 2022 03:44:51.660339117 CEST | 2031 | 23 | 192.168.2.23 | 177.247.14.87 |
May 14, 2022 03:44:51.660355091 CEST | 2031 | 23 | 192.168.2.23 | 170.218.61.135 |
May 14, 2022 03:44:51.660356045 CEST | 2031 | 23 | 192.168.2.23 | 176.229.196.150 |
May 14, 2022 03:44:51.660382032 CEST | 2031 | 23 | 192.168.2.23 | 160.98.192.57 |
May 14, 2022 03:44:51.660398006 CEST | 2031 | 23 | 192.168.2.23 | 73.77.195.60 |
May 14, 2022 03:44:51.660427094 CEST | 2031 | 23 | 192.168.2.23 | 199.95.0.73 |
May 14, 2022 03:44:51.660460949 CEST | 2031 | 23 | 192.168.2.23 | 90.10.31.33 |
May 14, 2022 03:44:51.660465956 CEST | 2031 | 23 | 192.168.2.23 | 19.142.189.170 |
May 14, 2022 03:44:51.660496950 CEST | 2031 | 23 | 192.168.2.23 | 178.248.85.9 |
May 14, 2022 03:44:51.660499096 CEST | 2031 | 23 | 192.168.2.23 | 254.184.255.182 |
May 14, 2022 03:44:51.660502911 CEST | 2031 | 23 | 192.168.2.23 | 93.22.122.203 |
May 14, 2022 03:44:51.660511017 CEST | 2031 | 23 | 192.168.2.23 | 178.34.193.211 |
May 14, 2022 03:44:51.660559893 CEST | 2031 | 23 | 192.168.2.23 | 135.200.206.144 |
May 14, 2022 03:44:51.660572052 CEST | 2031 | 23 | 192.168.2.23 | 114.223.243.18 |
May 14, 2022 03:44:51.660579920 CEST | 2031 | 23 | 192.168.2.23 | 164.189.145.57 |
May 14, 2022 03:44:51.660615921 CEST | 2031 | 23 | 192.168.2.23 | 220.108.224.202 |
May 14, 2022 03:44:51.660619020 CEST | 2031 | 23 | 192.168.2.23 | 167.206.70.100 |
May 14, 2022 03:44:51.660641909 CEST | 2031 | 23 | 192.168.2.23 | 93.7.20.188 |
May 14, 2022 03:44:51.660650015 CEST | 2031 | 23 | 192.168.2.23 | 141.156.199.81 |
May 14, 2022 03:44:51.660655022 CEST | 2031 | 23 | 192.168.2.23 | 23.61.30.224 |
May 14, 2022 03:44:51.660659075 CEST | 2031 | 23 | 192.168.2.23 | 186.241.155.185 |
May 14, 2022 03:44:51.660666943 CEST | 2031 | 23 | 192.168.2.23 | 223.30.162.238 |
May 14, 2022 03:44:51.660676956 CEST | 2031 | 23 | 192.168.2.23 | 251.194.244.233 |
May 14, 2022 03:44:51.660681009 CEST | 2031 | 23 | 192.168.2.23 | 210.77.27.194 |
May 14, 2022 03:44:51.660685062 CEST | 2031 | 23 | 192.168.2.23 | 253.171.246.232 |
May 14, 2022 03:44:51.660705090 CEST | 2031 | 23 | 192.168.2.23 | 16.210.45.107 |
May 14, 2022 03:44:51.660732985 CEST | 2031 | 23 | 192.168.2.23 | 35.50.253.208 |
May 14, 2022 03:44:51.660757065 CEST | 2031 | 23 | 192.168.2.23 | 204.130.38.27 |
May 14, 2022 03:44:51.660825014 CEST | 2031 | 23 | 192.168.2.23 | 146.193.251.221 |
May 14, 2022 03:44:51.660829067 CEST | 2031 | 23 | 192.168.2.23 | 199.100.229.31 |
May 14, 2022 03:44:51.660840988 CEST | 2031 | 23 | 192.168.2.23 | 253.77.247.140 |
May 14, 2022 03:44:51.660856962 CEST | 2031 | 23 | 192.168.2.23 | 68.103.221.205 |
May 14, 2022 03:44:51.660864115 CEST | 2031 | 23 | 192.168.2.23 | 213.182.0.235 |
May 14, 2022 03:44:51.660871029 CEST | 2031 | 23 | 192.168.2.23 | 77.175.88.85 |
May 14, 2022 03:44:51.660881042 CEST | 2031 | 23 | 192.168.2.23 | 123.30.15.218 |
May 14, 2022 03:44:51.660916090 CEST | 2031 | 23 | 192.168.2.23 | 40.61.201.120 |
May 14, 2022 03:44:51.660921097 CEST | 2031 | 23 | 192.168.2.23 | 60.220.22.152 |
May 14, 2022 03:44:51.660929918 CEST | 2031 | 23 | 192.168.2.23 | 19.32.126.236 |
May 14, 2022 03:44:51.660940886 CEST | 2031 | 23 | 192.168.2.23 | 161.92.22.160 |
May 14, 2022 03:44:51.660965919 CEST | 2031 | 23 | 192.168.2.23 | 79.81.133.233 |
May 14, 2022 03:44:51.660978079 CEST | 2031 | 23 | 192.168.2.23 | 14.241.184.188 |
May 14, 2022 03:44:51.660988092 CEST | 2031 | 23 | 192.168.2.23 | 17.252.251.59 |
May 14, 2022 03:44:51.660996914 CEST | 2031 | 23 | 192.168.2.23 | 133.151.14.218 |
May 14, 2022 03:44:51.661021948 CEST | 2031 | 23 | 192.168.2.23 | 160.185.48.34 |
May 14, 2022 03:44:51.661070108 CEST | 2031 | 23 | 192.168.2.23 | 188.3.235.182 |
May 14, 2022 03:44:51.661082029 CEST | 2031 | 23 | 192.168.2.23 | 196.86.236.160 |
May 14, 2022 03:44:51.661084890 CEST | 2031 | 23 | 192.168.2.23 | 201.1.207.238 |
May 14, 2022 03:44:51.661104918 CEST | 2031 | 23 | 192.168.2.23 | 170.245.45.23 |
May 14, 2022 03:44:51.661114931 CEST | 2031 | 23 | 192.168.2.23 | 4.154.162.247 |
May 14, 2022 03:44:51.661137104 CEST | 2031 | 23 | 192.168.2.23 | 62.177.172.85 |
May 14, 2022 03:44:51.661139965 CEST | 2031 | 23 | 192.168.2.23 | 108.27.30.228 |
May 14, 2022 03:44:51.661150932 CEST | 2031 | 23 | 192.168.2.23 | 167.70.89.236 |
May 14, 2022 03:44:51.661184072 CEST | 2031 | 23 | 192.168.2.23 | 107.57.86.129 |
May 14, 2022 03:44:51.661201954 CEST | 2031 | 23 | 192.168.2.23 | 246.62.10.131 |
May 14, 2022 03:44:51.661207914 CEST | 2031 | 23 | 192.168.2.23 | 194.66.158.245 |
May 14, 2022 03:44:51.661226034 CEST | 2031 | 23 | 192.168.2.23 | 23.183.63.170 |
May 14, 2022 03:44:51.661247969 CEST | 2031 | 23 | 192.168.2.23 | 86.19.110.108 |
May 14, 2022 03:44:51.661267042 CEST | 2031 | 23 | 192.168.2.23 | 86.108.11.197 |
May 14, 2022 03:44:51.661293983 CEST | 2031 | 23 | 192.168.2.23 | 185.231.66.188 |
May 14, 2022 03:44:51.661302090 CEST | 2031 | 23 | 192.168.2.23 | 220.110.147.111 |
May 14, 2022 03:44:51.661326885 CEST | 2031 | 23 | 192.168.2.23 | 208.196.58.49 |
May 14, 2022 03:44:51.661333084 CEST | 2031 | 23 | 192.168.2.23 | 12.100.139.252 |
May 14, 2022 03:44:51.661350012 CEST | 2031 | 23 | 192.168.2.23 | 167.30.228.233 |
May 14, 2022 03:44:51.661350965 CEST | 2031 | 23 | 192.168.2.23 | 17.111.92.89 |
May 14, 2022 03:44:51.661355019 CEST | 2031 | 23 | 192.168.2.23 | 41.14.86.82 |
May 14, 2022 03:44:51.661361933 CEST | 2031 | 23 | 192.168.2.23 | 188.72.99.90 |
May 14, 2022 03:44:51.661384106 CEST | 2031 | 23 | 192.168.2.23 | 39.235.70.88 |
May 14, 2022 03:44:51.661392927 CEST | 2031 | 23 | 192.168.2.23 | 77.26.161.34 |
May 14, 2022 03:44:51.661405087 CEST | 2031 | 23 | 192.168.2.23 | 135.29.74.36 |
May 14, 2022 03:44:51.661413908 CEST | 2031 | 23 | 192.168.2.23 | 27.41.42.64 |
May 14, 2022 03:44:51.661417961 CEST | 2031 | 23 | 192.168.2.23 | 121.59.159.169 |
May 14, 2022 03:44:51.661426067 CEST | 2031 | 23 | 192.168.2.23 | 249.155.71.75 |
May 14, 2022 03:44:51.661449909 CEST | 2031 | 23 | 192.168.2.23 | 46.95.181.171 |
May 14, 2022 03:44:51.661462069 CEST | 2031 | 23 | 192.168.2.23 | 32.14.142.38 |
May 14, 2022 03:44:51.661473036 CEST | 2031 | 23 | 192.168.2.23 | 27.27.40.211 |
May 14, 2022 03:44:51.661478996 CEST | 2031 | 23 | 192.168.2.23 | 132.2.194.218 |
May 14, 2022 03:44:51.661501884 CEST | 2031 | 23 | 192.168.2.23 | 208.2.114.239 |
May 14, 2022 03:44:51.661506891 CEST | 2031 | 23 | 192.168.2.23 | 201.115.242.113 |
May 14, 2022 03:44:51.661509991 CEST | 2031 | 23 | 192.168.2.23 | 88.211.34.113 |
May 14, 2022 03:44:51.661521912 CEST | 2031 | 23 | 192.168.2.23 | 92.92.211.101 |
May 14, 2022 03:44:51.661524057 CEST | 2031 | 23 | 192.168.2.23 | 109.44.84.197 |
May 14, 2022 03:44:51.661556005 CEST | 2031 | 23 | 192.168.2.23 | 212.79.85.245 |
May 14, 2022 03:44:51.661577940 CEST | 2031 | 23 | 192.168.2.23 | 165.89.236.144 |
May 14, 2022 03:44:51.661577940 CEST | 2031 | 23 | 192.168.2.23 | 159.63.72.111 |
May 14, 2022 03:44:51.661602020 CEST | 2031 | 23 | 192.168.2.23 | 17.101.130.62 |
System Behavior
Start time: | 03:44:50 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | /tmp/uuC6SqiHEK |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:50 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:42 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:42 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:42 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:47 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:47 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:42 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:42 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:50 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:50 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:50 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:43 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:47:43 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:51 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time: | 03:44:51 |
Start date: | 14/05/2022 |
Path: | /tmp/uuC6SqiHEK |
Arguments: | n/a |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |