Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
Space.x86_64.elf

Overview

General Information

Sample name:Space.x86_64.elf
Analysis ID:1654330
MD5:12eb836409c3d9741faef9005fc0b873
SHA1:8edefdee84d1f47e59be862e946aff059daa43d7
SHA256:632dc78c0683529267c877fcbc6ee34d0743d5e61d3e4e1746b5000bce543905
Tags:elfuser-abuse_ch
Infos:

Detection

Score:60
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1654330
Start date and time:2025-04-02 09:47:35 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:Space.x86_64.elf
Detection:MAL
Classification:mal60.evad.linELF@0/0@0/0

Runtime Messages

Command:/tmp/Space.x86_64.elf
PID:5428
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5430.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5430.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Mirai_564b8edaunknownunknown
  • 0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5428.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5428.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Mirai_564b8edaunknownunknown
  • 0x49b2:$a: 83 FE 01 76 12 0F B7 07 83 EE 02 48 83 C7 02 48 01 C1 83 FE 01
5429.1.0000000000400000.0000000000413000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0xfeb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfecc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfee0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfef4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xff94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffa8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xffe4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0xfff8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x1000c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10020:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10034:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x10048:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 7 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Space.x86_64.elfVirustotal: Detection: 49%Perma Link
Source: Space.x86_64.elfReversingLabs: Detection: 50%
Source: global trafficTCP traffic: 192.168.2.13:43934 -> 176.65.144.220:3778
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: unknownTCP traffic detected without corresponding DNS query: 176.65.144.220
Source: Space.x86_64.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: 5430.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5430.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5428.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5428.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5429.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5429.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5434.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 5429, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: Space.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: LOAD without section mappingsProgram segment: 0x400000
Source: 5430.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5430.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5428.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5428.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5429.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.0000000000400000.0000000000413000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 5428, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 5429, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 5430, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: Space.x86_64.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: classification engineClassification label: mal60.evad.linELF@0/0@0/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/5267/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/230/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/110/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/231/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/111/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/232/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/112/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/233/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/113/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/234/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/114/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/235/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/115/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/236/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/116/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/237/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/117/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/238/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/118/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/239/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/119/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/914/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/10/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/917/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/11/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/12/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/13/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/14/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/15/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/16/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/17/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/18/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/19/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/240/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/3095/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/120/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/241/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/121/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/242/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/122/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/243/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/2/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/123/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/244/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/3/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/124/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/245/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1588/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/125/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/4/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/246/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/126/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/5/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/247/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/127/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/6/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/248/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/128/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/7/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/249/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/129/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/8/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/800/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/9/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1906/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/802/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/803/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/20/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/21/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/22/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/23/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/24/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/25/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/26/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/27/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/28/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/29/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/3420/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1482/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/490/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1480/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/250/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/371/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/130/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/251/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/131/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/252/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/132/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/253/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/254/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1238/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/134/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/255/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/256/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/257/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/378/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/3413/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/258/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/259/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/1475/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/936/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/30/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/816/statusJump to behavior
Source: /tmp/Space.x86_64.elf (PID: 5428)File opened: /proc/3779/statusJump to behavior
Source: Space.x86_64.elfSubmission file: segment LOAD with 7.9626 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		1
OS Credential Dumping		System Service DiscoveryRemote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network MediumAbuse Accessibility Features

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654330 Sample: Space.x86_64.elf Startdate: 02/04/2025 Architecture: LINUX Score: 60 20 176.65.144.220, 3778, 43934, 43936 PALTEL-ASPALTELAutonomousSystemPS Germany 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Sample is packed with UPX 2->26 8 Space.x86_64.elf 2->8         started        signatures3 process4 process5 10 Space.x86_64.elf 8->10         started        12 Space.x86_64.elf 8->12         started        14 Space.x86_64.elf 8->14         started        process6 16 Space.x86_64.elf 10->16         started        18 Space.x86_64.elf 10->18         started       

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Space.x86_64.elf49%VirustotalBrowse
Space.x86_64.elf50%ReversingLabsLinux.Backdoor.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netSpace.x86_64.elffalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    176.65.144.220
    		unknownGermany
    		12975PALTEL-ASPALTELAutonomousSystemPSfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    176.65.144.220Space.ppc.elfGet hashmaliciousUnknownBrowse
      Space.i686.elfGet hashmaliciousUnknownBrowse
        Space.mpsl.elfGet hashmaliciousUnknownBrowse
          Space.sh4.elfGet hashmaliciousUnknownBrowse
            Space.x86.elfGet hashmaliciousUnknownBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              PALTEL-ASPALTELAutonomousSystemPSSpace.ppc.elfGet hashmaliciousUnknownBrowse
              • 176.65.144.220
              Space.i686.elfGet hashmaliciousUnknownBrowse
              • 176.65.144.220
              Space.mpsl.elfGet hashmaliciousUnknownBrowse
              • 176.65.144.220
              Space.sh4.elfGet hashmaliciousUnknownBrowse
              • 176.65.144.220
              Space.x86.elfGet hashmaliciousUnknownBrowse
              • 176.65.144.220
              FBI.mpsl.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 176.65.144.18
              FBI.arm.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 176.65.144.18
              FBI.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 176.65.144.18
              FBI.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 176.65.144.18
              FBI.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 176.65.144.18

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
              Entropy (8bit):7.960583128680031
              TrID:
              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
              File name:Space.x86_64.elf
              File size:37'540 bytes
              MD5:12eb836409c3d9741faef9005fc0b873
              SHA1:8edefdee84d1f47e59be862e946aff059daa43d7
              SHA256:632dc78c0683529267c877fcbc6ee34d0743d5e61d3e4e1746b5000bce543905
              SHA512:94dd8b8025e4c74e95bb7665672ee24030142c8257b7628ccff024331235ee49aea8142157de71070926093d8a20a37832030809e047bbc03f2340b65e50e59a
              SSDEEP:768:G+4qtvWUAASje6lhaVG5CHb4diYjLMWf5CcWHdbL5fPr8jtwS0Wx0Q:19tvWrASje4wVGigJmFL578jtwKN
              TLSH:32F2E052C9ABE53CDA331E7500855A28CA33D0B094465B6E4BED62EF5E7A9183D0E790
              File Content Preview:.ELF..............>.....`.@.....@...................@.8...@.......................@.......@....................... ......................Ka......Ka.............................Q.td.....................................................I..UPX!D.......8:..8:.

              Static ELF Info

              ELF header

              Class:ELF64
              Data:2's complement, little endian
              Version:1 (current)
              Machine:Advanced Micro Devices X86-64
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x408060
              Flags:0x0
              ELF Header Size:64
              Program Header Offset:64
              Program Header Size:56
              Number of Program Headers:3
              Section Header Offset:0
              Section Header Size:64
              Number of Section Headers:0
              Header String Table Index:0

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x4000000x4000000x919c0x919c7.96260x5R E0x200000
              LOAD0xb000x614b000x614b000x00x00.00000x6RW 0x1000
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

              Network Behavior

              Download Network PCAP: filteredfull

              TimestampSource PortDest PortSource IPDest IP
              Apr 2, 2025 09:48:22.291421890 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:22.493853092 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:22.493913889 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:22.496278048 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:22.698319912 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:22.698590040 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:22.902405977 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:28.426004887 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:28.628138065 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:28.628268957 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:28.629148960 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:28.834248066 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:28.834402084 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:29.035262108 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:32.502393007 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:32.703716040 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:32.722794056 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:32.722987890 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:38.638907909 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:38.845644951 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:38.862874031 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:38.863126993 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:47.947309971 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:47.947745085 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:48:54.093353987 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:48:54.093545914 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:03.154453039 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:03.154762030 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:09.301868916 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:09.302625895 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:18.361187935 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:18.361310005 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:24.556126118 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:24.556413889 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:32.778589010 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:33.007843971 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:33.007997990 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:38.921998024 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:39.163125992 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:39.163477898 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:48.365740061 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:48.365856886 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:49:54.509990931 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:49:54.510158062 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:03.578402996 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:50:03.578799963 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:09.713155985 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:50:09.713457108 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:18.831960917 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:50:18.832094908 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:24.921927929 CEST377843936176.65.144.220192.168.2.13
              Apr 2, 2025 09:50:24.922111988 CEST439363778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:33.057881117 CEST439343778192.168.2.13176.65.144.220
              Apr 2, 2025 09:50:33.293015957 CEST377843934176.65.144.220192.168.2.13
              Apr 2, 2025 09:50:33.293265104 CEST439343778192.168.2.13176.65.144.220

              System Behavior

              General

              Start time (UTC):07:48:21
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:/tmp/Space.x86_64.elf
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              File Activities

              Process Activities

              Network Activities


              General

              Start time (UTC):07:48:21
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:-
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              Process Activities


              General

              Start time (UTC):07:48:21
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:-
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              File Activities


              General

              Start time (UTC):07:48:21
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:-
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              Network Activities


              General

              Start time (UTC):07:48:27
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:-
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              File Activities


              General

              Start time (UTC):07:48:27
              Start date (UTC):02/04/2025
              Path:/tmp/Space.x86_64.elf
              Arguments:-
              File size:37540 bytes
              MD5 hash:12eb836409c3d9741faef9005fc0b873

              Network Activities