Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/boatnet.mips.elf

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/sbin/xfpm-power-backlight-helper

/usr/sbin/xfpm-power-backlight-helper --get-max-brightness

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

/usr/bin/xfce4-panel

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0

/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

/usr/bin/dbus-daemon

/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

/usr/lib/systemd/systemd

/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd

There are 12 hidden processes, click here to show them.

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/boatnet.mips.elf
Source:	boatnet.mips.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

unknown

IPs

Domain

Country

Malicious

5.253.247.166

unknown

Germany

Details

IP:	5.253.247.166
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	134094
ASN name:	SERVERFIELD-ASServerfieldCoLtdTW
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f09f8411000

page execute read

7f09f8411000

page execute read

7f09f8411000

page execute read

5644400ed000

page read and write

7f0a7dbe5000

page read and write

7f0a7cebe000

page read and write

7f0a78000000

page read and write

56443e396000

page read and write

56443e37f000

page execute and read and write

7f09f8453000

page read and write

7ffda95ae000

page read and write

7ffda9600000

page execute read

7f0a7c6b6000

page read and write

56443c0ef000

page execute read

7f0a7db98000

page read and write

56443c377000

page read and write

7f0a7db98000

page read and write

7f0a7cecc000

page read and write

7f0a7cebe000

page read and write

5644400ed000

page read and write

5644400ed000

page read and write

7ffda95ae000

page read and write

7f0a7da6f000

page read and write

56443e37f000

page execute and read and write

7f0a7d17c000

page read and write

7f0a7d88e000

page read and write

56443c381000

page read and write

7f0a7cebe000

page read and write

7f0a7d88e000

page read and write

56443e37f000

page execute and read and write

56443c381000

page read and write

7f0a7cecc000

page read and write

56443e396000

page read and write

56443c0ef000

page execute read

7f0a7d17c000

page read and write

56443c377000

page read and write

7f09f8140000

page execute and read and write

7f0a78021000

page read and write

7f0a7d51d000

page read and write

7f0a7d540000

page read and write

7f0a7da6f000

page read and write

7f0a7da6f000

page read and write

7f0a7d540000

page read and write

7f0a7dba0000

page read and write

7f0a7cecc000

page read and write

7f0a78000000

page read and write

7f0a7c6b6000

page read and write

7f0a7d51d000

page read and write

7f0a7c6b6000

page read and write

7f09f8140000

page execute and read and write

7f0a7d55d000

page read and write

7ffda95ae000

page read and write

56443e396000

page read and write

7f0a7db98000

page read and write

7f09f8453000

page read and write

7f09f8453000

page read and write

7f0a78021000

page read and write

7ffda9600000

page execute read

56443c0ef000

page execute read

7f0a7d55d000

page read and write

7f0a78021000

page read and write

7f0a7d51d000

page read and write

7f0a7d17c000

page read and write

7f09f8140000

page execute and read and write

7f0a7dbe5000

page read and write

7f0a7dba0000

page read and write

7f0a78000000

page read and write

56443c377000

page read and write

7f0a7dba0000

page read and write

7ffda9600000

page execute read

7f0a7dbe5000

page read and write

7f0a7d55d000

page read and write

7f0a7d88e000

page read and write

7f0a7d540000

page read and write

56443c381000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
boatnet.mips.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportboatnet.mips.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
boatnet.mips.elf