Linux
Analysis Report
Space.arm7.elf
Overview
General Information
Detection
Mirai
Score: | 68 |
Range: | 0 - 100 |
Signatures
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1644274 |
Start date and time: | 2025-03-20 13:59:49 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Space.arm7.elf |
Detection: | MAL |
Classification: | mal68.troj.evad.linELF@0/0@0/0 |
Command: | /tmp/Space.arm7.elf |
PID: | 5523 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- Space.arm7.elf New Fork (PID: 5526, Parent: 5523)
- Space.arm7.elf New Fork (PID: 5528, Parent: 5526)
- Space.arm7.elf New Fork (PID: 5530, Parent: 5526)
- Space.arm7.elf New Fork (PID: 5543, Parent: 5523)
- Space.arm7.elf New Fork (PID: 5545, Parent: 5523)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Click to see the 11 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Program segment: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
42% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
209.97.147.158 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
209.97.147.158 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.984230096757256 |
TrID: |
|
File name: | Space.arm7.elf |
File size: | 61'844 bytes |
MD5: | 0a9f354193944c4761e8f672e7a2a531 |
SHA1: | 158ffefc5fbbc81b20317fa86366a6070696d48c |
SHA256: | ac8344b4e42c466581618e96d7533bb37cced16ded02351ff7886f2c16548d20 |
SHA512: | b78c52d59d1efa295c830846653e221136f0f67d5248cdfc09b0309ebba8c9a2f85e1ef36707a83727f631c96285fef981ab4025ae7c5079264d3e137fdd9622 |
SSDEEP: | 1536:zVQSmwtMJXmejtJvxLTM5Tfv83KJ2crl2EWq:zVywt8XZXxLgTX83KHl2EWq |
TLSH: | B35302D26440D1E7D79D03BF65A4E843FB6517BC79DA30AB266E825CA093C0878D7BC2 |
File Content Preview: | .ELF..............(.........4...........4. ...(.....................m...m................6...6...6..................Q.td...............................OUPX!.........n...n......j..........?.E.h;....#..$...o....P.G.o.....X.*.V......f..T.qh...4.8........8.|i |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xae6d | 0xae6d | 7.9737 | 0x5 | R E | 0x8000 | ||
LOAD | 0x36c8 | 0x236c8 | 0x236c8 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x8000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 20, 2025 14:00:31.347986937 CET | 59972 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:32.364324093 CET | 59972 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:34.379281044 CET | 59972 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:37.274981022 CET | 59974 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:38.282985926 CET | 59974 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:38.634958029 CET | 59972 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:40.298926115 CET | 59974 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:42.370338917 CET | 59976 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:43.370841980 CET | 59976 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:44.523092031 CET | 59974 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:45.386905909 CET | 59976 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:48.334507942 CET | 59978 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:49.354922056 CET | 59978 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:49.642677069 CET | 59976 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:51.372422934 CET | 59978 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:53.385127068 CET | 59980 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:54.410512924 CET | 59980 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:55.530461073 CET | 59978 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:56.426553011 CET | 59980 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:00:59.348871946 CET | 59982 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:00.362350941 CET | 59982 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:00.650466919 CET | 59980 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:02.378282070 CET | 59982 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:04.398797035 CET | 59984 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:05.418335915 CET | 59984 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:06.538285971 CET | 59982 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:07.434187889 CET | 59984 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:10.363411903 CET | 59986 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:11.370006084 CET | 59986 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:11.658104897 CET | 59984 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:13.385920048 CET | 59986 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:15.412020922 CET | 59988 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:16.425831079 CET | 59988 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:17.545778036 CET | 59986 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:18.441765070 CET | 59988 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:21.377753019 CET | 59990 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:22.409662008 CET | 59990 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:22.665827036 CET | 59988 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:24.425584078 CET | 59990 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:26.425324917 CET | 59992 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:27.433516026 CET | 59992 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:28.553540945 CET | 59990 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:29.449620962 CET | 59992 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:32.391308069 CET | 59994 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:33.417325020 CET | 59994 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:33.673305035 CET | 59992 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:35.433430910 CET | 59994 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:37.439460039 CET | 59996 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:38.441200972 CET | 59996 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:39.561203957 CET | 59994 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:40.457379103 CET | 59996 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:43.405891895 CET | 59998 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:44.424962044 CET | 59998 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:44.681062937 CET | 59996 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:46.440905094 CET | 59998 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:48.453131914 CET | 60000 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:49.480986118 CET | 60000 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:50.568780899 CET | 59998 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:51.496860981 CET | 60000 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:54.418940067 CET | 60002 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:55.432641029 CET | 60002 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:55.688764095 CET | 60000 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:57.448571920 CET | 60002 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:01:59.461241007 CET | 60004 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:00.488586903 CET | 60004 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:01.576441050 CET | 60002 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:02.504515886 CET | 60004 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:05.426640034 CET | 60006 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:06.440319061 CET | 60006 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:06.696369886 CET | 60004 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:08.456343889 CET | 60006 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:10.480777979 CET | 60008 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:11.496321917 CET | 60008 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:12.584120035 CET | 60006 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:13.512198925 CET | 60008 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:16.440148115 CET | 60010 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:17.447947025 CET | 60010 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:17.704329967 CET | 60008 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:19.464037895 CET | 60010 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:21.494235992 CET | 60012 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:22.503848076 CET | 60012 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:23.591763020 CET | 60010 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:24.519705057 CET | 60012 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:27.453383923 CET | 60014 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:28.455612898 CET | 60014 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:28.711622953 CET | 60012 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:30.471709013 CET | 60014 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:32.505451918 CET | 60016 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:33.511601925 CET | 60016 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:34.599481106 CET | 60014 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:35.527376890 CET | 60016 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:38.466669083 CET | 60018 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:39.495302916 CET | 60018 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:39.719252110 CET | 60016 | 3778 | 192.168.2.15 | 209.97.147.158 |
Mar 20, 2025 14:02:41.511167049 CET | 60018 | 3778 | 192.168.2.15 | 209.97.147.158 |
System Behavior
Start time (UTC): | 13:00:30 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | /tmp/Space.arm7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 13:00:30 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 13:00:30 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 13:00:30 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 13:00:36 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 13:00:36 |
Start date (UTC): | 20/03/2025 |
Path: | /tmp/Space.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |