Edit tour

Linux Analysis Report
Space.i686.elf

Overview

General Information

Sample name:Space.i686.elf
Analysis ID:1644263
MD5:e72f5066bd7287c697c4bc4704d8d15c
SHA1:e543928619479caf24cf9e465f9e843b28e398ea
SHA256:4936147e7c4c064b1717d583773be92cfb177c31118cbbe23cdb2246c33eb0de
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1644263
Start date and time:2025-03-20 13:55:53 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 19s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.i686.elf
Detection:MAL
Classification:mal60.evad.linELF@0/0@0/0
Command:/tmp/Space.i686.elf
PID:5525
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • cleanup
SourceRuleDescriptionAuthorStrings
5538.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5538.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5538.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5525.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5525.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
Click to see the 11 entries
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Space.i686.elfVirustotal: Detection: 46%Perma Link
Source: Space.i686.elfReversingLabs: Detection: 47%
Source: global trafficTCP traffic: 192.168.2.15:59972 -> 209.97.147.158:3778
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: unknownTCP traffic detected without corresponding DNS query: 209.97.147.158
Source: Space.i686.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5525, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5538.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5525.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5526.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5527.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: Space.i686.elf PID: 5525, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5526, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5527, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5538, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/110/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/231/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/111/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/112/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/233/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/113/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/114/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/235/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/115/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1333/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/116/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1695/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/117/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/118/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/119/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/911/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/914/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/10/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/917/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/11/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/12/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/13/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/14/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/15/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/16/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/17/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/18/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/19/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1591/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/120/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/121/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/122/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/243/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/2/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/123/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/124/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1588/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/125/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/4/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/246/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/126/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/5/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/127/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/6/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1585/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/128/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/7/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/129/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/8/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/800/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/9/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/802/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3885/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/803/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/804/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/20/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/21/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3407/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/22/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/23/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/24/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/25/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/26/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/27/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/28/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/29/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1484/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/490/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/250/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/130/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/251/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/131/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/132/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/133/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1479/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/378/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/258/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/259/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/931/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1595/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/812/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/933/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/30/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3419/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/35/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3310/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/260/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/261/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/262/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/142/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/263/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/264/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/265/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/145/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/266/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/267/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/268/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3303/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/269/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1486/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/1806/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/3440/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5525)File opened: /proc/270/statusJump to behavior
Source: Space.i686.elfSubmission file: segment LOAD with 7.9624 entropy (max. 8.0)
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information
1
OS Credential Dumping
System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1644263 Sample: Space.i686.elf Startdate: 20/03/2025 Architecture: LINUX Score: 60 20 209.97.147.158, 3778 DIGITALOCEAN-ASNUS United States 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Sample is packed with UPX 2->26 8 Space.i686.elf 2->8         started        signatures3 process4 process5 10 Space.i686.elf 8->10         started        12 Space.i686.elf 8->12         started        14 Space.i686.elf 8->14         started        process6 16 Space.i686.elf 10->16         started        18 Space.i686.elf 10->18         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Space.i686.elf46%VirustotalBrowse
Space.i686.elf47%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSpace.i686.elffalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    209.97.147.158
    unknownUnited States
    14061DIGITALOCEAN-ASNUSfalse
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    209.97.147.158Space.x86_64.elfGet hashmaliciousUnknownBrowse
      Space.sh4.elfGet hashmaliciousUnknownBrowse
        Space.m68k.elfGet hashmaliciousMiraiBrowse
          Space.x86.elfGet hashmaliciousUnknownBrowse
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            DIGITALOCEAN-ASNUSSpace.x86_64.elfGet hashmaliciousUnknownBrowse
            • 209.97.147.158
            Space.sh4.elfGet hashmaliciousUnknownBrowse
            • 209.97.147.158
            Space.m68k.elfGet hashmaliciousMiraiBrowse
            • 209.97.147.158
            Space.x86.elfGet hashmaliciousUnknownBrowse
            • 209.97.147.158
            https://bjpgckrr.ciaxalimited.com/T/?ur=lpOIUYFTDCVBKNLMJIHUGyfbnpohiguyftcgvhBNLKPOIHUGYFCGvhbjknkpojhiugyfvhjbKNLM;KPJOHIGUFYCGOYFTGUHIJDOKFLMEKNJBHYG478U9I3OKFJKNGHGRYUH3OKPEFI09U8Y7GVHBJFNKLG4KPI0U9Y87GYFGUHI4GJONK4YBJEVGUHIOJNK4BJEVUGHIJOY8T7F6DTXCGHVJBKNOJGet hashmaliciousUnknownBrowse
            • 165.22.210.101
            http://fliqlo.appGet hashmaliciousUnknownBrowse
            • 161.35.127.181
            task1.exeGet hashmaliciousEmotetBrowse
            • 134.209.36.254
            task1.exeGet hashmaliciousEmotetBrowse
            • 134.209.36.254
            PvOhS0dkw2.exeGet hashmaliciousRusty StealerBrowse
            • 157.230.108.102
            lmdDQiS9l7.exeGet hashmaliciousRusty StealerBrowse
            • 157.230.108.102
            No context
            No context
            No created / dropped files found
            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
            Entropy (8bit):7.960491912396845
            TrID:
            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
            File name:Space.i686.elf
            File size:38'296 bytes
            MD5:e72f5066bd7287c697c4bc4704d8d15c
            SHA1:e543928619479caf24cf9e465f9e843b28e398ea
            SHA256:4936147e7c4c064b1717d583773be92cfb177c31118cbbe23cdb2246c33eb0de
            SHA512:48cca2169872dafedd39558b225d873fc90d21b0d8712e027dbc8fff964fff084f780471382a72744040c3938179f10277b817ecdae6762e08200496234a1013
            SSDEEP:768:YwtA4ekdvZwsddqRLrcb7Gwy1D4rojKtXtGmnbcuyD7UHQRjC:YwtAAdBwsrdb7GwMDwoMznouy8Hym
            TLSH:EA03E141D069EACCE0ED12F5CA9B520E7A01F62D12B0C8EF8DC5797EAB427D06E541C5
            File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.|.>#.....{~w.y.l...H..@.UO.dA....X...

            ELF header

            Class:ELF32
            Data:2's complement, little endian
            Version:1 (current)
            Machine:Intel 80386
            Version Number:0x1
            Type:EXEC (Executable file)
            OS/ABI:UNIX - Linux
            ABI Version:0
            Entry Point Address:0xc092a8
            Flags:0x0
            ELF Header Size:52
            Program Header Offset:52
            Program Header Size:32
            Number of Program Headers:3
            Section Header Offset:0
            Section Header Size:40
            Number of Section Headers:0
            Header String Table Index:0
            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
            LOAD0x00xc010000xc010000x949c0x949c7.96240x5R E0x1000
            LOAD0xc080x805cc080x805cc080x00x00.00000x6RW 0x1000
            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

            Download Network PCAP: filteredfull

            TimestampSource PortDest PortSource IPDest IP
            Mar 20, 2025 13:56:32.685740948 CET599723778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:33.710398912 CET599723778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:35.726326942 CET599723778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:38.764039993 CET599743778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:39.790132999 CET599743778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:39.853974104 CET599723778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:41.805865049 CET599743778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:43.692002058 CET599763778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:44.717782021 CET599763778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:45.997796059 CET599743778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:46.734013081 CET599763778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:49.775988102 CET599783778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:50.797278881 CET599783778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:50.861253023 CET599763778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:52.813184977 CET599783778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:54.704524994 CET599803778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:55.724936962 CET599803778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:57.004806995 CET599783778192.168.2.15209.97.147.158
            Mar 20, 2025 13:56:57.740696907 CET599803778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:00.790021896 CET599823778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:01.804578066 CET599823778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:01.868628025 CET599803778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:03.820339918 CET599823778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:05.716525078 CET599843778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:06.732357979 CET599843778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:08.012058020 CET599823778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:08.748069048 CET599843778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:11.800925016 CET599863778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:12.811692953 CET599863778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:12.875591993 CET599843778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:14.827517033 CET599863778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:16.719818115 CET599883778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:17.739280939 CET599883778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:19.019150972 CET599863778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:19.755202055 CET599883778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:22.813322067 CET599903778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:23.818808079 CET599903778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:23.882819891 CET599883778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:25.834620953 CET599903778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:27.728013039 CET599923778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:28.746562958 CET599923778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:30.026313066 CET599903778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:30.762367964 CET599923778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:33.824992895 CET599943778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:34.826056957 CET599943778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:34.889890909 CET599923778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:36.842010975 CET599943778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:38.740092039 CET599963778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:39.753685951 CET599963778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:41.033466101 CET599943778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:41.769411087 CET599963778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:44.836698055 CET599983778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:45.865269899 CET599983778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:45.897171021 CET599963778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:47.881144047 CET599983778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:49.752543926 CET600003778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:50.760899067 CET600003778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:52.040716887 CET599983778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:52.776647091 CET600003778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:55.845930099 CET600023778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:56.872405052 CET600023778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:56.904324055 CET600003778192.168.2.15209.97.147.158
            Mar 20, 2025 13:57:58.888395071 CET600023778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:00.764976978 CET600043778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:01.768183947 CET600043778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:03.048013926 CET600023778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:03.784105062 CET600043778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:06.852909088 CET600063778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:07.879565954 CET600063778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:07.911576033 CET600043778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:09.895545006 CET600063778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:11.774247885 CET600083778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:12.775229931 CET600083778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:14.055344105 CET600063778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:14.791137934 CET600083778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:17.865181923 CET600103778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:18.886781931 CET600103778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:18.918853045 CET600083778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:20.902839899 CET600103778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:22.789118052 CET600123778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:23.814627886 CET600123778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:25.062572956 CET600103778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:25.830449104 CET600123778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:28.879204988 CET600143778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:29.894207954 CET600143778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:29.926058054 CET600123778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:31.909893990 CET600143778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:33.804125071 CET600163778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:34.821736097 CET600163778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:36.069711924 CET600143778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:36.837688923 CET600163778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:39.894701004 CET600183778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:40.901376963 CET600183778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:40.933203936 CET600163778192.168.2.15209.97.147.158
            Mar 20, 2025 13:58:42.917329073 CET600183778192.168.2.15209.97.147.158

            System Behavior

            Start time (UTC):12:56:31
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:/tmp/Space.i686.elf
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c

            Start time (UTC):12:56:31
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:-
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c

            Start time (UTC):12:56:31
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:-
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c

            Start time (UTC):12:56:31
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:-
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c

            Start time (UTC):12:56:37
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:-
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c

            Start time (UTC):12:56:37
            Start date (UTC):20/03/2025
            Path:/tmp/Space.i686.elf
            Arguments:-
            File size:38296 bytes
            MD5 hash:e72f5066bd7287c697c4bc4704d8d15c