Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/boatnet.mips.elf

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/sbin/xfpm-power-backlight-helper

/usr/sbin/xfpm-power-backlight-helper --get-max-brightness

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

/usr/bin/dbus-daemon

/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

/usr/lib/systemd/systemd

/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd

There are 12 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/boatnet.mips.elf
Source:	boatnet.mips.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

37.221.93.101

unknown

Germany

Details

IP:	37.221.93.101
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	395800
ASN name:	GBTCLOUDUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fba18411000

page execute read

7fba18411000

page execute read

7fba18411000

page execute read

7fba9dc86000

page read and write

7fba18453000

page read and write

7fba9e9ad000

page read and write

7fba9dc86000

page read and write

7ffd6e3de000

page read and write

7fba9e960000

page read and write

55a690eae000

page read and write

7fba9e960000

page read and write

7fba9e308000

page read and write

55a690eb8000

page read and write

55a692eb6000

page execute and read and write

7fba9e960000

page read and write

7fba9e837000

page read and write

55a690c26000

page execute read

7fba9e2e5000

page read and write

7fba9e308000

page read and write

7fba9df44000

page read and write

7fba9e968000

page read and write

7fba9e2e5000

page read and write

7ffd6e3de000

page read and write

7fba9dc94000

page read and write

7fba9e9ad000

page read and write

7fba9e968000

page read and write

7fba18140000

page execute and read and write

7fba9df44000

page read and write

55a692ecd000

page read and write

7fba9e656000

page read and write

55a692ecd000

page read and write

7ffd6e3f2000

page execute read

55a690c26000

page execute read

7fba98000000

page read and write

7fba9e968000

page read and write

7fba18453000

page read and write

7fba9e656000

page read and write

7fba9e325000

page read and write

7fba9d47e000

page read and write

7ffd6e3f2000

page execute read

55a692eb6000

page execute and read and write

55a692eb6000

page execute and read and write

7fba98000000

page read and write

7fba9e837000

page read and write

7fba9e308000

page read and write

7fba98021000

page read and write

55a690c26000

page execute read

7fba98021000

page read and write

7fba18453000

page read and write

7fba9e9ad000

page read and write

7fba9dc86000

page read and write

55a692ecd000

page read and write

55a690eb8000

page read and write

7fba98000000

page read and write

7fba9e656000

page read and write

7fba9dc94000

page read and write

7fba9d47e000

page read and write

55a690eae000

page read and write

55a693f37000

page read and write

55a693f37000

page read and write

55a690eae000

page read and write

7fba98021000

page read and write

55a690eb8000

page read and write

7ffd6e3de000

page read and write

7fba9e325000

page read and write

7fba18140000

page execute and read and write

55a693f37000

page read and write

7fba9dc94000

page read and write

7fba9df44000

page read and write

7fba9d47e000

page read and write

7fba9e2e5000

page read and write

7fba9e325000

page read and write

7fba9e837000

page read and write

7fba18140000

page execute and read and write

7ffd6e3f2000

page execute read

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
boatnet.mips.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportboatnet.mips.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
boatnet.mips.elf