Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Space.i686.elf

Overview

General Information

Sample name:Space.i686.elf
Analysis ID:1575723
MD5:a56e91b6fcccccac6af83d4b96c2d3ed
SHA1:60b057a4285c39228b11e854362fd312fac1b94c
SHA256:78118c6996103986c325191eee210e688ffd355834c5f71ffc8eafb77638c73d
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1575723
Start date and time:2024-12-16 09:00:48 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 55s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.i686.elf
Detection:MAL
Classification:mal72.troj.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/Space.i686.elf
PID:6259
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6260.1.0000000008048000.000000000805a000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    6260.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xec14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xec8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xeca0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xecb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xecc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xecdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xecf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xed90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xeda4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    6260.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_268aac0bunknownunknown
    • 0x531f:$a: 24 18 0F B7 44 24 20 8B 54 24 1C 83 F9 01 8B 7E 0C 89 04 24 8B
    6260.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_0cb1699cunknownunknown
    • 0x52d2:$a: DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 10 0F B7 02 83 E9 02 83
    6260.1.0000000008048000.000000000805a000.r-x.sdmpLinux_Trojan_Mirai_70ef58f1unknownunknown
    • 0x63ed:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
    • 0x646d:$a: 89 D0 8B 19 01 D8 0F B6 5C 24 10 30 18 89 D0 8B 19 01 D8 0F B6 5C
    Click to see the 46 entries

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: Space.i686.elfVirustotal: Detection: 46%Perma Link
    Source: Space.i686.elfReversingLabs: Detection: 47%
    Machine Learning detection for sample
    Source: Space.i686.elfJoe Sandbox ML: detected
    Source: global trafficTCP traffic: 192.168.2.23:50954 -> 89.169.4.44:3778
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: unknownTCP traffic detected without corresponding DNS query: 89.169.4.44
    Source: Space.i686.elfString found in binary or memory: http://upx.sf.net
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
    Source: Process Memory Space: Space.i686.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: Space.i686.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: Space.i686.elf PID: 6261, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: Process Memory Space: Space.i686.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
    Source: LOAD without section mappingsProgram segment: 0xc01000
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 28f3e8982cee2836a59721c88ee0a9159ad6fdfc27c0091927f5286f3a731e9a, id = 485c4b13-3c7c-47a7-b926-8237cb759ad7, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7fcd34cb7c37836a1fa8eb9375a80da01bda0e98c568422255d83c840acc0714, id = 7d05725e-db59-42a7-99aa-99de79728126, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 28f3e8982cee2836a59721c88ee0a9159ad6fdfc27c0091927f5286f3a731e9a, id = 485c4b13-3c7c-47a7-b926-8237cb759ad7, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7fcd34cb7c37836a1fa8eb9375a80da01bda0e98c568422255d83c840acc0714, id = 7d05725e-db59-42a7-99aa-99de79728126, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 28f3e8982cee2836a59721c88ee0a9159ad6fdfc27c0091927f5286f3a731e9a, id = 485c4b13-3c7c-47a7-b926-8237cb759ad7, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7fcd34cb7c37836a1fa8eb9375a80da01bda0e98c568422255d83c840acc0714, id = 7d05725e-db59-42a7-99aa-99de79728126, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_268aac0b reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 9c581721bf82af7dc6482a2c41af5fb3404e01c82545c7b2b29230f707014781, id = 268aac0b-c5c7-4035-8381-4e182de91e32, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0cb1699c reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6e44c68bba8c9fb53ac85080b9ad765579f027cabfea5055a0bb3a85b8671089, id = 0cb1699c-9a08-4885-aa7f-0f1ee2543cac, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_70ef58f1 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c46eac9185e5f396456004d1e0c42b54a9318e0450f797c55703122cfb8fea89, id = 70ef58f1-ac74-4e33-ae03-e68d1d5a4379, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_485c4b13 reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 28f3e8982cee2836a59721c88ee0a9159ad6fdfc27c0091927f5286f3a731e9a, id = 485c4b13-3c7c-47a7-b926-8237cb759ad7, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_7d05725e reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 7fcd34cb7c37836a1fa8eb9375a80da01bda0e98c568422255d83c840acc0714, id = 7d05725e-db59-42a7-99aa-99de79728126, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_2e3f67a9 reference_sample = fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6a06815f3d2e5f1a7a67f4264953dbb2e9d14e5f3486b178da845eab5b922d4f, id = 2e3f67a9-6fd5-4457-a626-3a9015bdb401, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0d73971c reference_sample = 49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 95279bc45936ca867efb30040354c8ff81de31dccda051cfd40b4fb268c228c5, id = 0d73971c-4253-4e7d-b1e1-20b031197f9e, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
    Source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
    Source: Process Memory Space: Space.i686.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: Space.i686.elf PID: 6260, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: Space.i686.elf PID: 6261, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: Process Memory Space: Space.i686.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
    Source: classification engineClassification label: mal72.troj.evad.linELF@0/0@0/0

    Data Obfuscation

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1582/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/3088/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/230/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/110/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/231/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/5816/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/111/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/232/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1579/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/112/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/233/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1699/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/113/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/234/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1335/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1698/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/114/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/235/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1334/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1576/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/2302/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/115/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/236/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/116/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/237/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/117/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/118/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/910/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/119/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/912/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/10/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/2307/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/11/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/918/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/12/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/13/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/6243/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/14/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/15/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/16/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/6244/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/17/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/18/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1594/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/120/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/121/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1349/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/122/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/243/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/123/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/2/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/124/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/3/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/4/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/125/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/126/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1344/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1465/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1586/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/127/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/6/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/248/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/128/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/249/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1463/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/800/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/9/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/801/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/20/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/21/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1900/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/22/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/23/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/24/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/25/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/26/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/27/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/28/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/29/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/491/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/250/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/130/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/251/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/252/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/132/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/253/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/254/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/255/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/4509/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/256/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1599/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/257/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1477/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/379/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/258/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1476/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/259/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1475/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/936/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/30/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/2208/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/6262/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/35/statusJump to behavior
    Source: /tmp/Space.i686.elf (PID: 6259)File opened: /proc/1809/statusJump to behavior
    Source: Space.i686.elfSubmission file: segment LOAD with 7.9577 entropy (max. 8.0)

    Stealing of Sensitive Information

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6260, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6261, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6265, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 6260.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6261.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6265.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 6259.1.0000000008048000.000000000805a000.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6260, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6261, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Space.i686.elf PID: 6265, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
    Obfuscated Files or Information    		1
    OS Credential Dumping    		System Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575723 Sample: Space.i686.elf Startdate: 16/12/2024 Architecture: LINUX Score: 72 20 109.202.202.202, 80 INIT7CH Switzerland 2->20 22 89.169.4.44, 3778, 50954, 50956 INF-NET-ASRU Russian Federation 2->22 24 2 other IPs or domains 2->24 26 Malicious sample detected (through community Yara rule) 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected Mirai 2->30 32 2 other signatures 2->32 8 Space.i686.elf 2->8         started        signatures3 process4 process5 10 Space.i686.elf 8->10         started        12 Space.i686.elf 8->12         started        14 Space.i686.elf 8->14         started        process6 16 Space.i686.elf 10->16         started        18 Space.i686.elf 10->18         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Space.i686.elf47%VirustotalBrowse
    Space.i686.elf47%ReversingLabsLinux.Backdoor.Mirai
    Space.i686.elf100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.netSpace.i686.elffalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      109.202.202.202
      		unknownSwitzerland
      		13030INIT7CHfalse
      89.169.4.44
      		unknownRussian Federation
      		31514INF-NET-ASRUfalse
      91.189.91.43
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse
      91.189.91.42
      		unknownUnited Kingdom
      		41231CANONICAL-ASGBfalse

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
      • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
      89.169.4.44Space.x86_64.elfGet hashmaliciousMiraiBrowse
        Space.mips.elfGet hashmaliciousMiraiBrowse
          Space.x86.elfGet hashmaliciousMiraiBrowse
            Space.arm.elfGet hashmaliciousMiraiBrowse
              Space.sh4.elfGet hashmaliciousMiraiBrowse
                boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                    boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                      boatnet.mips.elfGet hashmaliciousMiraiBrowse
                        boatnet.x86.elfGet hashmaliciousMiraiBrowse
                          91.189.91.43Space.arm.elfGet hashmaliciousMiraiBrowse
                            m68k.elfGet hashmaliciousUnknownBrowse
                              x86.elfGet hashmaliciousUnknownBrowse
                                bin.sh.elfGet hashmaliciousMiraiBrowse
                                  .i.elfGet hashmaliciousUnknownBrowse
                                    mpsl.elfGet hashmaliciousUnknownBrowse
                                      spc.elfGet hashmaliciousUnknownBrowse
                                        m68k.elfGet hashmaliciousUnknownBrowse
                                          mips.elfGet hashmaliciousUnknownBrowse
                                            arm.elfGet hashmaliciousUnknownBrowse
                                              91.189.91.42Space.mips.elfGet hashmaliciousMiraiBrowse
                                                Space.arm.elfGet hashmaliciousMiraiBrowse
                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                    x86.elfGet hashmaliciousUnknownBrowse
                                                      bin.sh.elfGet hashmaliciousMiraiBrowse
                                                        .i.elfGet hashmaliciousUnknownBrowse
                                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                                            spc.elfGet hashmaliciousUnknownBrowse
                                                              m68k.elfGet hashmaliciousUnknownBrowse
                                                                mips.elfGet hashmaliciousUnknownBrowse

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  CANONICAL-ASGBSpace.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 91.189.91.42
                                                                  Space.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 91.189.91.42
                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  x86.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                  • 91.189.91.42
                                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  spc.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 91.189.91.42
                                                                  INF-NET-ASRUSpace.spc.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  Space.x86_64.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  Space.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  Space.x86.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  Space.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  Space.sh4.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  jade.m68k.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.156.74
                                                                  https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                                                                  • 87.228.10.139
                                                                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 89.169.4.44
                                                                  INIT7CHSpace.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 109.202.202.202
                                                                  Space.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 109.202.202.202
                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  x86.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                  • 109.202.202.202
                                                                  .i.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  mpsl.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  spc.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202
                                                                  mips.elfGet hashmaliciousUnknownBrowse
                                                                  • 109.202.202.202

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  No created / dropped files found

                                                                  Static File Info

                                                                  General

                                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                                                  Entropy (8bit):7.955595870775248
                                                                  TrID:
                                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                  File name:Space.i686.elf
                                                                  File size:35'964 bytes
                                                                  MD5:a56e91b6fcccccac6af83d4b96c2d3ed
                                                                  SHA1:60b057a4285c39228b11e854362fd312fac1b94c
                                                                  SHA256:78118c6996103986c325191eee210e688ffd355834c5f71ffc8eafb77638c73d
                                                                  SHA512:357a37eab75a1936bb0642094babc9b6a3a98bf85832b853c23117a3203984dbfdde853b68e4174c76cce34b0a5ffeffb6bcc64e944dda608d7cbc5fd3539edf
                                                                  SSDEEP:768:Y9JFwkShNFPpaMg3zjC/dSmvlG8jbnohnbcuyD7UHQRjp:cwkQmzWVdvY8j7ohnouy8Hyd
                                                                  TLSH:03F2F181C79DC742A25D45B914CC748C8792FE2C8E454993E341F33C2EB2FB66A7D286
                                                                  File Content Preview:.ELF........................4...........4. ...(.....................|...|...............@...@...@...................Q.td.............................-[.UPX!........T$..T$......U..........?..k.I/.j....\.h.blz.e...)....4.0.N..9..y...@$. ..qX.\Z.....0.v'...%

                                                                  Static ELF Info

                                                                  ELF header

                                                                  Class:ELF32
                                                                  Data:2's complement, little endian
                                                                  Version:1 (current)
                                                                  Machine:Intel 80386
                                                                  Version Number:0x1
                                                                  Type:EXEC (Executable file)
                                                                  OS/ABI:UNIX - Linux
                                                                  ABI Version:0
                                                                  Entry Point Address:0xc08988
                                                                  Flags:0x0
                                                                  ELF Header Size:52
                                                                  Program Header Offset:52
                                                                  Program Header Size:32
                                                                  Number of Program Headers:3
                                                                  Section Header Offset:0
                                                                  Section Header Size:40
                                                                  Number of Section Headers:0
                                                                  Header String Table Index:0

                                                                  Program Segments

                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                  LOAD0x00xc010000xc010000x8b7c0x8b7c7.95770x5R E0x1000
                                                                  LOAD0xc400x805cc400x805cc400x00x00.00000x6RW 0x1000
                                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 16, 2024 09:01:50.549352884 CET4251680192.168.2.23109.202.202.202
                                                                  Dec 16, 2024 09:01:51.573417902 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 16, 2024 09:01:52.159574986 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:52.280495882 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:52.280594110 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:52.280658007 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:52.400283098 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:52.400351048 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:52.520138979 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:57.204319000 CET42836443192.168.2.2391.189.91.43
                                                                  Dec 16, 2024 09:01:57.890014887 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:58.009857893 CET37785095689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:58.010041952 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:58.010042906 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:58.129749060 CET37785095689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:58.129992962 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:58.249701023 CET37785095689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:59.332226992 CET37785095689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:59.332386017 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.332421064 CET509563778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.332421064 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.452125072 CET37785095889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:59.452260017 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.452331066 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.572066069 CET37785095889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:01:59.572177887 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:01:59.692512035 CET37785095889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:00.777853966 CET37785095889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:00.777960062 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:00.777992964 CET509583778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:00.778029919 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:00.897794962 CET37785096089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:00.898051023 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:00.898154974 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:01.017951012 CET37785096089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:01.018057108 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:01.137778044 CET37785096089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.223839045 CET37785096089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.224036932 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.224036932 CET509603778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.224133968 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.289294004 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.343818903 CET37785096289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.343966961 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.344113111 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.408970118 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.463785887 CET37785096289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.463934898 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:02.583699942 CET37785096289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.722960949 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:02.723076105 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.665095091 CET37785096289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:03.665318012 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.665318012 CET509623778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.665364027 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.785212994 CET37785096489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:03.785496950 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.785496950 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:03.906328917 CET37785096489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:03.906507969 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:04.026268005 CET37785096489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:05.108504057 CET37785096489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:05.108742952 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.108742952 CET509643778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.108742952 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.228552103 CET37785096689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:05.228744030 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.228807926 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.349324942 CET37785096689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:05.349546909 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:05.470117092 CET37785096689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:06.664609909 CET37785096689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:06.664793015 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:06.664834023 CET509663778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:06.664881945 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:06.784996033 CET37785096889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:06.785212040 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:06.785291910 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:06.905347109 CET37785096889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:06.905635118 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:07.025640965 CET37785096889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:08.110174894 CET37785096889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:08.110390902 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.110390902 CET509683778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.110491991 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.230356932 CET37785097089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:08.230557919 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.230684042 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.350461960 CET37785097089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:08.350687981 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:08.470531940 CET37785097089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:09.553549051 CET37785097089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:09.553673983 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.553761959 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.553781033 CET509703778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.673635006 CET37785097289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:09.673773050 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.673929930 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.794243097 CET37785097289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:09.794354916 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:09.914321899 CET37785097289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:11.003206015 CET37785097289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:11.003348112 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.003493071 CET509723778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.003587008 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.123333931 CET37785097489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:11.123471975 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.123719931 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.243750095 CET37785097489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:11.243885040 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:11.363679886 CET37785097489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:12.306288958 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 16, 2024 09:02:12.444956064 CET37785097489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:12.445079088 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.445174932 CET509743778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.445286989 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.565076113 CET37785097689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:12.565279961 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.565279961 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.685163975 CET37785097689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:12.685322046 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:12.805192947 CET37785097689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:13.892563105 CET37785097689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:13.892680883 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:13.892745018 CET509763778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:13.892745018 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:14.012463093 CET37785097889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:14.012542009 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:14.012598038 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:14.132285118 CET37785097889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:14.132396936 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:14.252337933 CET37785097889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:15.332307100 CET37785097889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:15.332417011 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.332464933 CET509783778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.332495928 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.452375889 CET37785098089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:15.452552080 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.452672005 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.572360039 CET37785098089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:15.572485924 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:15.692702055 CET37785098089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:16.780385017 CET37785098089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:16.780533075 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:16.780584097 CET509803778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:16.780615091 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:16.901276112 CET37785098289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:16.901422977 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:16.901488066 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:17.021205902 CET37785098289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:17.021373987 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:17.141581059 CET37785098289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:18.225533009 CET37785098289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:18.225678921 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.225723028 CET509823778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.225748062 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.345501900 CET37785098489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:18.345868111 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.346018076 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.465826035 CET37785098489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:18.466006041 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:18.585808992 CET37785098489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:19.666610956 CET37785098489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:19.666800022 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:19.666877985 CET509843778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:19.666980982 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:19.786653996 CET37785098689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:19.786859989 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:19.786957979 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:19.907473087 CET37785098689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:19.907609940 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:20.027306080 CET37785098689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:20.496968985 CET4251680192.168.2.23109.202.202.202
                                                                  Dec 16, 2024 09:02:21.112437010 CET37785098689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:21.112570047 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.112636089 CET509863778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.112644911 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.232534885 CET37785098889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:21.232695103 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.232781887 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.352510929 CET37785098889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:21.352760077 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:21.472562075 CET37785098889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:22.556227922 CET37785098889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:22.556360960 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.556449890 CET509883778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.556449890 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.676404953 CET37785099089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:22.676558971 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.676692963 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.798193932 CET37785099089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:22.798333883 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:22.918138027 CET37785099089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:24.026403904 CET37785099089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:24.026576996 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.026648045 CET509903778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.026978970 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.146848917 CET37785099289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:24.147289038 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.147289038 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.267374039 CET37785099289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:24.267671108 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:24.387639046 CET37785099289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:24.592334986 CET42836443192.168.2.2391.189.91.43
                                                                  Dec 16, 2024 09:02:25.472198009 CET37785099289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:25.472563028 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.472563028 CET509923778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.472626925 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.592386007 CET37785099489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:25.592556000 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.592616081 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.712945938 CET37785099489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:25.713104010 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:25.833112001 CET37785099489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:26.917838097 CET37785099489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:26.918061018 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:26.918103933 CET509943778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:26.918150902 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:27.038028002 CET37785099689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:27.038295031 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:27.038405895 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:27.158061981 CET37785099689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:27.158271074 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:27.278078079 CET37785099689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:28.364356041 CET37785099689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:28.364531994 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.364567041 CET509963778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.364658117 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.484349966 CET37785099889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:28.484528065 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.484590054 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.604485989 CET37785099889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:28.604639053 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:28.725596905 CET37785099889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:29.808096886 CET37785099889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:29.808295965 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:29.808352947 CET509983778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:29.808454037 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:29.928417921 CET37785100089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:29.928580046 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:29.928683043 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:30.048782110 CET37785100089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:30.048923016 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:30.168714046 CET37785100089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:31.255419970 CET37785100089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:31.255582094 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.255655050 CET510003778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.255667925 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.375540972 CET37785100289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:31.375682116 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.375782013 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.495697021 CET37785100289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:31.495829105 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:31.615663052 CET37785100289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:32.704008102 CET37785100289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:32.704206944 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:32.704241991 CET510023778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:32.704298973 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:32.824430943 CET37785100489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:32.824707985 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:32.824768066 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:32.944649935 CET37785100489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:32.944788933 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:33.065068007 CET37785100489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:34.145970106 CET37785100489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:34.146126032 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.146156073 CET510043778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.146207094 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.265911102 CET37785100689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:34.266061068 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.266113997 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.385802984 CET37785100689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:34.385896921 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:34.505575895 CET37785100689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:35.589797974 CET37785100689.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:35.589957952 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.589957952 CET510063778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.589998007 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.709858894 CET37785100889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:35.709992886 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.710036993 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.829858065 CET37785100889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:35.829940081 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:35.949601889 CET37785100889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:37.030852079 CET37785100889.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:37.031053066 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.031053066 CET510083778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.031116009 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.151037931 CET37785101089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:37.151236057 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.151309013 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.271039963 CET37785101089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:37.271167994 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:37.390871048 CET37785101089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:38.477581024 CET37785101089.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:38.477730989 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:38.477771997 CET510103778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:38.477822065 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:38.597498894 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:38.597620010 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:39.502235889 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:39.622155905 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:39.622452974 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:39.622571945 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:39.742351055 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:39.742465019 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:39.862421989 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:49.623286963 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:49.743036985 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:50.056627989 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:02:50.056885958 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:02:53.260339975 CET43928443192.168.2.2391.189.91.42
                                                                  Dec 16, 2024 09:03:02.748713970 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:03:02.868501902 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:03:03.182179928 CET37785095489.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:03:03.182333946 CET509543778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:03:50.108736038 CET510123778192.168.2.2389.169.4.44
                                                                  Dec 16, 2024 09:03:50.228634119 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:03:50.541860104 CET37785101289.169.4.44192.168.2.23
                                                                  Dec 16, 2024 09:03:50.542011023 CET510123778192.168.2.2389.169.4.44

                                                                  System Behavior

                                                                  General

                                                                  Start time (UTC):08:01:51
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:/tmp/Space.i686.elf
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):08:01:51
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:-
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):08:01:51
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:-
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):08:01:51
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:-
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed

                                                                  General

                                                                  Start time (UTC):08:01:57
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:-
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed

                                                                  Chronological Activities


                                                                  General

                                                                  Start time (UTC):08:01:57
                                                                  Start date (UTC):16/12/2024
                                                                  Path:/tmp/Space.i686.elf
                                                                  Arguments:-
                                                                  File size:35964 bytes
                                                                  MD5 hash:a56e91b6fcccccac6af83d4b96c2d3ed