Edit tour

Linux Analysis Report
Space.x86_64.elf

Overview

General Information

Sample name:	Space.x86_64.elf
Analysis ID:	1580591
MD5:	2a970c08a36bf8f55635f35c36450c39
SHA1:	19178136051ca912cb63f3b660aaff2ad1a0acf2
SHA256:	24e0c293e85e159f78622bfd49323ffeeae27d8714a4763599eca3d9f0db3979
Tags:	elfuser-abuse_ch
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Sample is packed with UPX

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample contains only a LOAD segment without any section mappings

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580591
Start date and time:	2024-12-25 11:29:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	Space.x86_64.elf
Detection:	MAL
Classification:	mal64.evad.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/Space.x86_64.elf
PID:	6264
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

Space.x86_64.elf (PID: 6264, Parent: 6188, MD5: 2a970c08a36bf8f55635f35c36450c39) Arguments: /tmp/Space.x86_64.elf

Space.x86_64.elf New Fork (PID: 6265, Parent: 6264)

Space.x86_64.elf New Fork (PID: 6266, Parent: 6265)

Space.x86_64.elf New Fork (PID: 6267, Parent: 6265)

Space.x86_64.elf New Fork (PID: 6270, Parent: 6264)

Space.x86_64.elf New Fork (PID: 6271, Parent: 6264)

dash New Fork (PID: 6275, Parent: 4331)

rm (PID: 6275, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y

dash New Fork (PID: 6276, Parent: 4331)

rm (PID: 6276, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
6266.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6266.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6270.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6270.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6264.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6264.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
6265.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6265.1.0000000000400000.0000000000413000.r-x.sdmp	Linux_Trojan_Mirai_564b8eda	unknown	unknown	0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
Process Memory Space: Space.x86_64.elf PID: 6264	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xbc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xca4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xccc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xce0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xd58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.x86_64.elf PID: 6265	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x120e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1222:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1236:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x124a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x125e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1272:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1286:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12fe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1312:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1326:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x133a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x134e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.x86_64.elf PID: 6266	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1213:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1227:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x123b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x124f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1263:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1277:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x128b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x129f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12b3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12c7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1303:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1317:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x132b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x133f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1353:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1367:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: Space.x86_64.elf PID: 6270	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0xb31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb6d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb81:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xb95:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xba9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbbd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbd1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbe5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xbf9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc0d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc21:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc35:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc49:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc5d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc71:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc85:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xc99:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcad:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0xcc1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Space.x86_64.elf	Virustotal: Detection: 36%			Perma Link
Source: Space.x86_64.elf	ReversingLabs: Detection: 50%

Machine Learning detection for sample

Source: Space.x86_64.elf

Joe Sandbox ML: detected

Source: global traffic

TCP traffic: 192.168.2.23:42346 -> 154.216.20.216:3778

Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 34.249.145.219
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.20.216

Source: Space.x86_64.elf

String found in binary or memory: http://upx.sf.net

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 39256
Source: unknown	Network traffic detected: HTTP traffic on port 39256 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 6266.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6266.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6270.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6270.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6264.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6264.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 6265.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6265.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 6265, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 6266, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 6270, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown

Source: LOAD without section mappings

Program segment: 0x400000

Source: 6266.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6266.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6270.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6270.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6264.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6264.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 6265.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6265.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 6265, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 6266, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 6270, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16

Source: classification engine

Classification label: mal64.evad.linELF@0/0@0/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1582/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/3088/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/230/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/110/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/231/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/111/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/232/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1579/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/112/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/233/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1699/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/113/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/234/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1335/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1698/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/114/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/235/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1334/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1576/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/2302/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/115/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/236/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/116/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/237/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/117/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/118/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/910/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/119/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/912/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/10/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/2307/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/11/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/918/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/12/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/13/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/14/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/15/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/16/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/17/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/18/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1594/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/120/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/121/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1349/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/122/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/243/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/123/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/2/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/124/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/3/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/4/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/125/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/126/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1344/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1465/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1586/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/127/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/6/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/248/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/128/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/249/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1463/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/800/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/9/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/801/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/20/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/21/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1900/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/22/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/23/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/24/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/25/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/26/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/27/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/28/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/29/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/491/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/250/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/130/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/251/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/252/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/132/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/253/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/254/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/255/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/256/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1599/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/257/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1477/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/379/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/258/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1476/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/259/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1475/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/6249/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/6248/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/936/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/30/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/2208/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/35/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/6264/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/6267/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1809/status	Jump to behavior
Source: /tmp/Space.x86_64.elf (PID: 6264)	File opened: /proc/1494/status	Jump to behavior

Source: /usr/bin/dash (PID: 6275)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y			Jump to behavior
Source: /usr/bin/dash (PID: 6276)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y			Jump to behavior

Source: Space.x86_64.elf

Submission file: segment LOAD with 7.9616 entropy (max. 8.0)

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Obfuscated Files or Information	1 OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Space.x86_64.elf	37%	Virustotal		Browse
Space.x86_64.elf	50%	ReversingLabs	Linux.Backdoor.Mirai
Space.x86_64.elf	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Space.x86_64.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
154.216.20.216	unknown	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
34.249.145.219	unknown	United States	16509	AMAZON-02US	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
154.216.20.216	Space.arm.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Unknown	Browse
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse
	Space.m68k.elf	Get hash	malicious	Mirai	Browse
	Space.i686.elf	Get hash	malicious	Unknown	Browse
34.249.145.219	zerm68k.elf	Get hash	malicious	Unknown	Browse
	hidakibest.ppc.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	hidakibest.arm6.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	main_mips.elf	Get hash	malicious	Mirai	Browse
	powerpc.elf	Get hash	malicious	Mirai	Browse
	main_arm6.elf	Get hash	malicious	Mirai	Browse
	main_x86.elf	Get hash	malicious	Mirai	Browse
	main_m68k.elf	Get hash	malicious	Mirai	Browse
	Space.mips.elf	Get hash	malicious	Mirai	Browse
	hmips.elf	Get hash	malicious	Unknown	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.42	Space.arc.elf	Get hash	malicious	Mirai	Browse
	Space.arm5.elf	Get hash	malicious	Unknown	Browse
	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse
	armv4eb.elf	Get hash	malicious	Unknown	Browse
	armv5l.elf	Get hash	malicious	Unknown	Browse
	armv4eb.elf	Get hash	malicious	Unknown	Browse
	sshd.elf	Get hash	malicious	Unknown	Browse
	armv4eb.elf	Get hash	malicious	Mirai	Browse
	most-arm7.elf	Get hash	malicious	Mirai	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	Space.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	91.189.91.42
	armv4eb.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	armv5l.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	armv4eb.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	sshd.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	loligang.arm5.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	armv4eb.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	Space.arm.elf	Get hash	malicious	Mirai	Browse	154.216.20.216
	Space.mips.elf	Get hash	malicious	Unknown	Browse	154.216.20.216
	Space.mpsl.elf	Get hash	malicious	Unknown	Browse	154.216.20.216
	Space.m68k.elf	Get hash	malicious	Mirai	Browse	154.216.20.216
	Space.i686.elf	Get hash	malicious	Unknown	Browse	154.216.20.216
	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	154.216.19.138
	zerarm7.elf	Get hash	malicious	Unknown	Browse	154.216.16.250
	nabm68k.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	nabarm.elf	Get hash	malicious	Unknown	Browse	154.216.16.244
	zerppc.elf	Get hash	malicious	Unknown	Browse	154.216.16.250
INIT7CH	Space.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	Space.arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	109.202.202.202
	armv4eb.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	armv5l.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	armv4eb.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	sshd.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	armv4eb.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	most-arm7.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	arm5.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
AMAZON-02US	byte.x86.elf	Get hash	malicious	Mirai, Okiru	Browse	54.171.230.55
	armv4l.elf	Get hash	malicious	Unknown	Browse	52.221.127.63
	armv4eb.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
	telnet.x86.elf	Get hash	malicious	Unknown	Browse	54.154.23.188
	https://email.equifaxbreachsettlement.com/c/eJwUys9qtDAQAPCnSY6STLL_DjnIp4GFr-3iLrX0EuLMiMLqWo1r-_al9x-5yDrGo2SnD8YednvYK9m5lhEPSJpaYtPgDk-NUUQKCS3r2MjegQKrAbSy1oLKWmC1UycbkU9asxZW8dfat_G7mTlit3BKdx54TBk-Bnl3XUrTIkwuwAvw27Zlw8808xR7Qh4Tz39OgJ-ZmAdhPOODWJiihuP7y__al5_1Vc5uoPhMfRyFVeuCGdMqkyv9R7hUb6HKb3m4VOUlPxfhX14VoThfb-Favhby6eA3AAD__0qSUF8	Get hash	malicious	Unknown	Browse	18.221.139.220
	http://assets.website-files.com/65efffe8d4e10d26910f0543/65f65633ab8b2f021b357c18_64146967722.pdf	Get hash	malicious	Unknown	Browse	52.211.121.244
	armv5l.elf	Get hash	malicious	Mirai	Browse	52.11.1.37
	armv6l.elf	Get hash	malicious	Mirai	Browse	13.210.214.39
	loligang.mpsl.elf	Get hash	malicious	Mirai	Browse	65.1.40.160
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	13.243.198.228

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
Entropy (8bit):	7.959533434504921
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Space.x86_64.elf
File size:	37'540 bytes
MD5:	2a970c08a36bf8f55635f35c36450c39
SHA1:	19178136051ca912cb63f3b660aaff2ad1a0acf2
SHA256:	24e0c293e85e159f78622bfd49323ffeeae27d8714a4763599eca3d9f0db3979
SHA512:	671d7a2cce48f7d3716d53b7c4bd365aeba2972101935aa2b5d5f637a7b888caf0e138db9c52c2a0a4e7359eb9909c04563110bc9db9110c8b649c9b9d63039f
SSDEEP:	768:F+4qtvWUAASje6lhaVG5CHb4diYjLMWf5CcWHdbL5fPr8J75Wx0S:A9tvWrASje4wVGigJmFL578J7AD
TLSH:	AAF2E092D56AD53CD9336E7000D65A28DB32E0B08443976B0FED67EF5EAEA043D0E780
File Content Preview:	.ELF..............>.....`.@.....@...................@.8...@.......................@.......@....................... ......................Ka......Ka.............................Q.td.....................................................I..UPX!D.......8:..8:.

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x408060
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	64
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x400000	0x400000	0x919c	0x919c	7.9616	0x5	R E	0x200000
LOAD	0xb00	0x614b00	0x614b00	0x0	0x0	0.0000	0x6	RW	0x1000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 25, 2024 11:30:24.040837049 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:24.160486937 CET	3778	42346	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:24.160562038 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:24.161516905 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:24.281089067 CET	3778	42346	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:24.281164885 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:24.400752068 CET	3778	42346	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:24.496294975 CET	43928	443	192.168.2.23	91.189.91.42
Dec 25, 2024 11:30:25.464489937 CET	3778	42346	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:25.464705944 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.464797020 CET	42346	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.465480089 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.584989071 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:25.585144997 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.586061001 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.705569983 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:25.705764055 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:25.825335979 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:29.521990061 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:29.642677069 CET	3778	42350	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:29.642865896 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:29.643774033 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:29.763299942 CET	3778	42350	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:29.763488054 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:29.887033939 CET	3778	42350	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:30.939862013 CET	3778	42350	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:30.940033913 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:30.940033913 CET	42350	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:30.940732002 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:31.060421944 CET	3778	42352	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:31.060789108 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:31.061482906 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:31.180996895 CET	3778	42352	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:31.181304932 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:31.300987005 CET	3778	42352	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:32.362301111 CET	3778	42352	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:32.362483978 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.362526894 CET	42352	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.363146067 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.482640982 CET	3778	42354	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:32.482779980 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.483660936 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.603243113 CET	3778	42354	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:32.603404045 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:32.722985983 CET	3778	42354	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:33.781807899 CET	3778	42354	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:33.781953096 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:33.781953096 CET	42354	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:33.782444954 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:33.902055025 CET	3778	42356	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:33.902148008 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:33.902879953 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:34.022521973 CET	3778	42356	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:34.022618055 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:34.142558098 CET	3778	42356	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:35.202779055 CET	3778	42356	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:35.202950954 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.202950954 CET	42356	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.203794956 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.323383093 CET	3778	42358	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:35.323823929 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.330480099 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.450045109 CET	3778	42358	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:35.450175047 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.569729090 CET	3778	42358	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:35.591155052 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:35.710748911 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:36.010787010 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:36.011100054 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.623693943 CET	3778	42358	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:36.623991013 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.624038935 CET	42358	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.624655008 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.744273901 CET	3778	42360	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:36.744518042 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.745629072 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.865164995 CET	3778	42360	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:36.865443945 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:36.985033989 CET	3778	42360	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:37.584378004 CET	443	39256	34.249.145.219	192.168.2.23
Dec 25, 2024 11:30:37.584609985 CET	39256	443	192.168.2.23	34.249.145.219
Dec 25, 2024 11:30:37.704086065 CET	443	39256	34.249.145.219	192.168.2.23
Dec 25, 2024 11:30:38.043951988 CET	3778	42360	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:38.044197083 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.044251919 CET	42360	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.045038939 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.164625883 CET	3778	42362	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:38.164747000 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.165656090 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.286762953 CET	3778	42362	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:38.286873102 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:38.406671047 CET	3778	42362	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:39.468871117 CET	3778	42362	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:39.469012022 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.469012022 CET	42362	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.469583035 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.589133978 CET	3778	42364	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:39.589251041 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.590040922 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.709693909 CET	3778	42364	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:39.709898949 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:39.829592943 CET	3778	42364	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:40.878249884 CET	42516	80	192.168.2.23	109.202.202.202
Dec 25, 2024 11:30:40.887511969 CET	3778	42364	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:40.887697935 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:40.887762070 CET	42364	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:40.888525009 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:41.008200884 CET	3778	42366	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:41.008344889 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:41.009763956 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:41.129302025 CET	3778	42366	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:41.129435062 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:41.249138117 CET	3778	42366	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:42.307476044 CET	3778	42366	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:42.307615995 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.307655096 CET	42366	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.308296919 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.427798033 CET	3778	42368	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:42.427889109 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.428834915 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.548434973 CET	3778	42368	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:42.548521996 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:42.668184042 CET	3778	42368	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:43.727334976 CET	3778	42368	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:43.727488041 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:43.727488041 CET	42368	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:43.728044987 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:43.848186970 CET	3778	42370	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:43.848294020 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:43.849153042 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:43.968657017 CET	3778	42370	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:43.968769073 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:44.088675976 CET	3778	42370	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:44.973649979 CET	43928	443	192.168.2.23	91.189.91.42
Dec 25, 2024 11:30:45.145608902 CET	3778	42370	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:45.145740032 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.145776033 CET	42370	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.146426916 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.266455889 CET	3778	42372	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:45.266565084 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.267416000 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.387058973 CET	3778	42372	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:45.387212038 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:45.506992102 CET	3778	42372	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:46.566716909 CET	3778	42372	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:46.566939116 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.566939116 CET	42372	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.567542076 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.687232971 CET	3778	42374	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:46.687530041 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.688925982 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.808517933 CET	3778	42374	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:46.808665037 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:46.928306103 CET	3778	42374	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:47.988661051 CET	3778	42374	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:47.988796949 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:47.988796949 CET	42374	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:47.989435911 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:48.108971119 CET	3778	42376	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:48.109097958 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:48.110419989 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:48.230027914 CET	3778	42376	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:48.230199099 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:48.349957943 CET	3778	42376	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:49.407880068 CET	3778	42376	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:49.408065081 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.408139944 CET	42376	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.408911943 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.528359890 CET	3778	42378	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:49.528589010 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.529867887 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.649346113 CET	3778	42378	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:49.649482012 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:49.769011021 CET	3778	42378	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:50.827512980 CET	3778	42378	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:50.827917099 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:50.827980042 CET	42378	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:50.828754902 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:50.948396921 CET	3778	42380	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:50.948659897 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:50.950022936 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:51.069617033 CET	3778	42380	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:51.069845915 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:51.189631939 CET	3778	42380	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:52.245413065 CET	3778	42380	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:52.245628119 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.245709896 CET	42380	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.246495962 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.366074085 CET	3778	42382	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:52.366189957 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.367428064 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.487025976 CET	3778	42382	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:52.487185001 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:52.606771946 CET	3778	42382	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:53.664758921 CET	3778	42382	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:53.665025949 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:53.665112019 CET	42382	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:53.665770054 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:53.785401106 CET	3778	42384	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:53.785649061 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:53.786828995 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:53.906502008 CET	3778	42384	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:53.906765938 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:54.026354074 CET	3778	42384	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:55.085246086 CET	3778	42384	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:55.085465908 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.085465908 CET	42384	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.086189032 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.205687046 CET	3778	42386	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:55.205957890 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.207223892 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.326874971 CET	3778	42386	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:55.327003956 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:55.446955919 CET	3778	42386	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:56.504337072 CET	3778	42386	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:56.504460096 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.504668951 CET	42386	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.505369902 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.624948025 CET	3778	42388	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:56.625030041 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.625668049 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.745228052 CET	3778	42388	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:56.745358944 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:56.864976883 CET	3778	42388	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:57.924429893 CET	3778	42388	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:57.924560070 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:57.924598932 CET	42388	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:57.925306082 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:58.045228004 CET	3778	42390	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:58.045382977 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:58.046478987 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:58.166032076 CET	3778	42390	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:58.166167021 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:58.285792112 CET	3778	42390	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:59.345125914 CET	3778	42390	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:59.345437050 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.345490932 CET	42390	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.346277952 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.465871096 CET	3778	42392	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:59.466146946 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.467422962 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.587086916 CET	3778	42392	154.216.20.216	192.168.2.23
Dec 25, 2024 11:30:59.587168932 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:30:59.706768990 CET	3778	42392	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:00.771250010 CET	3778	42392	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:00.771485090 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:00.771655083 CET	42392	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:00.772399902 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:00.893651009 CET	3778	42394	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:00.893913984 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:00.895132065 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:01.014823914 CET	3778	42394	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:01.015065908 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:01.134710073 CET	3778	42394	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:02.195899010 CET	3778	42394	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:02.196058035 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.196124077 CET	42394	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.196899891 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.316400051 CET	3778	42396	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:02.316634893 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.317967892 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.437586069 CET	3778	42396	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:02.437786102 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:02.557378054 CET	3778	42396	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:03.618896961 CET	3778	42396	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:03.619127035 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.619277954 CET	42396	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.620086908 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.739626884 CET	3778	42398	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:03.739732027 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.740885973 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.860941887 CET	3778	42398	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:03.861057043 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:03.980710983 CET	3778	42398	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:05.041728020 CET	3778	42398	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:05.041924953 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.041966915 CET	42398	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.042550087 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.162482023 CET	3778	42400	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:05.162606955 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.163604021 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.283360958 CET	3778	42400	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:05.283555984 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:05.403177977 CET	3778	42400	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:06.469300032 CET	3778	42400	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:06.469598055 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.469599009 CET	42400	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.470225096 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.589798927 CET	3778	42402	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:06.589955091 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.591356993 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.710913897 CET	3778	42402	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:06.711072922 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:06.831162930 CET	3778	42402	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:07.890108109 CET	3778	42402	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:07.890471935 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:07.890551090 CET	42402	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:07.891369104 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:08.011010885 CET	3778	42404	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:08.011221886 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:08.012964964 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:08.132867098 CET	3778	42404	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:08.133143902 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:08.252860069 CET	3778	42404	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:09.310256004 CET	3778	42404	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:09.310486078 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.310537100 CET	42404	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.311371088 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.430978060 CET	3778	42406	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:09.431243896 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.432667017 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.552187920 CET	3778	42406	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:09.552350998 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:09.672018051 CET	3778	42406	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:10.729996920 CET	3778	42406	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:10.730273008 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:10.730324984 CET	42406	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:10.731261015 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:10.851340055 CET	3778	42408	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:10.851665020 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:10.853111982 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:10.972713947 CET	3778	42408	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:10.972956896 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:11.092581034 CET	3778	42408	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:12.152542114 CET	3778	42408	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:12.152704954 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.152704954 CET	42408	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.153549910 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.273111105 CET	3778	42410	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:12.273370981 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.274945974 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.394413948 CET	3778	42410	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:12.394673109 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:12.514570951 CET	3778	42410	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:13.571947098 CET	3778	42410	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:13.572473049 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.572473049 CET	42410	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.573846102 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.693948984 CET	3778	42412	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:13.694195032 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.696137905 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.815628052 CET	3778	42412	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:13.815891981 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:13.935731888 CET	3778	42412	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:14.991895914 CET	3778	42412	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:14.992075920 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:14.992120028 CET	42412	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:14.992923021 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:15.112561941 CET	3778	42414	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:15.112741947 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:15.114257097 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:15.234054089 CET	3778	42414	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:15.234214067 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:15.354119062 CET	3778	42414	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:16.413544893 CET	3778	42414	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:16.413656950 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.413685083 CET	42414	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.414336920 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.533853054 CET	3778	42416	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:16.534008026 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.534746885 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.654267073 CET	3778	42416	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:16.654568911 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:16.774734020 CET	3778	42416	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:17.832151890 CET	3778	42416	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:17.832310915 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:17.832458973 CET	42416	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:17.833343029 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:17.952951908 CET	3778	42418	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:17.953053951 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:17.954329967 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:18.074043036 CET	3778	42418	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:18.074227095 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:18.193819046 CET	3778	42418	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:19.254904032 CET	3778	42418	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:19.255151033 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.255301952 CET	42418	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.256022930 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.375535965 CET	3778	42420	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:19.375740051 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.376856089 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.496438980 CET	3778	42420	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:19.496666908 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:19.616209030 CET	3778	42420	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:20.675513983 CET	3778	42420	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:20.675688028 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:20.675853014 CET	42420	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:20.676613092 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:20.796206951 CET	3778	42422	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:20.796298981 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:20.797343969 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:20.916779995 CET	3778	42422	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:20.916878939 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:21.036581993 CET	3778	42422	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:22.102181911 CET	3778	42422	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:22.102320910 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.102507114 CET	42422	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.103177071 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.222688913 CET	3778	42424	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:22.222836971 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.224277973 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.343868017 CET	3778	42424	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:22.344063997 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:22.463654041 CET	3778	42424	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:23.522958994 CET	3778	42424	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:23.523262978 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.523263931 CET	42424	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.523947954 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.643534899 CET	3778	42426	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:23.643862963 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.644844055 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.764452934 CET	3778	42426	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:23.764735937 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:23.884430885 CET	3778	42426	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:24.943720102 CET	3778	42426	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:24.943917990 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:24.943952084 CET	42426	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:24.944495916 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:25.064127922 CET	3778	42428	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:25.064398050 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:25.065201044 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:25.184864044 CET	3778	42428	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:25.185105085 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:25.304824114 CET	3778	42428	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:25.928308010 CET	43928	443	192.168.2.23	91.189.91.42
Dec 25, 2024 11:31:26.363719940 CET	3778	42428	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:26.364043951 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.364114046 CET	42428	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.364829063 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.484497070 CET	3778	42430	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:26.484632015 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.485920906 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.605475903 CET	3778	42430	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:26.605739117 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:26.725291967 CET	3778	42430	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:27.783911943 CET	3778	42430	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:27.784235001 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:27.784372091 CET	42430	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:27.785150051 CET	42432	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:27.905069113 CET	3778	42432	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:27.905313015 CET	42432	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:27.906694889 CET	42432	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:28.026299953 CET	3778	42432	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:28.026602030 CET	42432	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:28.146723986 CET	3778	42432	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:36.048016071 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:36.168174982 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:36.472665071 CET	3778	42348	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:36.472776890 CET	42348	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:37.915509939 CET	42432	3778	192.168.2.23	154.216.20.216
Dec 25, 2024 11:31:38.035458088 CET	3778	42432	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:38.336432934 CET	3778	42432	154.216.20.216	192.168.2.23
Dec 25, 2024 11:31:38.336570024 CET	42432	3778	192.168.2.23	154.216.20.216

System Behavior

Analysis Process: Space.x86_64.elf PID: 6264, Parent PID: 6188

General

Start time (UTC):	10:30:23
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	/tmp/Space.x86_64.elf
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6265, Parent PID: 6264

General

Start time (UTC):	10:30:23
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6266, Parent PID: 6265

General

Start time (UTC):	10:30:23
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6267, Parent PID: 6265

General

Start time (UTC):	10:30:23
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6270, Parent PID: 6264

General

Start time (UTC):	10:30:28
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6271, Parent PID: 6264

General

Start time (UTC):	10:30:28
Start date (UTC):	25/12/2024
Path:	/tmp/Space.x86_64.elf
Arguments:	-
File size:	37540 bytes
MD5 hash:	2a970c08a36bf8f55635f35c36450c39

Chronological Activities

Analysis Process: dash PID: 6275, Parent PID: 4331

General

Start time (UTC):	10:30:36
Start date (UTC):	25/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6275, Parent PID: 4331

General

Start time (UTC):	10:30:36
Start date (UTC):	25/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6276, Parent PID: 4331

General

Start time (UTC):	10:30:36
Start date (UTC):	25/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6276, Parent PID: 4331

General

Start time (UTC):	10:30:36
Start date (UTC):	25/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.tFqBW9n4JQ /tmp/tmp.4cRzMqmGbF /tmp/tmp.nu7u3pCc3Y
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report Space.x86_64.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: Space.x86_64.elf PID: 6264, Parent PID: 6188

General

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6265, Parent PID: 6264

General

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6266, Parent PID: 6265

General

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6267, Parent PID: 6265

General

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6270, Parent PID: 6264

General

Chronological Activities

Analysis Process: Space.x86_64.elf PID: 6271, Parent PID: 6264

General

Chronological Activities

Analysis Process: dash PID: 6275, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6275, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6276, Parent PID: 4331

Linux Analysis Report
Space.x86_64.elf