Edit tour

Linux Analysis Report
Space.ppc.elf

Overview

General Information

Sample name:	Space.ppc.elf
Analysis ID:	1575724
MD5:	0474965d631bc9d0de2ce54e45ec2113
SHA1:	34f123a32b4f02f10f1ef11a3bae307ff7c96d27
SHA256:	61dc9e6eb18e4882d8bebf6e046f8fc2d8ea1da0117416ea9dbbedd0cc86c73b
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample contains only a LOAD segment without any section mappings

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575724
Start date and time:	2024-12-16 09:04:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Space.ppc.elf
Detection:	MAL
Classification:	mal76.troj.evad.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/Space.ppc.elf
PID:	5475
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

Space.ppc.elf (PID: 5475, Parent: 5400, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/Space.ppc.elf

Space.ppc.elf New Fork (PID: 5477, Parent: 5475)

Space.ppc.elf New Fork (PID: 5479, Parent: 5477)

Space.ppc.elf New Fork (PID: 5481, Parent: 5477)

Space.ppc.elf New Fork (PID: 5489, Parent: 5475)

Space.ppc.elf New Fork (PID: 5490, Parent: 5475)

dash New Fork (PID: 5525, Parent: 3633)

rm (PID: 5525, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj

dash New Fork (PID: 5526, Parent: 3633)

rm (PID: 5526, Parent: 3633, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5475.1.00007fb60c005000.00007fb60c011000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb54c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb59c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb63c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb68c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5489.1.00007fb60c005000.00007fb60c011000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb54c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb59c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb5ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb63c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb68c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5477.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x154c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x159c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x168c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5479.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x154c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1560:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1574:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1588:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x159c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15c4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15d8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x15ec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1600:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1614:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1628:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x163c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1650:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1664:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1678:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x168c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x16dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.ppc.elf PID: 5475	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: Space.ppc.elf PID: 5475	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x104d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x104e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x104f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1050c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10520:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10534:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10548:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1055c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10570:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10584:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10598:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10610:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10624:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10638:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1064c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10660:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.ppc.elf PID: 5477	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: Space.ppc.elf PID: 5477	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xac10:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac24:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac38:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac4c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac60:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac74:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac88:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xac9c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacb0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacc4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacd8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xad8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xada0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.ppc.elf PID: 5479	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: Space.ppc.elf PID: 5479	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x113c6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x113da:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x113ee:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11402:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11416:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1142a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1143e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11452:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11466:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1147a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1148e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114a2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114b6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114ca:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114de:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114f2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11506:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1151a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1152e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11542:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11556:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.ppc.elf PID: 5489	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: Space.ppc.elf PID: 5489	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x93b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x94f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x963:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x977:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x98b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x99f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x9ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaa3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xab7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Space.ppc.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: Space.ppc.elf	Virustotal: Detection: 49%			Perma Link
Source: Space.ppc.elf	ReversingLabs: Detection: 47%

Source: global traffic

TCP traffic: 192.168.2.14:46686 -> 89.169.4.44:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44
Source: unknown	TCP traffic detected without corresponding DNS query: 89.169.4.44

Source: Space.ppc.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 34592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 46540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 34592

System Summary

Malicious sample detected (through community Yara rule)

Source: 5475.1.00007fb60c005000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5489.1.00007fb60c005000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5477.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5479.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.ppc.elf PID: 5475, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.ppc.elf PID: 5477, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.ppc.elf PID: 5479, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.ppc.elf PID: 5489, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x100000

Source: 5475.1.00007fb60c005000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5489.1.00007fb60c005000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5477.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5479.1.00007fb60c00f000.00007fb60c011000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.ppc.elf PID: 5475, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.ppc.elf PID: 5477, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.ppc.elf PID: 5479, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.ppc.elf PID: 5489, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal76.troj.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1583/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/2672/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1577/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3752/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3753/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3633/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3754/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3755/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1593/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3094/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3406/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1589/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3402/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/806/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/807/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/928/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/135/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/3412/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/1371/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/260/status	Jump to behavior
Source: /tmp/Space.ppc.elf (PID: 5475)	File opened: /proc/261/status	Jump to behavior

Source: /usr/bin/dash (PID: 5525)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj			Jump to behavior
Source: /usr/bin/dash (PID: 5526)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj			Jump to behavior

Source: Space.ppc.elf

Submission file: segment LOAD with 7.9573 entropy (max. 8.0)

Source: /tmp/Space.ppc.elf (PID: 5475)

Queries kernel information via 'uname':

Jump to behavior

Source: Space.ppc.elf, 5477.1.000055d46f531000.000055d46f5e1000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: Space.ppc.elf, 5475.1.000055d46f531000.000055d46f602000.rw-.sdmp, Space.ppc.elf, 5479.1.000055d46f531000.000055d46f5e1000.rw-.sdmp, Space.ppc.elf, 5489.1.000055d46f531000.000055d46f602000.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: Space.ppc.elf, 5475.1.000055d46f531000.000055d46f602000.rw-.sdmp, Space.ppc.elf, 5477.1.000055d46f531000.000055d46f5e1000.rw-.sdmp, Space.ppc.elf, 5479.1.000055d46f531000.000055d46f5e1000.rw-.sdmp, Space.ppc.elf, 5489.1.000055d46f531000.000055d46f602000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: Space.ppc.elf, 5475.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5477.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5479.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5489.1.00007fff42332000.00007fff42353000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: Space.ppc.elf, 5475.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5477.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5479.1.00007fff42332000.00007fff42353000.rw-.sdmp, Space.ppc.elf, 5489.1.00007fff42332000.00007fff42353000.rw-.sdmp	Binary or memory string: xx86_64/usr/bin/qemu-ppc/tmp/Space.ppc.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Space.ppc.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5489, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Space.ppc.elf PID: 5489, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Space.ppc.elf	49%	Virustotal		Browse
Space.ppc.elf	47%	ReversingLabs	Linux.Trojan.Mirai
Space.ppc.elf	100%	Avira	EXP/ELF.Agent.F.118

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Space.ppc.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.217.10.153	unknown	United States	16509	AMAZON-02US	false
185.125.190.26	unknown	United Kingdom	41231	CANONICAL-ASGB	false
89.169.4.44	unknown	Russian Federation	31514	INF-NET-ASRU	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
54.217.10.153	.5r3fqt67ew531has4231.mpsl.elf	Get hash	malicious	Gafgyt, Mirai, Moobot, Okiru	Browse
	m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse
	loligang.arm5.elf	Get hash	malicious	Mirai	Browse
	vqsjh4.elf	Get hash	malicious	Mirai	Browse
	x-3.2-.ISIS.elf	Get hash	malicious	Gafgyt	Browse
	m68k.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	shindeVx86.elf	Get hash	malicious	Unknown	Browse
	linux_mips.elf	Get hash	malicious	Chaos	Browse
	assailant.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse
185.125.190.26	main_mpsl.elf	Get hash	malicious	Mirai	Browse
	main_ppc.elf	Get hash	malicious	Mirai	Browse
	hidakibest.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	mipsel.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	rebirth.m68.elf	Get hash	malicious	Gafgyt	Browse
	rebirth.spc.elf	Get hash	malicious	Gafgyt	Browse
	rebirth.arm4.elf	Get hash	malicious	Gafgyt	Browse
	boatnet.arm6.elf	Get hash	malicious	Mirai	Browse
	a-r.m-4.Logicnet.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	elitebotnet.arm6.elf	Get hash	malicious	Mirai, Okiru	Browse
89.169.4.44	Space.arm7.elf	Get hash	malicious	Mirai	Browse
	Space.i686.elf	Get hash	malicious	Mirai	Browse
	Space.m68k.elf	Get hash	malicious	Mirai	Browse
	Space.spc.elf	Get hash	malicious	Mirai	Browse
	Space.x86_64.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Mirai	Browse
	Space.x86.elf	Get hash	malicious	Mirai	Browse
	Space.arm.elf	Get hash	malicious	Mirai	Browse
	Space.sh4.elf	Get hash	malicious	Mirai	Browse
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
INF-NET-ASRU	Space.arm7.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.i686.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.spc.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.x86_64.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.mips.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.x86.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.arm.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	Space.sh4.elf	Get hash	malicious	Mirai	Browse	89.169.4.44
	jade.m68k.elf	Get hash	malicious	Mirai	Browse	89.169.156.74
CANONICAL-ASGB	Space.i686.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.arm.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	m68k.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	x86.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bin.sh.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	.i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mpsl.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	spc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	m68k.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
AMAZON-02US	Space.mips.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	lmao.exe	Get hash	malicious	Quasar	Browse	52.8.11.142
	executablelol.exe	Get hash	malicious	Quasar	Browse	52.9.128.160
	negarque.exe	Get hash	malicious	Quasar	Browse	50.18.181.119
	enai2.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	fern_wifi_recon%2.34.exe	Get hash	malicious	Metasploit	Browse	3.6.115.64
	Krishna33.exe	Get hash	malicious	AsyncRAT	Browse	13.215.170.190
	aaa (3).exe	Get hash	malicious	AsyncRAT	Browse	3.68.171.119
	anne.exe	Get hash	malicious	AsyncRAT	Browse	52.14.18.129
	CrSpoofer.exe	Get hash	malicious	AsyncRAT	Browse	18.153.198.123

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.954542194785649
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	Space.ppc.elf
File size:	35'156 bytes
MD5:	0474965d631bc9d0de2ce54e45ec2113
SHA1:	34f123a32b4f02f10f1ef11a3bae307ff7c96d27
SHA256:	61dc9e6eb18e4882d8bebf6e046f8fc2d8ea1da0117416ea9dbbedd0cc86c73b
SHA512:	0a397b19905ce372a23a590821c2864833b18db7309d03dee8fcd086729e934728bef727339a75ec8f6af3a89690536205744d5857ff80ce191271f803349226
SSDEEP:	768:yl3cWFWEdCEv4Fr1WmPc+ClLIT6Ot34uVcqgw09u:ylsW86Mr1WmU+ClL+b4u+qgw09u
TLSH:	9CF2E1A4F4444EC8DA67ADF059266FA0B3BB1E4F77FEEA15508ACE1131058273183DC9
File Content Preview:	.ELF......................vp...4.........4. ...(.......................X...X..............I...I...I.................dt.Q................................UPX!..........%...%........V.......?.E.h4...@b..............d...[.Q.........4+j..``*:.D.k.'.I.I..w]....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0x107670
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x100000	0x100000	0x8858	0x8858	7.9573	0x5	R E	0x10000
LOAD	0x499c	0x1002499c	0x1002499c	0x0	0x0	0.0000	0x6	RW	0x10000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 09:05:33.142932892 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:33.262759924 CET	3778	46686	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:33.262821913 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:33.278409958 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:33.399822950 CET	3778	46686	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:33.399873972 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:33.519629002 CET	3778	46686	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:34.615344048 CET	3778	46686	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:34.615895987 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.615896940 CET	46686	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.616811037 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.736608028 CET	3778	46688	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:34.736782074 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.739846945 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.859600067 CET	3778	46688	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:34.859749079 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:34.979572058 CET	3778	46688	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:36.058126926 CET	3778	46688	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:36.058324099 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.058362007 CET	46688	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.059129000 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.182694912 CET	3778	46690	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:36.182898045 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.183809996 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.303898096 CET	3778	46690	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:36.304147959 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:36.423921108 CET	3778	46690	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:37.510375023 CET	3778	46690	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:37.510945082 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.510945082 CET	46690	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.511529922 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.631438017 CET	3778	46692	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:37.631740093 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.632581949 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.752314091 CET	3778	46692	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:37.752476931 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:37.872265100 CET	3778	46692	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:38.793620110 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:38.913311958 CET	3778	46694	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:38.913425922 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:38.947087049 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:38.957457066 CET	3778	46692	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:38.957634926 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:38.957634926 CET	46692	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:38.958714008 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:39.066761971 CET	3778	46694	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:39.066839933 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:39.078622103 CET	3778	46696	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:39.078675985 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:39.103488922 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:39.186556101 CET	3778	46694	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:39.223275900 CET	3778	46696	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:39.223412037 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:39.343192101 CET	3778	46696	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.236685038 CET	3778	46694	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.236964941 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.237061977 CET	46694	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.238039970 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.357857943 CET	3778	46698	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.358099937 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.359376907 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.407896042 CET	3778	46696	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.408029079 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.408080101 CET	46696	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.410013914 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.479065895 CET	3778	46698	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.479203939 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.529779911 CET	3778	46700	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.530536890 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.533528090 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.598870039 CET	3778	46698	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.653228998 CET	3778	46700	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:40.653454065 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:40.773216963 CET	3778	46700	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.690650940 CET	3778	46698	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.690767050 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.690807104 CET	46698	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.691380978 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.811821938 CET	3778	46702	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.812035084 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.812813997 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.855402946 CET	3778	46700	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.855494022 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.855684042 CET	46700	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.856190920 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.933651924 CET	3778	46702	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.933845997 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:41.975900888 CET	3778	46704	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:41.976089001 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:42.053555012 CET	3778	46702	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:42.624696970 CET	46540	443	192.168.2.14	185.125.190.26
Dec 16, 2024 09:05:42.880644083 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.000519037 CET	3778	46704	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.000693083 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.001827955 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.121701002 CET	3778	46704	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.121968985 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.135632992 CET	3778	46702	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.135930061 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.135930061 CET	46702	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.136508942 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.241985083 CET	3778	46704	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.256225109 CET	3778	46706	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.256377935 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.257540941 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.377346039 CET	3778	46706	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:43.377604008 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:43.497451067 CET	3778	46706	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.324348927 CET	3778	46704	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.324525118 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.324599981 CET	46704	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.325218916 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.444957018 CET	3778	46708	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.445332050 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.446433067 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.566196918 CET	3778	46708	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.566385031 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.579453945 CET	3778	46706	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.579618931 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.579677105 CET	46706	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.580262899 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.686808109 CET	3778	46708	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.700030088 CET	3778	46710	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.700206041 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.701167107 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.820933104 CET	3778	46710	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:44.821149111 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:44.940865040 CET	3778	46710	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:45.772449970 CET	3778	46708	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:45.772618055 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:45.772650957 CET	46708	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:45.773269892 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:45.892993927 CET	3778	46712	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:45.893142939 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:45.894239902 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.013964891 CET	3778	46712	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:46.014108896 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.051664114 CET	3778	46710	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:46.051779985 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.051816940 CET	46710	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.052386999 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.133884907 CET	3778	46712	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:46.172074080 CET	3778	46714	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:46.172200918 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.172972918 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.292655945 CET	3778	46714	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:46.293040037 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:46.412826061 CET	3778	46714	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.215148926 CET	3778	46712	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.215426922 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.215490103 CET	46712	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.216363907 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.336215973 CET	3778	46716	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.336375952 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.337879896 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.457657099 CET	3778	46716	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.457824945 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.501347065 CET	3778	46714	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.501568079 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.501616955 CET	46714	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.502290010 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.577662945 CET	3778	46716	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.622128963 CET	3778	46718	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.622359037 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.623542070 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.743310928 CET	3778	46718	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:47.743479967 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:47.863238096 CET	3778	46718	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:48.662691116 CET	3778	46716	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:48.662874937 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.662906885 CET	46716	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.663727999 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.784584045 CET	3778	46720	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:48.784759045 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.786771059 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.906596899 CET	3778	46720	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:48.906754017 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.942202091 CET	3778	46718	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:48.942372084 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.942372084 CET	46718	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:48.943068027 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:49.026732922 CET	3778	46720	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:49.062920094 CET	3778	46722	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:49.063174963 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:49.064677954 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:49.184427977 CET	3778	46722	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:49.184685946 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:49.306235075 CET	3778	46722	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.125211000 CET	3778	46720	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.125368118 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.125591993 CET	46720	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.126669884 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.246917009 CET	3778	46724	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.247078896 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.248440027 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.368236065 CET	3778	46724	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.368561029 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.389411926 CET	3778	46722	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.389534950 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.389611006 CET	46722	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.390261889 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.489979029 CET	3778	46724	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.511255026 CET	3778	46726	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.511435986 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.513115883 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.633322954 CET	3778	46726	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:50.633510113 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:50.755260944 CET	3778	46726	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.573396921 CET	3778	46724	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.573594093 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.573627949 CET	46724	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.574332952 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.694114923 CET	3778	46728	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.694355965 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.695691109 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.818147898 CET	3778	46728	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.818550110 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.836740017 CET	3778	46726	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.837012053 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.837137938 CET	46726	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.838042974 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.938504934 CET	3778	46728	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.958684921 CET	3778	46730	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:51.958998919 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:51.960149050 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:52.080909967 CET	3778	46730	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:52.081175089 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:52.200891972 CET	3778	46730	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.016834974 CET	3778	46728	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.017021894 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.017112970 CET	46728	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.017946959 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.137741089 CET	3778	46732	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.137916088 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.139367104 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.259150982 CET	3778	46732	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.259274006 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.285209894 CET	3778	46730	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.285352945 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.285387039 CET	46730	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.286015034 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.379044056 CET	3778	46732	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.405745983 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.406095982 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.407114983 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.527482986 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:53.527661085 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:53.647402048 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:54.458534956 CET	3778	46732	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:54.458697081 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.458794117 CET	46732	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.459686041 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.579705000 CET	3778	46736	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:54.579857111 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.581243038 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.701241016 CET	3778	46736	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:54.701385021 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:54.821377039 CET	3778	46736	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:55.931735992 CET	3778	46736	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:55.931921959 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:55.932008028 CET	46736	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:55.932868958 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:56.052625895 CET	3778	46738	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:56.052800894 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:56.053889990 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:56.173736095 CET	3778	46738	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:56.173898935 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:56.293757915 CET	3778	46738	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:57.377635956 CET	3778	46738	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:57.377875090 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.378053904 CET	46738	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.378889084 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.498553991 CET	3778	46740	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:57.498792887 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.500422955 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.620253086 CET	3778	46740	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:57.620388031 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:57.740469933 CET	3778	46740	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:58.823951006 CET	3778	46740	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:58.824070930 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:58.824110985 CET	46740	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:58.824965000 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:58.944746017 CET	3778	46742	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:58.944957972 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:58.946191072 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:59.065918922 CET	3778	46742	89.169.4.44	192.168.2.14
Dec 16, 2024 09:05:59.066081047 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:05:59.185902119 CET	3778	46742	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:00.268850088 CET	3778	46742	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:00.269164085 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.269223928 CET	46742	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.270415068 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.390165091 CET	3778	46744	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:00.390330076 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.392112970 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.511960030 CET	3778	46744	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:00.512093067 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:00.631947994 CET	3778	46744	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:01.728091955 CET	3778	46744	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:01.728411913 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:01.728452921 CET	46744	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:01.729492903 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:01.849319935 CET	3778	46746	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:01.849673986 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:01.851089954 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:01.884938002 CET	34592	443	192.168.2.14	54.217.10.153
Dec 16, 2024 09:06:01.970808983 CET	3778	46746	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:01.970880032 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:02.005331039 CET	443	34592	54.217.10.153	192.168.2.14
Dec 16, 2024 09:06:02.005454063 CET	34592	443	192.168.2.14	54.217.10.153
Dec 16, 2024 09:06:02.090593100 CET	3778	46746	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.175473928 CET	3778	46746	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.175622940 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.175780058 CET	46746	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.176595926 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.296478033 CET	3778	46748	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.296648979 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.298151970 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.415730953 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.417929888 CET	3778	46748	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.418068886 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:03.535928011 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.538109064 CET	3778	46748	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.849592924 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:03.849909067 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.621963978 CET	3778	46748	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:04.622288942 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.622395039 CET	46748	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.624136925 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.744048119 CET	3778	46750	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:04.744229078 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.746124983 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.865837097 CET	3778	46750	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:04.865987062 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:04.985853910 CET	3778	46750	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:06.097299099 CET	3778	46750	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:06.097456932 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.097568035 CET	46750	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.098342896 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.218740940 CET	3778	46752	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:06.219058037 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.220125914 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.339833975 CET	3778	46752	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:06.340002060 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:06.459896088 CET	3778	46752	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:07.543461084 CET	3778	46752	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:07.543740034 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.543740988 CET	46752	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.544570923 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.664313078 CET	3778	46754	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:07.664443970 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.665694952 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.785454035 CET	3778	46754	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:07.785576105 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:07.905294895 CET	3778	46754	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:08.989517927 CET	3778	46754	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:08.989742994 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:08.989743948 CET	46754	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:08.990132093 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:09.110152960 CET	3778	46756	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:09.110296011 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:09.112552881 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:09.232402086 CET	3778	46756	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:09.232630968 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:09.352477074 CET	3778	46756	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:10.473251104 CET	3778	46756	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:10.473377943 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.473423958 CET	46756	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.474476099 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.602860928 CET	3778	46758	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:10.602994919 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.604387999 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.724248886 CET	3778	46758	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:10.724376917 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:10.844093084 CET	3778	46758	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:11.940114975 CET	3778	46758	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:11.940256119 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:11.940296888 CET	46758	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:11.940912008 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:12.060730934 CET	3778	46760	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:12.060859919 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:12.061669111 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:12.181580067 CET	3778	46760	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:12.181751966 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:12.301583052 CET	3778	46760	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:12.575201988 CET	46540	443	192.168.2.14	185.125.190.26
Dec 16, 2024 09:06:13.383563042 CET	3778	46760	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:13.383774042 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.383821964 CET	46760	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.384601116 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.504484892 CET	3778	46762	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:13.504601955 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.506223917 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.625988007 CET	3778	46762	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:13.626106977 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:13.745891094 CET	3778	46762	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:14.825449944 CET	3778	46762	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:14.825683117 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:14.825684071 CET	46762	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:14.826268911 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:14.945990086 CET	3778	46764	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:14.946186066 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:14.947935104 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:15.067619085 CET	3778	46764	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:15.067823887 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:15.187582016 CET	3778	46764	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:16.294756889 CET	3778	46764	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:16.295101881 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.295257092 CET	46764	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.295922995 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.419496059 CET	3778	46766	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:16.419694901 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.421334982 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.541022062 CET	3778	46766	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:16.541160107 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:16.661031008 CET	3778	46766	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:17.741638899 CET	3778	46766	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:17.741908073 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:17.741981030 CET	46766	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:17.742791891 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:18.057143927 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:18.057254076 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:18.058156967 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:18.216778040 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:18.216952085 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:18.338392019 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:28.067926884 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:06:28.187882900 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:28.501996040 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:06:28.502139091 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:07:03.895232916 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:07:04.015263081 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:07:04.329457998 CET	3778	46734	89.169.4.44	192.168.2.14
Dec 16, 2024 09:07:04.329622984 CET	46734	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:07:28.559453964 CET	46768	3778	192.168.2.14	89.169.4.44
Dec 16, 2024 09:07:28.679327011 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:07:28.995151043 CET	3778	46768	89.169.4.44	192.168.2.14
Dec 16, 2024 09:07:28.995284081 CET	46768	3778	192.168.2.14	89.169.4.44

System Behavior

Analysis Process: Space.ppc.elf PID: 5475, Parent PID: 5400

General

Start time (UTC):	08:05:31
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	/tmp/Space.ppc.elf
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5477, Parent PID: 5475

General

Start time (UTC):	08:05:31
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5479, Parent PID: 5477

General

Start time (UTC):	08:05:31
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5481, Parent PID: 5477

General

Start time (UTC):	08:05:31
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5489, Parent PID: 5475

General

Start time (UTC):	08:05:37
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5490, Parent PID: 5475

General

Start time (UTC):	08:05:37
Start date (UTC):	16/12/2024
Path:	/tmp/Space.ppc.elf
Arguments:	-
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Chronological Activities

Analysis Process: dash PID: 5525, Parent PID: 3633

General

Start time (UTC):	08:06:00
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 5525, Parent PID: 3633

General

Start time (UTC):	08:06:00
Start date (UTC):	16/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 5526, Parent PID: 3633

General

Start time (UTC):	08:06:00
Start date (UTC):	16/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 5526, Parent PID: 3633

General

Start time (UTC):	08:06:00
Start date (UTC):	16/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.xziUcqrt4D /tmp/tmp.Gwq6tq1fbX /tmp/tmp.2XW13rOwNj
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Space.ppc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Space.ppc.elf PID: 5475, Parent PID: 5400

General

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5477, Parent PID: 5475

General

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5479, Parent PID: 5477

General

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5481, Parent PID: 5477

General

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5489, Parent PID: 5475

General

Chronological Activities

Analysis Process: Space.ppc.elf PID: 5490, Parent PID: 5475

General

Chronological Activities

Analysis Process: dash PID: 5525, Parent PID: 3633

Linux Analysis Report
Space.ppc.elf