Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
Space.i686.elf

Overview

General Information

Sample name:Space.i686.elf
Analysis ID:1654326
MD5:cd52a99a15d9f1559658a7fecdf5ff68
SHA1:6603fab353529467b317ace09f802f4b1e921718
SHA256:97b111a33aa4150ddd023d7d76e642dcbc7d841b9a480781dd078aa86e092a1e
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1654326
Start date and time:2025-04-02 09:42:37 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 36s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.i686.elf
Detection:MAL
Classification:mal60.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/Space.i686.elf
PID:5436
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5438.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5438.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
5438.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_dab39a25unknownunknown
  • 0x84ae:$a: 0E 75 20 50 6A 00 6A 00 6A 00 53 6A 0E FF 74 24 48 68 DD 00
5448.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x115f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11608:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1161c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11630:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11644:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11658:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1166c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11680:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11694:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116d0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x116f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1170c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11720:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11734:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11748:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1175c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11770:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x11784:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5448.1.0000000008048000.000000000805c000.r-x.sdmpLinux_Trojan_Mirai_3a56423bunknownunknown
  • 0x9ccb:$a: 24 1C 8B 44 24 20 0F B6 D0 C1 E8 08 89 54 24 24 89 44 24 20 BA 01 00
Click to see the 11 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Space.i686.elfVirustotal: Detection: 46%Perma Link
Source: Space.i686.elfReversingLabs: Detection: 52%
Source: global trafficTCP traffic: 192.168.2.13:43926 -> 176.65.144.220:3778
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: Space.i686.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b Author: unknown
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.i686.elf PID: 5448, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5438.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5448.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5437.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_3a56423b os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 117d6eb47f000c9d475119ca0e6a1b49a91bbbece858758aaa3d7f30d0777d75, id = 3a56423b-c0cf-4483-87e3-552beb40563a, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_dab39a25 reference_sample = 3e02fb63803110cabde08e809cf4acc1b8fb474ace531959a311858fdd578bab, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 5a628d9af9d6dccf29e78f780bb74a2fa25167954c34d4a1529bdea5ea891ac0, id = dab39a25-852b-441f-86ab-23d945daa62c, last_modified = 2022-01-26
Source: Process Memory Space: Space.i686.elf PID: 5436, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.i686.elf PID: 5448, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/5384/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/230/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/110/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/231/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/111/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/232/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/112/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/233/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/113/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/234/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/114/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/235/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/115/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/236/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/116/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/237/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/117/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/238/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/118/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/239/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/119/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/3631/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/914/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/10/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/917/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/11/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/12/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/13/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/14/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/15/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/5276/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/16/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/17/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/18/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/19/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/240/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/3095/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/120/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/241/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/121/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/242/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/122/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/243/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/2/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/123/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/244/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/3/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/124/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/245/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1588/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/125/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/4/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/246/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/126/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/5/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/247/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/127/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/6/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/248/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/128/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/7/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/249/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/129/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/8/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/800/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/9/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1906/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/802/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/803/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/20/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/21/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/22/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/23/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/24/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/25/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/26/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/27/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/28/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/29/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/3420/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1482/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/490/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1480/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/250/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/371/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/130/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/251/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/131/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/252/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/132/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/253/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/254/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1238/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/134/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/255/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/256/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/257/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/378/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/3413/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/258/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/259/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/1475/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/936/statusJump to behavior
Source: /tmp/Space.i686.elf (PID: 5436)File opened: /proc/30/statusJump to behavior
Source: Space.i686.elfSubmission file: segment LOAD with 7.9627 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654326 Sample: Space.i686.elf Startdate: 02/04/2025 Architecture: LINUX Score: 60 20 176.65.144.220, 3778, 43926, 43928 PALTEL-ASPALTELAutonomousSystemPS Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Sample is packed with UPX 2->26 8 Space.i686.elf 2->8         started        signatures3 process4 process5 10 Space.i686.elf 8->10         started        12 Space.i686.elf 8->12         started        14 Space.i686.elf 8->14         started        process6 16 Space.i686.elf 10->16         started        18 Space.i686.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Space.i686.elf46%VirustotalBrowse
Space.i686.elf53%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSpace.i686.elffalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    176.65.144.220
    		unknownGermany
    		12975PALTEL-ASPALTELAutonomousSystemPSfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    176.65.144.220Space.mpsl.elfGet hashmaliciousUnknownBrowse
      Space.sh4.elfGet hashmaliciousUnknownBrowse
        Space.x86.elfGet hashmaliciousUnknownBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          PALTEL-ASPALTELAutonomousSystemPSSpace.mpsl.elfGet hashmaliciousUnknownBrowse
          • 176.65.144.220
          Space.sh4.elfGet hashmaliciousUnknownBrowse
          • 176.65.144.220
          Space.x86.elfGet hashmaliciousUnknownBrowse
          • 176.65.144.220
          FBI.mpsl.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.arm.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18
          FBI.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 176.65.144.18

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
          Entropy (8bit):7.960702280866136
          TrID:
          • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
          • ELF Executable and Linkable format (generic) (4004/1) 49.84%
          File name:Space.i686.elf
          File size:38'296 bytes
          MD5:cd52a99a15d9f1559658a7fecdf5ff68
          SHA1:6603fab353529467b317ace09f802f4b1e921718
          SHA256:97b111a33aa4150ddd023d7d76e642dcbc7d841b9a480781dd078aa86e092a1e
          SHA512:2c88ec9f59336bd38ac3664237b224cdc55a00bab59e553c996639394924e22c49d282c6489ff54261c206f1f94efc2940798cd4280b6f470d60c286dfd43b6e
          SSDEEP:768:YwtA4ekdvZwsddqRLrcb7Gwy1D4rojK5Os2MnbcuyD7UHQRjM:YwtAAdBwsrdb7GwMDwo4Os2Mnouy8Hy4
          TLSH:F603F192D069F68CE0DD13F5CA9B920E6A01F62C6260D8DF9DC9696F6B12BA05F041C4
          File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td.............................-[.UPX!.........B...B......W..........?..k.I/.j....\.W'"....)....4go.|.>#.....{~w.y.l...H..@.UO.dA....X...

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, little endian
          Version:1 (current)
          Machine:Intel 80386
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - Linux
          ABI Version:0
          Entry Point Address:0xc092a8
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:0
          Section Header Size:40
          Number of Section Headers:0
          Header String Table Index:0

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00xc010000xc010000x949c0x949c7.96270x5R E0x1000
          LOAD0xc080x805cc080x805cc080x00x00.00000x6RW 0x1000
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Download Network PCAP: filteredfull

          TimestampSource PortDest PortSource IPDest IP
          Apr 2, 2025 09:43:32.445481062 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:32.646910906 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:32.646986961 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:33.448007107 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:33.653563976 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:33.653721094 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:33.653762102 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:33.856699944 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:33.856816053 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:34.056885004 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:37.937777042 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:38.141974926 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:38.142139912 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:38.952042103 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:39.152625084 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:39.152755976 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:39.152857065 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:39.354548931 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:39.354675055 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:39.555593014 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:43.663943052 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:43.865535021 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:43.871239901 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:43.871366978 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:49.160223961 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:49.375261068 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:49.393496990 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:49.393635035 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:43:59.178989887 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:43:59.179120064 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:04.814029932 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:04.814157963 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:14.384521008 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:14.384707928 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:20.018973112 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:20.019154072 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:35.278625011 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:35.278736115 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:43.928265095 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:44.152930021 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:44.153063059 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:49.454976082 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:49.674854994 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:49.675021887 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:44:59.600975037 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:44:59.601116896 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:45:04.971126080 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:45:04.971318960 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:45:14.806232929 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:45:14.806446075 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:45:20.175379038 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:45:20.175587893 CEST439283778192.168.2.13176.65.144.220
          Apr 2, 2025 09:45:30.062587976 CEST377843926176.65.144.220192.168.2.13
          Apr 2, 2025 09:45:30.062843084 CEST439263778192.168.2.13176.65.144.220
          Apr 2, 2025 09:45:35.379777908 CEST377843928176.65.144.220192.168.2.13
          Apr 2, 2025 09:45:35.380013943 CEST439283778192.168.2.13176.65.144.220

          System Behavior

          General

          Start time (UTC):07:43:31
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:/tmp/Space.i686.elf
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68

          File Activities

          Process Activities


          General

          Start time (UTC):07:43:31
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:-
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68

          Process Activities


          General

          Start time (UTC):07:43:31
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:-
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68

          File Activities


          General

          Start time (UTC):07:43:31
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:-
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68

          General

          Start time (UTC):07:43:37
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:-
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68

          File Activities


          General

          Start time (UTC):07:43:37
          Start date (UTC):02/04/2025
          Path:/tmp/Space.i686.elf
          Arguments:-
          File size:38296 bytes
          MD5 hash:cd52a99a15d9f1559658a7fecdf5ff68