Linux
Analysis Report
Space.ppc.elf
Overview
General Information
Sample name: | Space.ppc.elf |
Analysis ID: | 1654325 |
MD5: | 7541675428a9227df2ccfd9fa7ab6adb |
SHA1: | d8b479427514125111c9234cbc27b39b8a10dfae |
SHA256: | cb0b24de774da3a65f2619a962c3a80f568610cf2ab2b75dd91dafd69715f0ee |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 68 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654325 |
Start date and time: | 2025-04-02 09:42:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | Space.ppc.elf |
Detection: | MAL |
Classification: | mal68.evad.linELF@0/0@0/0 |
Command: | /tmp/Space.ppc.elf |
PID: | 6275 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- Space.ppc.elf New Fork (PID: 6277, Parent: 6275)
- Space.ppc.elf New Fork (PID: 6279, Parent: 6277)
- Space.ppc.elf New Fork (PID: 6281, Parent: 6277)
- Space.ppc.elf New Fork (PID: 6290, Parent: 6275)
- Space.ppc.elf New Fork (PID: 6292, Parent: 6275)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 3 entries |
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Program segment: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 Obfuscated Files or Information | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
53% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Agent.F.118 |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.65.144.220 | unknown | Germany | 12975 | PALTEL-ASPALTELAutonomousSystemPS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
176.65.144.220 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
PALTEL-ASPALTELAutonomousSystemPS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
INIT7CH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 7.961159127816327 |
TrID: |
|
File name: | Space.ppc.elf |
File size: | 40'324 bytes |
MD5: | 7541675428a9227df2ccfd9fa7ab6adb |
SHA1: | d8b479427514125111c9234cbc27b39b8a10dfae |
SHA256: | cb0b24de774da3a65f2619a962c3a80f568610cf2ab2b75dd91dafd69715f0ee |
SHA512: | 15b7b9405cfdba22ffe12b93d682d3bde717f076e8afefc78bc43f65d5da27b753490f4ed06a5cd6669a7f26ac0ee23e45162453e323731a4068bc8b31cb3c4c |
SSDEEP: | 768:y1qQ4JXTPxcCj3do/vTKRVDkO1HmQcvbG+TqarjEP8o8j4uVcqgw09O:4qQbCj3do/+fDrJ1cyUqOgkZ4u+qgw0U |
TLSH: | 5203E15BCC496ED6E9FFD9115708CAE2F7E01B9D6BA24CAE1856CB07331F868630C950 |
File Content Preview: | .ELF...........................4.........4. ...(.......................x...x..............k...k...k.................dt.Q................................UPX!..........b...b........V.......?.E.h4...@b........=.a....`..Y...j{.c.HL}.....H..z.q.H.....8ea...... |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x9c78 | 0x9c78 | 7.9632 | 0x5 | R E | 0x10000 | ||
LOAD | 0x6b90 | 0x10026b90 | 0x10026b90 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 | ||
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 37
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 09:43:31.832436085 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 2, 2025 09:43:33.168286085 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:33.371875048 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:33.372203112 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:33.378586054 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:33.582840919 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:33.582973003 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:33.784181118 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:37.463747025 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 2, 2025 09:43:38.231475115 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 2, 2025 09:43:39.379911900 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:39.581125975 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:39.581212997 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:39.584990978 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:39.787565947 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:39.787677050 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:39.988461971 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:43.387577057 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:43.594017982 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:43.612663984 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:43.613007069 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:49.594275951 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:49.796171904 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:49.805068016 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:49.805274963 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:43:51.797708035 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 2, 2025 09:43:58.924634933 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:43:58.924751997 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:04.084155083 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Apr 2, 2025 09:44:05.066262960 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:05.066404104 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:08.179537058 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Apr 2, 2025 09:44:14.131481886 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:14.131593943 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:20.270679951 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:20.271187067 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:29.388139009 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:29.388293028 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:32.752361059 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Apr 2, 2025 09:44:35.477798939 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:35.478065014 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:43.656873941 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:43.861571074 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:43.861771107 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:49.854434013 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:50.060245991 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:50.060446978 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:44:59.098506927 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:44:59.098946095 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:05.483352900 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:05.483625889 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:14.302829027 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:14.302959919 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:20.689532042 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:20.689723015 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:29.551652908 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:29.552031040 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:35.894624949 CEST | 3778 | 45214 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:35.894802094 CEST | 45214 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:43.904958010 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
Apr 2, 2025 09:45:44.146564007 CEST | 3778 | 45212 | 176.65.144.220 | 192.168.2.23 |
Apr 2, 2025 09:45:44.146718979 CEST | 45212 | 3778 | 192.168.2.23 | 176.65.144.220 |
System Behavior
Start time (UTC): | 07:43:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | /tmp/Space.ppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:43:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:43:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:43:32 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:43:38 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 07:43:38 |
Start date (UTC): | 02/04/2025 |
Path: | /tmp/Space.ppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |