Edit tour

Linux Analysis Report
Space.i686.elf

Overview

General Information

Sample name:	Space.i686.elf
Analysis ID:	1580585
MD5:	ebab2dd119fb4e54698ba8726756a19c
SHA1:	aaf97d14cb0ad2e80794f4a8a9c37fbc182bd9e8
SHA256:	cc0f2a44e7f5839fbb9ef84f0a464b31305090f3219bc92ca41d6fa6e4a67f7d
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580585
Start date and time:	2024-12-25 11:21:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Space.i686.elf
Detection:	MAL
Classification:	mal64.evad.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/Space.i686.elf
PID:	5489
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

Space.i686.elf (PID: 5489, Parent: 5414, MD5: ebab2dd119fb4e54698ba8726756a19c) Arguments: /tmp/Space.i686.elf

Space.i686.elf New Fork (PID: 5490, Parent: 5489)

Space.i686.elf New Fork (PID: 5491, Parent: 5490)

Space.i686.elf New Fork (PID: 5492, Parent: 5490)

Space.i686.elf New Fork (PID: 5496, Parent: 5489)

Space.i686.elf New Fork (PID: 5497, Parent: 5489)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5489.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5489.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5489.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5496.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5496.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5496.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5490.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5490.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5490.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5491.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5491.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_3a56423b	unknown	unknown	0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5491.1.0000000008048000.000000000805c000.r-x.sdmp	Linux_Trojan_Mirai_dab39a25	unknown	unknown	0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
Process Memory Space: Space.i686.elf PID: 5489	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1405:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1419:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x142d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1441:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1455:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1469:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x147d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1491:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1509:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1531:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1545:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1559:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x156d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1581:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1595:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.i686.elf PID: 5490	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11e7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11fb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1223:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1237:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x124b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1273:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1287:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1313:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1327:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x133b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x134f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1363:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1377:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.i686.elf PID: 5491	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xa54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xa90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xacc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xaf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.i686.elf PID: 5496	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1405:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1419:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x142d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1441:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1455:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1469:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x147d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1491:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14a5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14b9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14cd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14e1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x14f5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1509:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x151d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1531:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1545:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1559:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x156d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1581:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1595:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 11 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Space.i686.elf	Virustotal: Detection: 44%			Perma Link
Source: Space.i686.elf	ReversingLabs: Detection: 57%

Machine Learning detection for sample

Source: Space.i686.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.14:59126 -> 154.216.20.216:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216

Source: Space.i686.elf

String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5489, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5490, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5491, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0xc01000

Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5489.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5496.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5490.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5491.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: Space.i686.elf PID: 5489, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5490, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5491, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3760/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3761/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1583/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/2672/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1577/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/917/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/19/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1593/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/240/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3094/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/242/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3406/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/244/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1589/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/245/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1588/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/246/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3402/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/5/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/247/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/7/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/8/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/129/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3762/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3763/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/803/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/806/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/807/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/928/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3420/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/490/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/131/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/135/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/378/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/3412/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/1371/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/260/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/261/status	Jump to behavior
Source: /tmp/Space.i686.elf (PID: 5489)	File opened: /proc/262/status	Jump to behavior

Source: Space.i686.elf

Submission file: segment LOAD with 7.9626 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Space.i686.elf	44%	Virustotal		Browse
Space.i686.elf	58%	ReversingLabs	Linux.Backdoor.Mirai
Space.i686.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Space.i686.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
154.216.20.216	unknown	Seychelles		135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	154.216.19.138
	zerarm7.elf	Get hash	malicious	Unknown	Browse	154.216.16.250
	nabm68k.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabarm.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	zerppc.elf	Get hash	malicious	Unknown	Browse	154.216.16.250
	zerarm5.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabx86.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabsh4.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabmpsl.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabmips.elf	Get hash	malicious	Unknown	Browse	154.216.16.244

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.960576583123002
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	Space.i686.elf
File size:	38'296 bytes
MD5:	ebab2dd119fb4e54698ba8726756a19c
SHA1:	aaf97d14cb0ad2e80794f4a8a9c37fbc182bd9e8
SHA256:	cc0f2a44e7f5839fbb9ef84f0a464b31305090f3219bc92ca41d6fa6e4a67f7d
SHA512:	bdccd5abdb52bed568292cd0fe828ac59db7530c394dc00bfad12a5ed3f60e6a5506b7a2699e88849e7288e2a51d88e993f27ced046772ab4ef7fbc0f4838a80
SSDEEP:	768:5wtA4ekdvZwsddqRLrcb7Gwy1D4rojKqodnbcuyD7UHQRjN:5wtAAdBwsrdb7GwMDwoWdnouy8Hy5
TLSH:	9303F191E0ADEACCD0EC12F5C6AB520D7E01F66C56A0C8EB8EC9B96E6B527905F001D1
File Content Preview:	.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.\|.>#.....{~w.y.l...H..@.UO.dA....X...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xc092a8
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0xc01000	0xc01000	0x949c	0x949c	7.9626	0x5	R E	0x1000
LOAD	0xc08	0x805cc08	0x805cc08	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 25, 2024 11:21:57.093019009 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:57.212744951 CET	3778	59126	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:57.212826014 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:57.212867975 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:57.332449913 CET	3778	59126	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:57.332658052 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:57.452195883 CET	3778	59126	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:58.514110088 CET	3778	59126	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:58.514467001 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:58.514480114 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:58.514480114 CET	59126	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:58.634095907 CET	3778	59128	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:58.634309053 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:58.634361029 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:59.016602039 CET	3778	59128	154.216.20.216	192.168.2.14
Dec 25, 2024 11:21:59.016664028 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:21:59.136698961 CET	3778	59128	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:00.198124886 CET	3778	59128	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:00.198295116 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.198344946 CET	59128	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.198344946 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.318020105 CET	3778	59130	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:00.318166018 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.318221092 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.437664986 CET	3778	59130	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:00.437870979 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:00.557391882 CET	3778	59130	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:01.618531942 CET	3778	59130	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:01.618791103 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.618792057 CET	59130	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.618835926 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.738356113 CET	3778	59132	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:01.738579035 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.738579035 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.858176947 CET	3778	59132	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:01.858292103 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:01.977797985 CET	3778	59132	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:02.641123056 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:02.760963917 CET	3778	59134	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:02.761053085 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:02.761105061 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:02.880908966 CET	3778	59134	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:02.881072998 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.000644922 CET	3778	59134	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:03.036990881 CET	3778	59132	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:03.037203074 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.037203074 CET	59132	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.037240982 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.157466888 CET	3778	59136	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:03.157744884 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.157779932 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.278227091 CET	3778	59136	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:03.278388023 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:03.398109913 CET	3778	59136	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.062392950 CET	3778	59134	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.062534094 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.062571049 CET	59134	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.062601089 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.182228088 CET	3778	59138	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.182353020 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.182395935 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.302102089 CET	3778	59138	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.302256107 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.422538042 CET	3778	59138	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.458554983 CET	3778	59136	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.458723068 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.458755016 CET	59136	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.458931923 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.578587055 CET	3778	59140	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.578860044 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.578905106 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.698712111 CET	3778	59140	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:04.699024916 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:04.819176912 CET	3778	59140	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.485901117 CET	3778	59138	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.486017942 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.486057043 CET	59138	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.486097097 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.605698109 CET	3778	59142	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.605837107 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.605837107 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.725440979 CET	3778	59142	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.725554943 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.845115900 CET	3778	59142	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.876741886 CET	3778	59140	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.876871109 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.876910925 CET	59140	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.876935959 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.996509075 CET	3778	59144	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:05.996802092 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:05.996855974 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:06.116621971 CET	3778	59144	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:06.116880894 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:06.236634016 CET	3778	59144	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:06.906353951 CET	3778	59142	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:06.906497002 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:06.906534910 CET	59142	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:06.906568050 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.026223898 CET	3778	59146	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.026356936 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.026397943 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.146042109 CET	3778	59146	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.146210909 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.266839027 CET	3778	59146	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.297936916 CET	3778	59144	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.298060894 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.298108101 CET	59144	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.298152924 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.417824984 CET	3778	59148	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.418041945 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.418207884 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.537785053 CET	3778	59148	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:07.537889004 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:07.657604933 CET	3778	59148	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.327064037 CET	3778	59146	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.327457905 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.327457905 CET	59146	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.327500105 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.447386026 CET	3778	59150	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.447616100 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.447705030 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.567261934 CET	3778	59150	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.567406893 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.687074900 CET	3778	59150	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.717060089 CET	3778	59148	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.717282057 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.717350960 CET	59148	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.717398882 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.836941957 CET	3778	59152	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.837064028 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.837268114 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:08.956806898 CET	3778	59152	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:08.957156897 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.076853037 CET	3778	59152	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:09.747368097 CET	3778	59150	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:09.747729063 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.747730017 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.747729063 CET	59150	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.867356062 CET	3778	59154	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:09.867579937 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.867579937 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:09.987166882 CET	3778	59154	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:09.987390995 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.107413054 CET	3778	59154	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:10.138122082 CET	3778	59152	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:10.138346910 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.138346910 CET	59152	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.138402939 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.258037090 CET	3778	59156	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:10.258408070 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.258435965 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.378046036 CET	3778	59156	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:10.378279924 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:10.498018980 CET	3778	59156	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.166886091 CET	3778	59154	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.167162895 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.167171001 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.167164087 CET	59154	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.286899090 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.287319899 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.287321091 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.406960964 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.407193899 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.526822090 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.558623075 CET	3778	59156	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.558876038 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.558931112 CET	59156	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.559019089 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.678599119 CET	3778	59160	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.678847075 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.678894997 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.798592091 CET	3778	59160	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:11.798811913 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:11.918621063 CET	3778	59160	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:12.979343891 CET	3778	59160	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:12.979475021 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:12.979518890 CET	59160	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:12.979542971 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:13.099366903 CET	3778	59162	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:13.099647045 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:13.099703074 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:13.219372988 CET	3778	59162	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:13.219691992 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:13.339288950 CET	3778	59162	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:14.414022923 CET	3778	59162	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:14.414310932 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.414472103 CET	59162	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.414483070 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.534156084 CET	3778	59164	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:14.534383059 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.534383059 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.654006958 CET	3778	59164	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:14.654284954 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:14.773833990 CET	3778	59164	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:15.834477901 CET	3778	59164	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:15.834635973 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:15.834723949 CET	59164	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:15.834765911 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:15.954231977 CET	3778	59166	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:15.954425097 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:15.954680920 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:16.074177980 CET	3778	59166	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:16.074426889 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:16.194171906 CET	3778	59166	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:17.255820036 CET	3778	59166	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:17.256220102 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.256309986 CET	59166	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.256372929 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.375931978 CET	3778	59168	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:17.376214981 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.376424074 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.495923042 CET	3778	59168	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:17.496215105 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:17.615742922 CET	3778	59168	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:18.674336910 CET	3778	59168	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:18.674581051 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:18.674664021 CET	59168	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:18.674732924 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:18.794368029 CET	3778	59170	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:18.794567108 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:18.794646978 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:18.914207935 CET	3778	59170	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:18.914410114 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:19.034054995 CET	3778	59170	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:20.093657017 CET	3778	59170	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:20.093916893 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.093938112 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.093938112 CET	59170	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.213984966 CET	3778	59172	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:20.214358091 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.214358091 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.333966970 CET	3778	59172	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:20.334073067 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:20.453629017 CET	3778	59172	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.288853884 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.408576012 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.515542030 CET	3778	59172	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.515963078 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.515963078 CET	59172	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.515963078 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.635503054 CET	3778	59174	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.635674000 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.635760069 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.715218067 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.715424061 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.755352974 CET	3778	59174	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:21.755608082 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:21.875098944 CET	3778	59174	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:22.939215899 CET	3778	59174	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:22.939398050 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:22.939423084 CET	59174	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:22.939480066 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:23.059039116 CET	3778	59176	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:23.059405088 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:23.059405088 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:23.179052114 CET	3778	59176	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:23.179327965 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:23.298846960 CET	3778	59176	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:24.362966061 CET	3778	59176	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:24.363337994 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.363384008 CET	59176	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.363481998 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.483334064 CET	3778	59178	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:24.483592033 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.483700991 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.603348970 CET	3778	59178	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:24.603604078 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:24.723284960 CET	3778	59178	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:25.781703949 CET	3778	59178	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:25.781872988 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:25.781955004 CET	59178	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:25.782073975 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:25.901735067 CET	3778	59180	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:25.901875973 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:25.901962042 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:26.021639109 CET	3778	59180	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:26.021874905 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:26.141453028 CET	3778	59180	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:27.211219072 CET	3778	59180	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:27.211522102 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.211522102 CET	59180	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.211612940 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.331275940 CET	3778	59182	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:27.331480026 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.331528902 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.451248884 CET	3778	59182	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:27.451361895 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:27.570979118 CET	3778	59182	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:28.631484032 CET	3778	59182	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:28.631746054 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.631793976 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.631858110 CET	59182	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.751517057 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:28.751730919 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.751760960 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.871357918 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:28.871640921 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:28.991250038 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:38.759196043 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:22:38.878950119 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:39.181101084 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:22:39.181233883 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:23:21.762763023 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:23:21.882354021 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:23:22.183955908 CET	3778	59158	154.216.20.216	192.168.2.14
Dec 25, 2024 11:23:22.184175968 CET	59158	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:23:39.239330053 CET	59184	3778	192.168.2.14	154.216.20.216
Dec 25, 2024 11:23:39.359168053 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:23:39.661539078 CET	3778	59184	154.216.20.216	192.168.2.14
Dec 25, 2024 11:23:39.661820889 CET	59184	3778	192.168.2.14	154.216.20.216

System Behavior

Analysis Process: Space.i686.elf PID: 5489, Parent PID: 5414

General

Start time (UTC):	10:21:56
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	/tmp/Space.i686.elf
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Chronological Activities

Analysis Process: Space.i686.elf PID: 5490, Parent PID: 5489

General

Start time (UTC):	10:21:56
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	-
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Chronological Activities

Analysis Process: Space.i686.elf PID: 5491, Parent PID: 5490

General

Start time (UTC):	10:21:56
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	-
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Chronological Activities

Analysis Process: Space.i686.elf PID: 5492, Parent PID: 5490

General

Start time (UTC):	10:21:56
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	-
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Analysis Process: Space.i686.elf PID: 5496, Parent PID: 5489

General

Start time (UTC):	10:22:02
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	-
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Chronological Activities

Analysis Process: Space.i686.elf PID: 5497, Parent PID: 5489

General

Start time (UTC):	10:22:02
Start date (UTC):	25/12/2024
Path:	/tmp/Space.i686.elf
Arguments:	-
File size:	38296 bytes
MD5 hash:	ebab2dd119fb4e54698ba8726756a19c

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Space.i686.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Space.i686.elf PID: 5489, Parent PID: 5414

General

Chronological Activities

Analysis Process: Space.i686.elf PID: 5490, Parent PID: 5489

General

Chronological Activities

Analysis Process: Space.i686.elf PID: 5491, Parent PID: 5490

General

Chronological Activities

Analysis Process: Space.i686.elf PID: 5492, Parent PID: 5490

General

Analysis Process: Space.i686.elf PID: 5496, Parent PID: 5489

General

Chronological Activities

Analysis Process: Space.i686.elf PID: 5497, Parent PID: 5489

General

Linux Analysis Report
Space.i686.elf