Linux
Analysis Report
Space.sh4.elf
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654324 |
Start date and time: | 2025-04-02 09:37:44 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Space.sh4.elf |
Detection: | MAL |
Classification: | mal64.linELF@0/0@0/0 |
Command: | /tmp/Space.sh4.elf |
PID: | 5528 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- Space.sh4.elf New Fork (PID: 5530, Parent: 5528)
- Space.sh4.elf New Fork (PID: 5532, Parent: 5530)
- Space.sh4.elf New Fork (PID: 5534, Parent: 5530)
- Space.sh4.elf New Fork (PID: 5540, Parent: 5528)
- Space.sh4.elf New Fork (PID: 5542, Parent: 5528)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 3 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
63% | Virustotal | Browse | ||
64% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Avira | LINUX/Mirai.bonb |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.144.220 | unknown | Germany | 12975 | PALTEL-ASPALTELAutonomousSystemPS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.144.220 | Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
PALTEL-ASPALTELAutonomousSystemPS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.603221573851322 |
TrID: |
|
File name: | Space.sh4.elf |
File size: | 82'652 bytes |
MD5: | 0bc43e1fbb92d110aa49e2f6e00c5260 |
SHA1: | bcec5373f0fe5979046dbe4cfb270d73c3ae102c |
SHA256: | a42f68af1f0330f7fb69c6fea64feae2b7548667a1a95b62e827d7adc3e3fac9 |
SHA512: | d84458a5f50362ed4cd1b3f5c462ca52d44b8c2e9dfb428a49ddd9ffbbfa4233ad570f7bdef77f760a1075fb1ca1e65b235c371f03c36c619d713efe3bffa574 |
SSDEEP: | 1536:DWRU/uih+nyazXUcMnYVohwH5wX6SNmTdEyRqr:DR/F+nyazXenY66L5dRS |
TLSH: | A2839E61F0146CE5C8660674F0F8ED35471369F123A52CB26EEEE9A188F368DF44AF94 |
File Content Preview: | .ELF..............*.......@.4...LA......4. ...(...............@...@.L4..L4...............@...@B..@B.0...............Q.td..............................././"O.n......#.*@........#.*@L...&O.n.l..................................././.../.a"O.!...n...a.b("...q. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 82252 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x2e | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x4000e0 | 0xe0 | 0x10e60 | 0x0 | 0x6 | AX | 0 | 0 | 32 |
.fini | PROGBITS | 0x410f40 | 0x10f40 | 0x22 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x410f64 | 0x10f64 | 0x24e8 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x4240dc | 0x140dc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x4240e4 | 0x140e4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x4240f0 | 0x140f0 | 0x1c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x42410c | 0x1410c | 0xaec | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x1410c | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x1344c | 0x1344c | 6.7755 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x140dc | 0x4240dc | 0x4240dc | 0x30 | 0xb1c | 2.4711 | 0x6 | RW | 0x10000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 09:38:33.615668058 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:33.821177006 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:33.821238041 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:33.829215050 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:34.451585054 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:34.656433105 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:40.630580902 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:40.836882114 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:40.836965084 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:40.906138897 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:41.111310959 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:41.111377954 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:41.318708897 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:43.839720011 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:44.041755915 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:44.041786909 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:44.042002916 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:50.916642904 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:51.118341923 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:51.118403912 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:51.118803024 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:38:59.400835991 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:38:59.401109934 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:06.569751024 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:06.570035934 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:14.604984999 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:14.605145931 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:21.776839972 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:21.777036905 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:29.811558008 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:29.811691999 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:36.984416008 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:36.984698057 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:44.101696014 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:44.306579113 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:44.306768894 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:51.176548958 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:51.376840115 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:51.377192020 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:39:59.564315081 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:39:59.564491987 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:06.733294010 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:06.733825922 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:14.765433073 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:14.765640020 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:21.937287092 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:21.937529087 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:29.970649958 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:29.970824003 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:37.196491957 CEST | 3778 | 40440 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:37.196697950 CEST | 40440 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:44.366333008 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
Apr 2, 2025 09:40:44.568077087 CEST | 3778 | 40438 | 176.65.144.220 | 192.168.2.15 |
Apr 2, 2025 09:40:44.568450928 CEST | 40438 | 3778 | 192.168.2.15 | 176.65.144.220 |
System Behavior
Start time (UTC): | 07:38:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | /tmp/Space.sh4.elf |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 07:38:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 07:38:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 07:38:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 07:38:39 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |
Start time (UTC): | 07:38:39 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.sh4.elf |
Arguments: | - |
File size: | 4139976 bytes |
MD5 hash: | 8943e5f8f8c280467b4472c15ae93ba9 |