IOC Report
boatnet.arm6.elf

Processes

Path

Cmdline

Malicious

/tmp/boatnet.arm6.elf

/tmp/boatnet.arm6.elf

URLs

Name

IP

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/boatnet.arm6.elf
Source:	boatnet.arm6.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

IP

Malicious

daisy.ubuntu.com

162.213.35.24

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3bb0027000

page execute read

564f9a2e0000

page read and write

7f3caffff000

page read and write

564f982cb000

page read and write

7fffbaf8e000

page execute read

7f3cb7f29000

page read and write

7f3cb7bdb000

page read and write

7f3bb0032000

page read and write

564f9a2c9000

page execute and read and write

7f3cb7559000

page read and write

7f3cb829c000

page read and write

7f3cb7d47000

page read and write

7fffbaefe000

page read and write

7f3cb6d51000

page read and write

7f3cb810a000

page read and write

564f9b227000

page read and write

7f3cb8257000

page read and write

7f3cb0021000

page read and write

7f3cb794d000

page read and write

7f3cb8233000

page read and write

7f3cb75eb000

page read and write

564f98071000

page execute read

564f982c2000

page read and write

7f3cb7bb8000

page read and write

There are 14 hidden memdumps, click here to show them.