Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Space.i686.elf

Overview

General Information

Sample name:Space.i686.elf
Analysis ID:1584521
MD5:155c3ae1aed488dbf84e5dc5e34ab8c8
SHA1:8916596fef1b5e0e2614b85ca14df09fd8dc7f71
SHA256:aa9bcc7a7a8489f00e363fc9ad158dc074acb4793fd92b3d900bc14bf1c7279d
Tags:elfuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Machine Learning detection for sample
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1584521
Start date and time:2025-01-05 18:52:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.i686.elf
Detection:MAL
Classification:mal56.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/Space.i686.elf
PID:5413
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5425.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x119b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5425.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0xa07b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5425.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x885e:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5415.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x119b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x119f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5415.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0xa07b:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
Click to see the 11 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: Space.i686.elfJoe Sandbox ML: detected
Source: global trafficTCP traffic: 192.168.2.13:46076 -> 79.133.46.252:3778
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: unknownTCP traffic detected without corresponding DNS query: 79.133.46.252
Source: Space.i686.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5415, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5425.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5415.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5414.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5413.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: Space.i686.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5414, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5415, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5425, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal56.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/230/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/110/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/231/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/111/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/232/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/112/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/233/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/113/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/234/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/114/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/235/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/115/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/236/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/116/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/237/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/117/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/238/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/118/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/239/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/119/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/914/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/10/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/917/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/11/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/12/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/13/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/14/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/15/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/16/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3770/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/17/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/5399/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/18/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/19/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/240/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3095/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/120/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/241/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/121/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/242/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/122/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/243/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/2/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/123/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/244/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/124/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/245/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1588/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/125/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/4/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/246/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/126/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/5/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/247/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/127/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/6/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/248/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/128/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/7/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/249/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/129/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/8/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/800/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/9/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1906/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/802/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/803/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3644/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/20/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/21/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/22/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/23/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/24/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/25/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/26/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/27/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/28/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/29/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3420/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1482/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/490/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1480/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/250/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/371/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/130/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/251/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/131/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/252/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/132/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/253/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/254/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1238/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/134/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/255/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/256/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/257/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/378/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/3413/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/258/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/259/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/1475/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/936/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5413)File opened: /proc/30/statusJump to behavior
Source: Space.i686.elfSubmission file: segment LOAD with 7.9644 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584521 Sample: Space.i686.elf Startdate: 05/01/2025 Architecture: LINUX Score: 56 20 79.133.46.252, 3778, 46076, 46078 AT-FIRSTCOLOAustriaAT Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Machine Learning detection for sample 2->24 26 Sample is packed with UPX 2->26 8 Space.i686.elf 2->8         started        signatures3 process4 process5 10 Space.i686.elf 8->10         started        12 Space.i686.elf 8->12         started        14 Space.i686.elf 8->14         started        process6 16 Space.i686.elf 10->16         started        18 Space.i686.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Space.i686.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSpace.i686.elffalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    79.133.46.252
    		unknownGermany
    		203833AT-FIRSTCOLOAustriaATfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    79.133.46.252Space.mpsl.elfGet hashmaliciousUnknownBrowse
    • /hiddenbin/Space.mpsl
    Space.x86.elfGet hashmaliciousUnknownBrowse
    • /hiddenbin/Space.x86
    Space.mips.elfGet hashmaliciousUnknownBrowse
    • /hiddenbin/Space.mips
    Space.arm7.elfGet hashmaliciousUnknownBrowse
    • /hiddenbin/Space.arm7
    Space.arm6.elfGet hashmaliciousUnknownBrowse
    • /hiddenbin/Space.arm6

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    AT-FIRSTCOLOAustriaATSpace.spc.elfGet hashmaliciousMiraiBrowse
    • 79.133.46.252
    Space.arm7.elfGet hashmaliciousMiraiBrowse
    • 79.133.46.252
    Space.arm.elfGet hashmaliciousMiraiBrowse
    • 79.133.46.252
    Space.mips.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252
    Space.m68k.elfGet hashmaliciousMiraiBrowse
    • 79.133.46.252
    Space.ppc.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252
    Space.x86.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252
    Space.x86_64.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252
    Space.arm6.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252
    Space.sh4.elfGet hashmaliciousUnknownBrowse
    • 79.133.46.252

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
    Entropy (8bit):7.962413349466564
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
    • ELF Executable and Linkable format (generic) (4004/1) 49.84%
    File name:Space.i686.elf
    File size:38'588 bytes
    MD5:155c3ae1aed488dbf84e5dc5e34ab8c8
    SHA1:8916596fef1b5e0e2614b85ca14df09fd8dc7f71
    SHA256:aa9bcc7a7a8489f00e363fc9ad158dc074acb4793fd92b3d900bc14bf1c7279d
    SHA512:6f548f89b2f3b15530d516f6a847f9a7682be0a97bf24fc3ee1c87d040734bb7babfdea55a546d34550f431bf8cef507db5e55fef7f46e1ccc8f258307e36296
    SSDEEP:768:ydozK402NEhYk/cCcON5HERLriqra9HlSM3AFLY/7PJXCaCTRJJ6VmEbnbcuyD75:ydSKbhY1ONhIriqFQYS7CTRaVmonouyB
    TLSH:5603F173C47DC6A8D1EB02752CAE355F1C90A11D6010CCE798C1DA6A65FE6043B3C3AA
    File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.|.>#.....{~s.....9.({{......t..Y,....

    Static ELF Info

    ELF header

    Class:ELF32
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Intel 80386
    Version Number:0x1
    Type:EXEC (Executable file)
    OS/ABI:UNIX - Linux
    ABI Version:0
    Entry Point Address:0xc093d0
    Flags:0x0
    ELF Header Size:52
    Program Header Offset:52
    Program Header Size:32
    Number of Program Headers:3
    Section Header Offset:0
    Section Header Size:40
    Number of Section Headers:0
    Header String Table Index:0

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    LOAD0x00xc010000xc010000x95c40x95c47.96440x5R E0x1000
    LOAD0xc080x805cc080x805cc080x00x00.00000x6RW 0x1000
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jan 5, 2025 18:52:54.445426941 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:54.450206041 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:52:54.450256109 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:54.450459003 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:54.455251932 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:52:54.455281973 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:54.460102081 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:52:59.808573961 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:59.813404083 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:52:59.813524961 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:59.813554049 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:59.818329096 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:52:59.818403959 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:52:59.823190928 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:53:04.460499048 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:04.466382980 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:53:09.823582888 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:09.828608990 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:53:15.848495007 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:53:15.848630905 CET460763778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:15.853470087 CET37784607679.133.46.252192.168.2.13
    Jan 5, 2025 18:53:16.849816084 CET460803778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:16.854789972 CET37784608079.133.46.252192.168.2.13
    Jan 5, 2025 18:53:16.855051041 CET460803778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:16.855066061 CET460803778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:16.859875917 CET37784608079.133.46.252192.168.2.13
    Jan 5, 2025 18:53:16.859951973 CET460803778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:16.864691973 CET37784608079.133.46.252192.168.2.13
    Jan 5, 2025 18:53:21.173765898 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:53:21.174305916 CET460783778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:21.179172993 CET37784607879.133.46.252192.168.2.13
    Jan 5, 2025 18:53:22.176035881 CET460823778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:22.180999994 CET37784608279.133.46.252192.168.2.13
    Jan 5, 2025 18:53:22.181103945 CET460823778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:22.181189060 CET460823778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:22.185954094 CET37784608279.133.46.252192.168.2.13
    Jan 5, 2025 18:53:22.186014891 CET460823778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:22.190823078 CET37784608279.133.46.252192.168.2.13
    Jan 5, 2025 18:53:38.219914913 CET37784608079.133.46.252192.168.2.13
    Jan 5, 2025 18:53:38.220094919 CET460803778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:38.224905968 CET37784608079.133.46.252192.168.2.13
    Jan 5, 2025 18:53:39.221218109 CET460843778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:39.226104021 CET37784608479.133.46.252192.168.2.13
    Jan 5, 2025 18:53:39.226195097 CET460843778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:39.226208925 CET460843778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:39.231020927 CET37784608479.133.46.252192.168.2.13
    Jan 5, 2025 18:53:39.231090069 CET460843778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:39.235976934 CET37784608479.133.46.252192.168.2.13
    Jan 5, 2025 18:53:43.563903093 CET37784608279.133.46.252192.168.2.13
    Jan 5, 2025 18:53:43.564135075 CET460823778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:43.568981886 CET37784608279.133.46.252192.168.2.13
    Jan 5, 2025 18:53:44.565839052 CET460863778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:44.570713043 CET37784608679.133.46.252192.168.2.13
    Jan 5, 2025 18:53:44.570811033 CET460863778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:44.570894003 CET460863778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:44.577061892 CET37784608679.133.46.252192.168.2.13
    Jan 5, 2025 18:53:44.577117920 CET460863778192.168.2.1379.133.46.252
    Jan 5, 2025 18:53:44.583174944 CET37784608679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:00.595840931 CET37784608479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:00.596038103 CET460843778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:00.600856066 CET37784608479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:01.597472906 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:01.602304935 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:01.602361917 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:01.602385998 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:01.607131958 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:01.607181072 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:01.611990929 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:05.973489046 CET37784608679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:05.973620892 CET460863778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:05.978704929 CET37784608679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:06.974673986 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:06.980062962 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:06.980118036 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:06.980137110 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:06.985431910 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:06.985471964 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:06.990300894 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:11.612448931 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:11.617887020 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:16.990199089 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:16.995944977 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:22.983930111 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:22.984314919 CET460883778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:22.989275932 CET37784608879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:23.985872030 CET460923778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:23.990811110 CET37784609279.133.46.252192.168.2.13
    Jan 5, 2025 18:54:23.990869045 CET460923778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:23.990897894 CET460923778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:23.995629072 CET37784609279.133.46.252192.168.2.13
    Jan 5, 2025 18:54:23.995673895 CET460923778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:24.000421047 CET37784609279.133.46.252192.168.2.13
    Jan 5, 2025 18:54:28.348753929 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:28.349090099 CET460903778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:28.353943110 CET37784609079.133.46.252192.168.2.13
    Jan 5, 2025 18:54:29.350985050 CET460943778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:29.356036901 CET37784609479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:29.356112957 CET460943778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:29.356189013 CET460943778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:29.360924959 CET37784609479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:29.360987902 CET460943778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:29.365804911 CET37784609479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:45.380680084 CET37784609279.133.46.252192.168.2.13
    Jan 5, 2025 18:54:45.380759001 CET460923778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:45.385638952 CET37784609279.133.46.252192.168.2.13
    Jan 5, 2025 18:54:46.382030010 CET460963778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:46.387027025 CET37784609679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:46.387084007 CET460963778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:46.387110949 CET460963778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:46.391907930 CET37784609679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:46.391954899 CET460963778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:46.396760941 CET37784609679.133.46.252192.168.2.13
    Jan 5, 2025 18:54:50.720961094 CET37784609479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:50.721292973 CET460943778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:50.726094007 CET37784609479.133.46.252192.168.2.13
    Jan 5, 2025 18:54:51.722455978 CET460983778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:51.727360010 CET37784609879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:51.727423906 CET460983778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:51.727463007 CET460983778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:51.732249975 CET37784609879.133.46.252192.168.2.13
    Jan 5, 2025 18:54:51.732310057 CET460983778192.168.2.1379.133.46.252
    Jan 5, 2025 18:54:51.737121105 CET37784609879.133.46.252192.168.2.13

    System Behavior

    General

    Start time (UTC):17:52:53
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:/tmp/Space.i686.elf
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities


    General

    Start time (UTC):17:52:53
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:-
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities


    General

    Start time (UTC):17:52:53
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:-
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities


    General

    Start time (UTC):17:52:53
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:-
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities


    General

    Start time (UTC):17:52:59
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:-
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities


    General

    Start time (UTC):17:52:59
    Start date (UTC):05/01/2025
    Path:/tmp/Space.i686.elf
    Arguments:-
    File size:38588 bytes
    MD5 hash:155c3ae1aed488dbf84e5dc5e34ab8c8

    Chronological Activities