Linux
Analysis Report
boatnet.m68k.elf
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1587014 |
Start date and time: | 2025-01-09 21:17:14 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | boatnet.m68k.elf |
Detection: | MAL |
Classification: | mal76.spre.troj.linELF@0/1@2/0 |
- VT rate limit hit for: boatnet.m68k.elf
Command: | /tmp/boatnet.m68k.elf |
PID: | 5528 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- boatnet.m68k.elf New Fork (PID: 5530, Parent: 5528)
- boatnet.m68k.elf New Fork (PID: 5531, Parent: 5528)
- boatnet.m68k.elf New Fork (PID: 5534, Parent: 5528)
- xfce4-panel New Fork (PID: 5540, Parent: 3235)
- xfce4-panel New Fork (PID: 5541, Parent: 3235)
- xfce4-panel New Fork (PID: 5542, Parent: 3235)
- xfce4-panel New Fork (PID: 5543, Parent: 3235)
- wrapper-2.0 New Fork (PID: 5560, Parent: 5543)
- xfce4-panel New Fork (PID: 5544, Parent: 3235)
- xfce4-panel New Fork (PID: 5545, Parent: 3235)
- dbus-daemon New Fork (PID: 5562, Parent: 5561)
- systemd New Fork (PID: 5571, Parent: 3044)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 7 entries |
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | .symtab present: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Gafgyt.D |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.24 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.95.169.133 | unknown | Croatia (LOCAL Name: Hrvatska) | 42864 | GIGANET-HUGigaNetInternetServiceProviderCoHU | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.95.169.133 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Gafgyt Mirai | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GIGANET-HUGigaNetInternetServiceProviderCoHU | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Process: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File Type: | |
Category: | dropped |
Size (bytes): | 5128 |
Entropy (8bit): | 4.457618060812407 |
Encrypted: | false |
SSDEEP: | 96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv |
MD5: | 2A2A7C34B585CDAE5E123F3C5100C253 |
SHA1: | E814B1B1531B25581DB76CB813C85E53E1390BA4 |
SHA-256: | BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04 |
SHA-512: | CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.2549686443313695 |
TrID: |
|
File name: | boatnet.m68k.elf |
File size: | 54'932 bytes |
MD5: | 64ea5827475b29403a107918e774f979 |
SHA1: | 3a637721dcde2ef5729ca91a964d3d966d7bd7ac |
SHA256: | addac9fe0719319da726b5efaac976d0136282ce1668ef0fb9d6990dbe4b70ba |
SHA512: | 0b9427f4e9057eebfae7ec71440adb380d83e202c9beb5087ff0f665d522d68104a44f6c78babc6b96e843515f69e55d4a66f39f6a0297964987d670d94e9ed0 |
SSDEEP: | 768:gduPBFnHooqR8qOCKq2cH4Kg9e+TK806MMUVjzkfQXObHud2oG4:r/hqaJMDg9eqK806MHdkfQX6HuC4 |
TLSH: | 7B330A8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85 |
File Content Preview: | .ELF.......................D...4.........4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 54532 |
Section Header Size: | 40 |
Number of Section Headers: | 10 |
Header String Table Index: | 9 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0xc12e | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x8000c1d6 | 0xc1d6 | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x8000c1e4 | 0xc1e4 | 0x10b2 | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x8000f29c | 0xd29c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x8000f2a4 | 0xd2a4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x8000f2b0 | 0xd2b0 | 0x214 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x8000f4c4 | 0xd4c4 | 0x2a0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xd4c4 | 0x3e | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0xd296 | 0xd296 | 6.2906 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0xd29c | 0x8000f29c | 0x8000f29c | 0x228 | 0x4c8 | 3.0346 | 0x6 | RW | 0x2000 | .ctors .dtors .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 130
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 9, 2025 21:18:03.029918909 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.034987926 CET | 3778 | 35508 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.035054922 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.080641985 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.085483074 CET | 3778 | 35508 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.085535049 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.090884924 CET | 3778 | 35508 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.715467930 CET | 3778 | 35508 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.715758085 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.715758085 CET | 35508 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.717426062 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.723170042 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.723336935 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.724581957 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.730236053 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:03.730284929 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:03.735980988 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.562505960 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.562714100 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.562724113 CET | 3778 | 35510 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.562766075 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.562766075 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.562777042 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.562812090 CET | 35510 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.563728094 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.569488049 CET | 3778 | 35512 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.569612026 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.570544004 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.576071978 CET | 3778 | 35512 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:04.576122999 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:04.581796885 CET | 3778 | 35512 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.238944054 CET | 3778 | 35512 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.239069939 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.239152908 CET | 35512 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.240046978 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.244852066 CET | 3778 | 35514 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.244909048 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.245661974 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.250428915 CET | 3778 | 35514 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.250477076 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.255230904 CET | 3778 | 35514 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.898382902 CET | 3778 | 35514 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.898677111 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.898818016 CET | 35514 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.901251078 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.906119108 CET | 3778 | 35516 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.906213999 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.907236099 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.912412882 CET | 3778 | 35516 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:05.912468910 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:05.917373896 CET | 3778 | 35516 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:06.557465076 CET | 3778 | 35516 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:06.557634115 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.557729006 CET | 35516 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.558504105 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.563335896 CET | 3778 | 35518 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:06.563409090 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.564439058 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.570523024 CET | 3778 | 35518 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:06.570583105 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:06.575357914 CET | 3778 | 35518 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.244087934 CET | 3778 | 35518 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.244302988 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.244302988 CET | 35518 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.245075941 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.249883890 CET | 3778 | 35520 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.249944925 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.250745058 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.255599022 CET | 3778 | 35520 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.255665064 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.260436058 CET | 3778 | 35520 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.907437086 CET | 3778 | 35520 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.907640934 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.907746077 CET | 35520 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.908267021 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.913330078 CET | 3778 | 35522 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.913444996 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.914407015 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.919182062 CET | 3778 | 35522 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:07.919233084 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:07.923996925 CET | 3778 | 35522 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:08.566855907 CET | 3778 | 35522 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:08.566898108 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.566943884 CET | 35522 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.567678928 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.574971914 CET | 3778 | 35524 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:08.575108051 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.577644110 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.584350109 CET | 3778 | 35524 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:08.584393024 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:08.589127064 CET | 3778 | 35524 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.253142118 CET | 3778 | 35524 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.253230095 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.253230095 CET | 35524 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.255441904 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.260277033 CET | 3778 | 35526 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.260353088 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.265295029 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.270116091 CET | 3778 | 35526 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.270199060 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.274955034 CET | 3778 | 35526 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.915523052 CET | 3778 | 35526 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.915595055 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.915664911 CET | 35526 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.918025017 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.922841072 CET | 3778 | 35528 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.922910929 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.928286076 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.933065891 CET | 3778 | 35528 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:09.933111906 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:09.937879086 CET | 3778 | 35528 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:10.606470108 CET | 3778 | 35528 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:10.606518984 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.606564045 CET | 35528 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.610409021 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.616022110 CET | 3778 | 35530 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:10.616091013 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.633645058 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.638427973 CET | 3778 | 35530 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:10.638472080 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:10.643241882 CET | 3778 | 35530 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.276129007 CET | 3778 | 35530 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.276307106 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.276307106 CET | 35530 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.280688047 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.285557985 CET | 3778 | 35532 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.285631895 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.304330111 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.310081959 CET | 3778 | 35532 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.310204029 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.315819025 CET | 3778 | 35532 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.945866108 CET | 3778 | 35532 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.945955992 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.945955992 CET | 35532 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.948813915 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.953692913 CET | 3778 | 35534 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.953743935 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.959039927 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.965167046 CET | 3778 | 35534 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:11.965229988 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:11.970099926 CET | 3778 | 35534 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:12.616188049 CET | 3778 | 35534 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:12.616266012 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.616317034 CET | 35534 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.621786118 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.626606941 CET | 3778 | 35536 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:12.626734018 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.641661882 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.646800995 CET | 3778 | 35536 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:12.646846056 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:12.651788950 CET | 3778 | 35536 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.287257910 CET | 3778 | 35536 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.287328959 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.287391901 CET | 35536 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.293553114 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.298458099 CET | 3778 | 35538 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.298513889 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.308573961 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.313349009 CET | 3778 | 35538 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.313416004 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.318165064 CET | 3778 | 35538 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.978241920 CET | 3778 | 35538 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.978313923 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.978348970 CET | 35538 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.981317997 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.986733913 CET | 3778 | 35540 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.986819983 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.992737055 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:13.997925997 CET | 3778 | 35540 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:13.997976065 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.003282070 CET | 3778 | 35540 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:14.649157047 CET | 3778 | 35540 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:14.649224043 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.649293900 CET | 35540 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.658821106 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.663636923 CET | 3778 | 35542 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:14.663691044 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.671732903 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.676522970 CET | 3778 | 35542 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:14.676578045 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:14.681407928 CET | 3778 | 35542 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:15.335479021 CET | 3778 | 35542 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:15.335700989 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.335700989 CET | 35542 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.340322018 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.345182896 CET | 3778 | 35544 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:15.345254898 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.352649927 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.357491970 CET | 3778 | 35544 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:15.357564926 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:15.362359047 CET | 3778 | 35544 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:16.018980980 CET | 3778 | 35544 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:16.019059896 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.019059896 CET | 35544 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.039446115 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.046422005 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:16.046475887 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.079807043 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.086426020 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:16.086472034 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:16.093396902 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:26.082454920 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:18:26.087347031 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:26.279638052 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:18:26.279750109 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:19:26.333472013 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:19:26.338586092 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:19:26.531873941 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:19:26.532004118 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:20:26.574331045 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:20:26.579582930 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:20:26.771740913 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:20:26.771969080 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:21:26.830996990 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Jan 9, 2025 21:21:26.836199999 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:21:27.028585911 CET | 3778 | 35546 | 45.95.169.133 | 192.168.2.15 |
Jan 9, 2025 21:21:27.028712034 CET | 35546 | 3778 | 192.168.2.15 | 45.95.169.133 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 9, 2025 21:20:47.861762047 CET | 34022 | 53 | 192.168.2.15 | 8.8.8.8 |
Jan 9, 2025 21:20:47.861814022 CET | 40595 | 53 | 192.168.2.15 | 8.8.8.8 |
Jan 9, 2025 21:20:47.868388891 CET | 53 | 34022 | 8.8.8.8 | 192.168.2.15 |
Jan 9, 2025 21:20:47.868534088 CET | 53 | 40595 | 8.8.8.8 | 192.168.2.15 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 9, 2025 21:20:47.861762047 CET | 192.168.2.15 | 8.8.8.8 | 0xe952 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 9, 2025 21:20:47.861814022 CET | 192.168.2.15 | 8.8.8.8 | 0x735 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 9, 2025 21:20:47.868388891 CET | 8.8.8.8 | 192.168.2.15 | 0xe952 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Jan 9, 2025 21:20:47.868388891 CET | 8.8.8.8 | 192.168.2.15 | 0xe952 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:18:02 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.m68k.elf |
Arguments: | /tmp/boatnet.m68k.elf |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 20:18:02 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.m68k.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 20:18:02 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.m68k.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 20:18:02 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.m68k.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | - |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/sbin/xfpm-power-backlight-helper |
Arguments: | /usr/sbin/xfpm-power-backlight-helper --get-max-brightness |
File size: | 14656 bytes |
MD5 hash: | 3d221ad23f28ca3259f599b1664e2427 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:18:07 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:18:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/dbus-daemon |
Arguments: | - |
File size: | 249032 bytes |
MD5 hash: | 3089d47e3f3ab84cd81c48fd406d7a8c |
Start time (UTC): | 20:18:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File size: | 112880 bytes |
MD5 hash: | 4c7a0d6d258bb970905b19b84abcd8e9 |
Start time (UTC): | 20:18:18 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 20:18:18 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
File size: | 112872 bytes |
MD5 hash: | eee956f1b227c1d5031f9c61223255d1 |