Linux Analysis Report
Smqw34mNlm

Overview

General Information

Sample Name:	Smqw34mNlm
Analysis ID:	679269
MD5:	280c087a0073bd36784e8af0b7254670
SHA1:	0c650be334cc8f692102e27d4a0e9ae3d97afd71
SHA256:	8b5fc53ad49b0005798e9fdd8a9738d798755ee6070b08d1fff41c848200548a
Tags:	64elfmirai
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Yara detected Mirai

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Smqw34mNlm

Avira: detected

Multi AV Scanner detection for submitted file

Source: Smqw34mNlm	Virustotal: Detection: 38%			Perma Link
Source: Smqw34mNlm	ReversingLabs: Detection: 76%

Machine Learning detection for sample

Source: Smqw34mNlm

Joe Sandbox ML: detected

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:38182 -> 31.7.58.162:5556
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 7.168.141.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 118.131.166.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.254.59.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.20.109.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 70.27.243.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.200.25.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.131.0.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.2.199.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 58.88.193.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.7.174.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.54.119.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.84.124.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.224.41.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.22.111.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.30.152.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 188.168.248.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 241.151.153.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.87.20.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.56.162.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 22.121.3.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.21.36.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 199.1.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.158.183.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 96.143.115.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.102.235.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.22.197.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 105.65.190.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 71.110.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.9.131.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.161.214.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 84.159.157.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.154.84.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.161.218.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 32.148.104.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.83.17.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.60.104.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.146.80.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 82.68.138.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 83.33.27.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 44.139.115.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.82.220.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 40.12.224.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 89.168.8.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 165.131.140.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.80.226.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.67.198.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.46.66.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.81.128.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.183.201.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 174.202.244.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 151.6.109.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 134.56.184.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 223.183.168.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 76.124.136.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 2.93.1.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.122.84.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 255.140.150.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 34.154.100.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.182.236.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.78.21.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 83.29.88.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.130.192.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 113.39.49.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 251.19.187.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.169.138.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 75.177.109.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.160.97.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.109.98.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.64.16.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.195.133.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.200.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.25.123.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.6.95.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.241.246.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.33.221.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.39.251.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.231.158.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.35.25.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 53.108.221.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 242.49.206.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.136.73.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 116.3.116.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.26.9.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 96.0.53.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 65.248.211.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 190.223.148.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.211.223.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.98.34.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 42.175.83.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 6.167.91.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.15.222.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 138.191.5.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.221.201.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.201.69.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 81.109.125.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.197.60.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.179.155.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.9.172.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.14.199.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 81.105.134.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.130.122.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.162.132.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.250.101.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 71.51.138.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 214.45.255.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.40.24.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 156.101.194.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 44.7.66.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.143.250.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.59.237.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 201.158.216.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.232.119.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.110.79.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.150.202.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.144.8.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 48.20.167.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.170.134.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 222.25.94.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 42.160.111.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.237.102.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.143.205.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 21.67.9.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 169.181.128.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 60.26.228.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 6.224.23.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.63.241.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.185.63.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.97.85.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.20.113.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.49.189.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 60.154.128.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.226.14.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 173.85.177.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 140.129.11.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.80.201.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 111.105.210.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 114.132.27.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.100.105.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 170.82.71.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.252.173.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.29.36.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.55.92.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 176.138.133.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 90.146.93.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.173.177.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 242.227.159.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 176.224.171.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 43.4.114.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.151.160.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.227.163.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.236.74.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.62.248.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.72.206.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 8.123.122.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.50.189.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.103.247.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.153.83.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 245.5.170.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.203.170.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.203.7.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 251.73.232.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.0.106.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.237.215.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.70.81.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.142.188.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.216.29.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 98.45.118.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 115.102.255.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.226.10.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.8.10.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 208.110.150.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.27.15.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.220.112.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 141.138.86.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.99.153.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.146.113.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.167.239.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.96.70.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 29.130.23.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.2.238.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.25.4.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.0.174.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.15.27.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 117.89.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.169.244.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 243.103.146.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 157.209.230.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 19.129.103.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.12.131.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.83.48.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.120.253.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 191.110.156.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.14.218.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.30.173.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 63.9.251.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.65.93.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 169.231.246.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.176.15.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.70.96.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 249.207.100.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.183.96.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 82.76.113.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.107.15.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 195.37.109.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 216.101.144.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 30.185.153.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 161.138.172.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 28.30.110.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 78.101.248.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.172.83.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 188.186.176.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.221.113.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.140.186.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.94.35.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 40.181.146.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.131.246.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.184.156.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.0.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.63.121.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.171.94.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.238.29.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.209.140.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 73.69.50.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 9.77.132.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.47.63.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.190.115.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.67.217.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.80.119.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.213.116.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 204.166.117.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.25.8.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 180.49.7.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 68.252.102.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 148.97.237.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 209.187.16.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.80.241.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.183.96.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.127.217.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.171.189.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 37.174.28.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 39.9.55.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 200.201.156.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 198.176.80.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.188.246.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.139.230.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.123.2.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 208.82.152.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.61.238.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.50.34.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 63.154.68.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.162.66.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 122.47.177.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 221.166.28.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.235.175.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.51.33.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 202.109.153.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.103.184.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 131.41.111.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 58.4.2.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.46.169.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.1.187.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 219.11.123.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.159.238.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 247.47.49.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 203.255.223.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.248.159.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 25.150.180.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.100.95.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.151.211.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.144.163.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.86.213.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.170.251.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 73.229.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 220.205.52.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 124.85.49.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.84.183.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 148.63.130.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 108.69.35.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 108.132.59.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.139.184.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 36.176.220.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.230.72.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.163.65.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.19.231.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.225.104.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 184.185.47.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.17.155.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 138.220.23.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.6.33.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 201.192.212.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.197.192.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 92.113.179.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.57.12.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 93.236.25.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 106.195.194.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 105.154.26.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.107.87.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.254.176.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 245.38.139.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.171.31.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 151.226.124.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.172.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.117.19.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.185.158.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.82.129.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 200.113.91.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 56.15.80.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.17.252.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 191.148.165.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.234.116.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 8.189.175.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.165.210.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.183.189.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.199.236.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.38.210.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 22.133.58.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.242.140.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 51.21.230.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 38.28.246.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.144.245.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.128.158.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 21.150.123.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.143.128.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.243.109.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 88.85.242.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.152.151.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 135.98.242.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 25.161.156.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.242.11.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.199.10.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 90.167.127.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.99.126.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.1.203.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.188.93.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.231.183.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.47.169.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.62.90.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 196.61.156.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.168.32.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 213.141.164.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 38.129.174.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 5.20.95.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.124.219.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.228.175.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.104.117.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.244.192.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.217.118.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.244.131.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 135.16.123.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.205.3.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 76.171.37.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 199.81.180.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 203.101.75.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.143.74.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.154.43.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.244.184.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.89.79.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.111.177.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.125.159.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 146.17.74.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 221.235.198.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 213.159.19.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.114.178.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.147.9.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.42.212.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 24.102.176.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.120.59.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 198.246.8.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.122.244.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.5.49.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.244.221.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 1.86.232.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.89.85.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 197.204.127.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.93.189.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.59.173.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 165.100.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 67.211.83.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 150.202.176.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.228.187.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 168.104.173.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 92.121.128.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.220.239.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.111.170.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.192.107.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.249.61.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 13.31.182.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.114.120.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.142.165.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 128.81.115.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.248.165.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.95.80.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.213.52.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 51.117.182.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 123.238.65.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.177.208.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.222.20.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 28.100.98.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.111.114.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 180.201.249.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.10.18.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.39.37.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.35.255.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.62.21.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.149.126.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 158.102.203.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 88.109.0.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 150.167.145.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.180.38.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.214.251.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 128.238.135.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 39.14.181.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.33.89.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 91.238.252.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.6.122.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 118.105.82.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 209.202.107.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.135.33.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.105.100.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 249.227.0.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.12.185.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.6.5.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.254.190.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.209.242.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.31.139.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 80.171.240.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 157.32.153.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 70.29.97.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 75.33.50.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.16.160.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 216.219.172.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.142.99.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 190.143.201.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 100.66.122.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 255.11.25.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.4.53.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.123.210.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.109.32.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 24.168.73.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 134.85.81.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.69.147.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.68.58.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 101.124.180.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.225.203.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.196.251.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 119.88.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 184.175.250.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.165.215.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.30.86.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.227.63.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 202.46.56.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.20.209.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.168.120.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.115.246.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.66.211.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 106.89.172.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.229.120.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.33.166.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.66.122.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 163.190.71.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.62.196.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.46.7.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.62.165.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.88.104.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.36.206.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.26.91.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.70.239.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.147.249.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.31.130.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 114.51.180.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.168.213.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 196.246.56.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.17.190.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.22.227.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 91.19.137.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.176.110.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 253.249.214.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 183.81.72.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 2.112.94.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 163.0.187.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 7.113.48.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.90.151.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.93.94.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.150.101.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.5.162.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.93.232.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.178.251.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 89.43.95.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.12.243.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 241.223.231.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 246.96.128.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.181.158.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.49.223.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.200.213.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.249.17.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.2.70.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 243.162.2.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.150.92.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 139.70.39.201:2323

Sample listens on a socket

Source: /tmp/Smqw34mNlm (PID: 6223)

Socket: 127.0.0.1::4668

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 31.7.58.162
Source: unknown	TCP traffic detected without corresponding DNS query: 7.168.141.249
Source: unknown	TCP traffic detected without corresponding DNS query: 198.68.134.249
Source: unknown	TCP traffic detected without corresponding DNS query: 122.114.166.159
Source: unknown	TCP traffic detected without corresponding DNS query: 211.177.36.167
Source: unknown	TCP traffic detected without corresponding DNS query: 104.13.196.249
Source: unknown	TCP traffic detected without corresponding DNS query: 93.174.77.50
Source: unknown	TCP traffic detected without corresponding DNS query: 80.112.1.82
Source: unknown	TCP traffic detected without corresponding DNS query: 172.128.194.250
Source: unknown	TCP traffic detected without corresponding DNS query: 205.21.227.60
Source: unknown	TCP traffic detected without corresponding DNS query: 245.105.85.166
Source: unknown	TCP traffic detected without corresponding DNS query: 172.4.56.65
Source: unknown	TCP traffic detected without corresponding DNS query: 100.144.78.230
Source: unknown	TCP traffic detected without corresponding DNS query: 218.158.107.199
Source: unknown	TCP traffic detected without corresponding DNS query: 107.106.118.92
Source: unknown	TCP traffic detected without corresponding DNS query: 54.53.148.170
Source: unknown	TCP traffic detected without corresponding DNS query: 243.217.160.184
Source: unknown	TCP traffic detected without corresponding DNS query: 118.131.166.21
Source: unknown	TCP traffic detected without corresponding DNS query: 200.69.77.152
Source: unknown	TCP traffic detected without corresponding DNS query: 170.163.179.38
Source: unknown	TCP traffic detected without corresponding DNS query: 198.149.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 100.9.154.2
Source: unknown	TCP traffic detected without corresponding DNS query: 33.45.97.93
Source: unknown	TCP traffic detected without corresponding DNS query: 2.125.220.123
Source: unknown	TCP traffic detected without corresponding DNS query: 152.3.107.53
Source: unknown	TCP traffic detected without corresponding DNS query: 193.254.59.44
Source: unknown	TCP traffic detected without corresponding DNS query: 248.20.109.37
Source: unknown	TCP traffic detected without corresponding DNS query: 184.159.52.183
Source: unknown	TCP traffic detected without corresponding DNS query: 218.78.127.85
Source: unknown	TCP traffic detected without corresponding DNS query: 95.42.62.18
Source: unknown	TCP traffic detected without corresponding DNS query: 167.95.143.87
Source: unknown	TCP traffic detected without corresponding DNS query: 245.253.223.223
Source: unknown	TCP traffic detected without corresponding DNS query: 75.56.163.140
Source: unknown	TCP traffic detected without corresponding DNS query: 167.195.211.111
Source: unknown	TCP traffic detected without corresponding DNS query: 101.92.139.72
Source: unknown	TCP traffic detected without corresponding DNS query: 206.98.193.173
Source: unknown	TCP traffic detected without corresponding DNS query: 143.222.240.47
Source: unknown	TCP traffic detected without corresponding DNS query: 222.42.166.140
Source: unknown	TCP traffic detected without corresponding DNS query: 39.39.199.249
Source: unknown	TCP traffic detected without corresponding DNS query: 70.27.243.152
Source: unknown	TCP traffic detected without corresponding DNS query: 247.253.250.130
Source: unknown	TCP traffic detected without corresponding DNS query: 7.101.126.217
Source: unknown	TCP traffic detected without corresponding DNS query: 180.66.202.69
Source: unknown	TCP traffic detected without corresponding DNS query: 157.131.86.241
Source: unknown	TCP traffic detected without corresponding DNS query: 248.163.253.145
Source: unknown	TCP traffic detected without corresponding DNS query: 11.24.219.118
Source: unknown	TCP traffic detected without corresponding DNS query: 14.137.86.116
Source: unknown	TCP traffic detected without corresponding DNS query: 187.200.25.201
Source: unknown	TCP traffic detected without corresponding DNS query: 124.242.166.66
Source: unknown	TCP traffic detected without corresponding DNS query: 34.38.61.171

System Summary

Malicious sample detected (through community Yara rule)

Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown

Yara signature match

Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.lin@0/0@0/0

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
130.41.108.217	unknown	United States	243	HARRIS-ATD-ASUS	false
105.170.217.79	unknown	Angola	37119	unitel-ASAO	false
172.95.97.83	unknown	United States	5650	FRONTIER-FRTRUS	false
24.119.32.80	unknown	United States	11492	CABLEONEUS	false
30.69.36.129	unknown	United States	7922	COMCAST-7922US	false
75.58.102.119	unknown	United States	7018	ATT-INTERNET4US	false
245.241.93.17	unknown	Reserved	unknown	unknown	false
252.212.204.109	unknown	Reserved	unknown	unknown	false
108.17.85.21	unknown	United States	701	UUNETUS	false
125.84.43.238	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
74.39.32.134	unknown	United States	7011	FRONTIER-AND-CITIZENSUS	false
81.248.152.139	unknown	France	3215	FranceTelecom-OrangeFR	false
56.243.22.28	unknown	United States	2686	ATGS-MMD-ASUS	false
82.163.179.146	unknown	United Kingdom	34119	WILDCARD-ASWildcardUKLimitedGB	false
59.204.179.226	unknown	China	2516	KDDIKDDICORPORATIONJP	false
6.204.135.131	unknown	United States	3356	LEVEL3US	false
120.73.155.204	unknown	Korea Republic of	9761	KUMHO-ASKUMHOKR	false
116.203.175.100	unknown	Germany	24940	HETZNER-ASDE	false
21.113.206.71	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
86.122.212.76	unknown	Romania	8708	RCS-RDS73-75DrStaicoviciRO	false
102.241.140.246	unknown	Tunisia	36926	CKL1-ASNKE	false
99.243.147.138	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
93.173.74.246	unknown	Israel	1680	NV-ASNCELLCOMltdIL	false
251.168.78.125	unknown	Reserved	unknown	unknown	false
172.182.151.38	unknown	United States	7018	ATT-INTERNET4US	false
108.137.250.74	unknown	United States	16509	AMAZON-02US	false
216.157.141.99	unknown	United States	64200	VIVIDHOSTINGUS	false
21.235.122.143	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
87.40.33.219	unknown	Ireland	1213	HEANETIE	false
13.64.110.77	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
46.164.101.132	unknown	Iran (ISLAMIC Republic Of)	21283	A1SI-ASA1SlovenijaSI	false
252.168.83.145	unknown	Reserved	unknown	unknown	false
47.70.101.167	unknown	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
243.151.202.251	unknown	Reserved	unknown	unknown	false
223.175.71.94	unknown	Korea Republic of	17853	LGTELECOM-AS-KRLGTELECOMKR	false
241.120.231.67	unknown	Reserved	unknown	unknown	false
205.23.67.181	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
163.242.135.255	unknown	Germany	668	DNIC-AS-00668US	false
4.88.72.209	unknown	United States	3356	LEVEL3US	false
48.88.173.146	unknown	United States	2686	ATGS-MMD-ASUS	false
65.223.235.70	unknown	United States	14251	MLSLIUS	false
184.221.32.102	unknown	United States	10507	SPCSUS	false
2.202.172.190	unknown	Germany	3209	VODANETInternationalIP-BackboneofVodafoneDE	false
15.181.88.203	unknown	United States	5073	HPESUS	false
155.46.249.142	unknown	United States	24324	KORDIA-TRANSIT-AS-APKordiaLimitedNZ	false
81.137.110.100	unknown	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
13.185.138.46	unknown	United States	7018	ATT-INTERNET4US	false
206.139.179.160	unknown	United States	701	UUNETUS	false
199.10.82.74	unknown	United States	397086	LAYER-HOST-HOUSTONUS	false
132.202.39.111	unknown	Canada	10754	GOV-FRB-BOGUS	false
72.127.213.109	unknown	United States	22394	CELLCOUS	false
190.109.191.109	unknown	Colombia	27695	EDATELSAESPCO	false
173.140.11.76	unknown	United States	10507	SPCSUS	false
156.158.51.159	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
25.54.136.191	unknown	United Kingdom	7922	COMCAST-7922US	false
93.246.95.232	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
52.107.25.220	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
45.185.84.70	unknown	Brazil	269408	EdmilsondeLimaAraujo-meBR	false
55.35.146.194	unknown	United States	322	DNIC-ASBLK-00306-00371US	false
76.58.177.92	unknown	United States	18494	CENTURYLINK-LEGACY-EMBARQ-WRBGUS	false
89.141.144.186	unknown	Spain	12430	VODAFONE_ESES	false
24.57.77.34	unknown	Canada	7992	COGECOWAVECA	false
212.84.77.133	unknown	United Kingdom	198382	FIRSTEASY-ASGB	false
100.88.99.186	unknown	Reserved	701	UUNETUS	false
152.0.104.82	unknown	Dominican Republic	6400	CompaniaDominicanadeTelefonosSADO	false
240.228.111.21	unknown	Reserved	unknown	unknown	false
222.159.198.164	unknown	Japan	2510	INFOWEBFUJITSULIMITEDJP	false
40.102.64.11	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
181.87.83.61	unknown	Argentina	7303	TelecomArgentinaSAAR	false
54.51.52.171	unknown	United States	14618	AMAZON-AESUS	false
8.222.140.99	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
138.99.105.43	unknown	Brazil	52764	DeltaBroadbandTelecomProvedoresdeInternetLtdBR	false
162.202.25.19	unknown	United States	7018	ATT-INTERNET4US	false
136.74.244.2	unknown	United States	60311	ONEFMCH	false
250.177.253.177	unknown	Reserved	unknown	unknown	false
71.233.212.132	unknown	United States	7922	COMCAST-7922US	false
96.195.149.26	unknown	United States	7922	COMCAST-7922US	false
5.234.141.95	unknown	Iran (ISLAMIC Republic Of)	58224	TCIIR	false
133.125.49.232	unknown	Japan	7684	SAKURA-ASAKURAInternetIncJP	false
26.138.209.53	unknown	United States	7922	COMCAST-7922US	false
243.182.99.116	unknown	Reserved	unknown	unknown	false
49.227.44.247	unknown	New Zealand	9500	VODAFONE-TRANSIT-ASVodafoneNZLtdNZ	false
8.123.122.28	unknown	United States	3356	LEVEL3US	false
13.20.238.138	unknown	United States	395959	XEROX-ELLUS	false
46.107.141.193	unknown	Hungary	5483	MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHU	false
186.234.255.181	unknown	Brazil	19089	UOLDIVEOSABR	false
69.166.99.217	unknown	United States	26527	LIGHTWAVE-NETWORKSUS	false
177.203.221.213	unknown	Brazil	8167	BrasilTelecomSA-FilialDistritoFederalBR	false
40.216.186.116	unknown	United States	4249	LILLY-ASUS	false
133.106.140.194	unknown	Japan	138384	RMNI-AS-APRakutenMobileNetworkIncJP	false
137.8.149.51	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
216.110.27.234	unknown	United States	36070	NCHCORPUS	false
82.75.178.20	unknown	Netherlands	33915	TNF-ASNL	false
38.77.254.22	unknown	United States	395719	EMERALDUS	false
152.14.250.158	unknown	United States	11442	NCSUUS	false
34.142.42.124	unknown	United States	2686	ATGS-MMD-ASUS	false
82.214.10.135	unknown	Sweden	42708	PORTLANEwwwportlanecomSE	false
124.105.52.172	unknown	Philippines	9299	IPG-AS-APPhilippineLongDistanceTelephoneCompanyPH	false
15.123.220.174	unknown	United States	13979	ATT-IPFRUS	false
107.111.117.130	unknown	United States	7018	ATT-INTERNET4US	false

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Smqw34mNlm

Avira: detected

Multi AV Scanner detection for submitted file

Source: Smqw34mNlm	Virustotal: Detection: 38%			Perma Link
Source: Smqw34mNlm	ReversingLabs: Detection: 76%

Machine Learning detection for sample

Source: Smqw34mNlm

Joe Sandbox ML: detected

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:38182 -> 31.7.58.162:5556
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 7.168.141.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 118.131.166.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.254.59.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.20.109.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 70.27.243.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.200.25.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.131.0.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.2.199.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 58.88.193.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.7.174.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.54.119.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.84.124.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.224.41.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.22.111.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.30.152.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 188.168.248.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 241.151.153.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.87.20.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.56.162.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 22.121.3.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.21.36.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 199.1.233.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.158.183.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 96.143.115.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.102.235.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.22.197.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 105.65.190.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 71.110.80.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.9.131.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.161.214.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 84.159.157.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.154.84.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.161.218.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 32.148.104.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.83.17.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.60.104.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.146.80.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 82.68.138.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 83.33.27.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 44.139.115.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.82.220.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 40.12.224.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 89.168.8.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 165.131.140.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.80.226.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.67.198.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.46.66.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.81.128.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.183.201.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 174.202.244.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 151.6.109.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 134.56.184.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 223.183.168.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 76.124.136.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 2.93.1.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.122.84.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 255.140.150.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 34.154.100.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.182.236.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.78.21.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 83.29.88.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.130.192.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 113.39.49.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 251.19.187.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.169.138.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 75.177.109.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.160.97.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.109.98.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.64.16.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.195.133.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.200.49.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.25.123.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.6.95.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.241.246.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.33.221.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.39.251.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.231.158.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.35.25.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 53.108.221.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 242.49.206.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.136.73.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 116.3.116.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.26.9.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 96.0.53.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 65.248.211.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 190.223.148.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.211.223.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.98.34.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 42.175.83.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 6.167.91.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.15.222.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 138.191.5.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.221.201.156:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.201.69.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 81.109.125.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.197.60.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.179.155.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.9.172.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.14.199.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 81.105.134.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.130.122.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.162.132.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.250.101.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 71.51.138.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 214.45.255.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.40.24.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 156.101.194.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 44.7.66.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.143.250.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.59.237.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 201.158.216.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.232.119.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.110.79.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.150.202.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.144.8.31:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 48.20.167.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.170.134.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 222.25.94.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 42.160.111.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.237.102.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.143.205.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 21.67.9.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 169.181.128.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 60.26.228.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 6.224.23.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.63.241.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.185.63.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.97.85.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.20.113.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.49.189.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 60.154.128.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.226.14.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 173.85.177.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 140.129.11.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.80.201.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 111.105.210.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 114.132.27.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.100.105.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 170.82.71.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.252.173.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.29.36.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.55.92.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 176.138.133.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 90.146.93.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.173.177.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 242.227.159.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 176.224.171.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 43.4.114.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.151.160.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.227.163.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.236.74.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.62.248.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.72.206.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 8.123.122.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.50.189.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.103.247.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.153.83.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 245.5.170.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.203.170.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.203.7.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 251.73.232.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.0.106.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.237.215.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.70.81.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.142.188.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.216.29.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 98.45.118.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 115.102.255.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.226.10.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.8.10.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 208.110.150.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.27.15.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.220.112.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 141.138.86.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.99.153.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.146.113.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.167.239.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.96.70.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 29.130.23.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 26.2.238.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.25.4.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.0.174.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.15.27.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 117.89.207.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.169.244.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 243.103.146.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 157.209.230.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 19.129.103.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.12.131.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.83.48.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.120.253.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 191.110.156.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.14.218.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.30.173.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 63.9.251.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.65.93.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 169.231.246.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.176.15.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.70.96.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 249.207.100.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.183.96.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 82.76.113.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.107.15.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 195.37.109.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 216.101.144.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 30.185.153.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 161.138.172.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 28.30.110.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 78.101.248.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.172.83.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 188.186.176.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.221.113.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.140.186.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.94.35.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 40.181.146.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.131.246.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.184.156.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.0.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.63.121.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.171.94.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.238.29.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.209.140.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 73.69.50.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 9.77.132.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.47.63.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.190.115.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.67.217.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.80.119.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.213.116.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 204.166.117.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.25.8.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 180.49.7.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 68.252.102.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 148.97.237.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 209.187.16.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 177.80.241.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 187.183.96.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.127.217.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.171.189.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 37.174.28.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 39.9.55.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 200.201.156.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 198.176.80.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 18.188.246.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.139.230.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 126.123.2.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 208.82.152.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.61.238.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.50.34.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 63.154.68.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 244.162.66.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 122.47.177.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 221.166.28.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 250.235.175.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.51.33.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 202.109.153.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.103.184.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 131.41.111.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 58.4.2.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.46.169.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.1.187.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 219.11.123.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.159.238.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 247.47.49.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 203.255.223.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.248.159.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 25.150.180.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.100.95.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 62.151.211.170:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.144.163.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 97.86.213.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 64.170.251.239:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 73.229.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 220.205.52.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 124.85.49.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.84.183.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 148.63.130.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 108.69.35.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 108.132.59.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.139.184.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 36.176.220.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 178.230.72.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.163.65.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.19.231.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.225.104.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 184.185.47.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.17.155.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 138.220.23.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.6.33.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 201.192.212.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.197.192.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 92.113.179.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 47.57.12.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 93.236.25.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 106.195.194.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 105.154.26.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.107.87.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.254.176.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 245.38.139.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.171.31.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 151.226.124.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 99.172.197.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.117.19.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 59.185.158.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 142.82.129.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 200.113.91.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 56.15.80.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 102.17.252.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 191.148.165.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 110.234.116.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 8.189.175.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.165.210.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 57.183.189.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.199.236.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.38.210.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 22.133.58.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.242.140.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 51.21.230.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 38.28.246.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 41.144.245.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.128.158.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 21.150.123.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 94.143.128.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 74.243.109.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 88.85.242.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 107.152.151.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 135.98.242.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 25.161.156.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 175.242.11.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.199.10.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 90.167.127.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.99.126.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 185.1.203.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.188.93.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 79.231.183.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.47.169.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.62.90.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 196.61.156.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.168.32.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 213.141.164.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 38.129.174.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 5.20.95.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.124.219.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.228.175.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.104.117.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.244.192.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 179.217.118.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.244.131.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 135.16.123.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.205.3.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 76.171.37.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 199.81.180.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 203.101.75.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.143.74.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.154.43.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 254.244.184.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.89.79.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.111.177.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.125.159.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 146.17.74.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 221.235.198.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 213.159.19.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.114.178.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 248.147.9.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 20.42.212.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 24.102.176.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.120.59.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 198.246.8.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.122.244.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.5.49.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.244.221.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 1.86.232.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.89.85.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 197.204.127.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.93.189.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.59.173.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 165.100.236.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 67.211.83.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 150.202.176.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 186.228.187.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 168.104.173.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 92.121.128.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.220.239.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.111.170.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 149.192.107.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.249.61.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 13.31.182.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 210.114.120.224:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 104.142.165.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 128.81.115.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.248.165.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 14.95.80.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 54.213.52.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 51.117.182.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 123.238.65.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 252.177.208.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.222.20.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 28.100.98.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.111.114.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 180.201.249.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 181.10.18.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.39.37.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.35.255.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 46.62.21.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.149.126.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 158.102.203.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 88.109.0.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 150.167.145.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.180.38.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 85.214.251.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 128.238.135.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 39.14.181.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.33.89.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 91.238.252.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 207.6.122.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 118.105.82.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 209.202.107.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.135.33.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.105.100.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 249.227.0.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.12.185.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 77.6.5.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.254.190.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 215.209.242.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 23.31.139.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 80.171.240.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 157.32.153.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 70.29.97.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 75.33.50.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 87.16.160.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 216.219.172.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.142.99.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 190.143.201.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 100.66.122.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 255.11.25.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.4.53.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 160.123.210.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 153.109.32.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 24.168.73.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 134.85.81.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 120.69.147.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.68.58.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 101.124.180.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 206.225.203.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 212.196.251.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 119.88.204.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 184.175.250.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.165.215.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 95.30.86.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 194.227.63.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 202.46.56.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 49.20.209.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 35.168.120.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 155.115.246.167:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.66.211.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 106.89.172.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 240.229.120.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 17.33.166.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.66.122.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 163.190.71.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.62.196.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.46.7.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 15.62.165.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 193.88.104.144:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 133.36.206.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 103.26.91.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 31.70.239.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.147.249.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 61.31.130.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 114.51.180.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 164.168.213.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 196.246.56.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 121.17.190.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 16.22.227.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 91.19.137.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 66.176.110.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 253.249.214.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 183.81.72.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 2.112.94.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 163.0.187.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 7.113.48.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 45.90.151.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 69.93.94.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 11.150.101.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 144.5.162.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 189.93.232.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 129.178.251.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 89.43.95.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 136.12.243.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 241.223.231.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 246.96.128.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 143.181.158.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.49.223.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 50.200.213.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 55.249.17.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 145.2.70.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 243.162.2.183:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 147.150.92.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:58671 -> 139.70.39.201:2323

Sample listens on a socket

Source: /tmp/Smqw34mNlm (PID: 6223)

Socket: 127.0.0.1::4668

Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 31.7.58.162
Source: unknown	TCP traffic detected without corresponding DNS query: 7.168.141.249
Source: unknown	TCP traffic detected without corresponding DNS query: 198.68.134.249
Source: unknown	TCP traffic detected without corresponding DNS query: 122.114.166.159
Source: unknown	TCP traffic detected without corresponding DNS query: 211.177.36.167
Source: unknown	TCP traffic detected without corresponding DNS query: 104.13.196.249
Source: unknown	TCP traffic detected without corresponding DNS query: 93.174.77.50
Source: unknown	TCP traffic detected without corresponding DNS query: 80.112.1.82
Source: unknown	TCP traffic detected without corresponding DNS query: 172.128.194.250
Source: unknown	TCP traffic detected without corresponding DNS query: 205.21.227.60
Source: unknown	TCP traffic detected without corresponding DNS query: 245.105.85.166
Source: unknown	TCP traffic detected without corresponding DNS query: 172.4.56.65
Source: unknown	TCP traffic detected without corresponding DNS query: 100.144.78.230
Source: unknown	TCP traffic detected without corresponding DNS query: 218.158.107.199
Source: unknown	TCP traffic detected without corresponding DNS query: 107.106.118.92
Source: unknown	TCP traffic detected without corresponding DNS query: 54.53.148.170
Source: unknown	TCP traffic detected without corresponding DNS query: 243.217.160.184
Source: unknown	TCP traffic detected without corresponding DNS query: 118.131.166.21
Source: unknown	TCP traffic detected without corresponding DNS query: 200.69.77.152
Source: unknown	TCP traffic detected without corresponding DNS query: 170.163.179.38
Source: unknown	TCP traffic detected without corresponding DNS query: 198.149.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 100.9.154.2
Source: unknown	TCP traffic detected without corresponding DNS query: 33.45.97.93
Source: unknown	TCP traffic detected without corresponding DNS query: 2.125.220.123
Source: unknown	TCP traffic detected without corresponding DNS query: 152.3.107.53
Source: unknown	TCP traffic detected without corresponding DNS query: 193.254.59.44
Source: unknown	TCP traffic detected without corresponding DNS query: 248.20.109.37
Source: unknown	TCP traffic detected without corresponding DNS query: 184.159.52.183
Source: unknown	TCP traffic detected without corresponding DNS query: 218.78.127.85
Source: unknown	TCP traffic detected without corresponding DNS query: 95.42.62.18
Source: unknown	TCP traffic detected without corresponding DNS query: 167.95.143.87
Source: unknown	TCP traffic detected without corresponding DNS query: 245.253.223.223
Source: unknown	TCP traffic detected without corresponding DNS query: 75.56.163.140
Source: unknown	TCP traffic detected without corresponding DNS query: 167.195.211.111
Source: unknown	TCP traffic detected without corresponding DNS query: 101.92.139.72
Source: unknown	TCP traffic detected without corresponding DNS query: 206.98.193.173
Source: unknown	TCP traffic detected without corresponding DNS query: 143.222.240.47
Source: unknown	TCP traffic detected without corresponding DNS query: 222.42.166.140
Source: unknown	TCP traffic detected without corresponding DNS query: 39.39.199.249
Source: unknown	TCP traffic detected without corresponding DNS query: 70.27.243.152
Source: unknown	TCP traffic detected without corresponding DNS query: 247.253.250.130
Source: unknown	TCP traffic detected without corresponding DNS query: 7.101.126.217
Source: unknown	TCP traffic detected without corresponding DNS query: 180.66.202.69
Source: unknown	TCP traffic detected without corresponding DNS query: 157.131.86.241
Source: unknown	TCP traffic detected without corresponding DNS query: 248.163.253.145
Source: unknown	TCP traffic detected without corresponding DNS query: 11.24.219.118
Source: unknown	TCP traffic detected without corresponding DNS query: 14.137.86.116
Source: unknown	TCP traffic detected without corresponding DNS query: 187.200.25.201
Source: unknown	TCP traffic detected without corresponding DNS query: 124.242.166.66
Source: unknown	TCP traffic detected without corresponding DNS query: 34.38.61.171

System Summary

Malicious sample detected (through community Yara rule)

Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1cb033f3 Author: unknown

Yara signature match

Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: Smqw34mNlm, type: SAMPLE	Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
Source: 6223.1.0000000000400000.0000000000409000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_1cb033f3 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 49201ab37ff0b5cdfa9b0b34b6faa170bd25f04df51c24b0b558b7534fecc358, id = 1cb033f3-68c1-4fe5-9cd1-b5d066c1d86e, last_modified = 2021-09-16

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.lin@0/0@0/0

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	679269
Product:	CloudBasic
Start time:	14:02:57
Start date:	05.08.2022
Sample:	Smqw34mNlm
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	280c087a0073bd36784e8af0b7254670
SHA1:	0c650be334cc8f692102e27d4a0e9ae3d97afd71
SHA256:	8b5fc53ad49b0005798e9fdd8a9738d798755ee6070b08d1fff41c848200548a
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report Smqw34mNlm

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
Smqw34mNlm