Linux
Analysis Report
boatnet.mpsl.elf
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1587022 |
Start date and time: | 2025-01-09 21:26:10 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | boatnet.mpsl.elf |
Detection: | MAL |
Classification: | mal80.spre.troj.evad.linELF@0/0@2/0 |
- VT rate limit hit for: boatnet.mpsl.elf
Command: | /tmp/boatnet.mpsl.elf |
PID: | 5456 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | lzrd cock fest"/proc/"/exe |
Standard Error: |
- system is lnxubuntu20
- boatnet.mpsl.elf New Fork (PID: 5458, Parent: 5456)
- boatnet.mpsl.elf New Fork (PID: 5460, Parent: 5456)
- boatnet.mpsl.elf New Fork (PID: 5462, Parent: 5456)
- xfce4-panel New Fork (PID: 5473, Parent: 3147)
- xfce4-panel New Fork (PID: 5474, Parent: 3147)
- xfce4-panel New Fork (PID: 5475, Parent: 3147)
- xfce4-panel New Fork (PID: 5476, Parent: 3147)
- wrapper-2.0 New Fork (PID: 5495, Parent: 5476)
- xfce4-panel New Fork (PID: 5477, Parent: 3147)
- xfce4-panel New Fork (PID: 5478, Parent: 3147)
- dbus-daemon New Fork (PID: 5494, Parent: 5493)
- systemd New Fork (PID: 5505, Parent: 2935)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Linux_Trojan_Gafgyt_ea92cca8 | unknown | unknown |
| |
JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | ||
Linux_Trojan_Gafgyt_28a2fe0c | unknown | unknown |
| |
Click to see the 13 entries |
- • AV Detection
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Program segment: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Data Obfuscation |
---|
Source: | String containing UPX found: | ||
Source: | String containing UPX found: | ||
Source: | String containing UPX found: |
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior | ||
Source: | Directory: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Submission file: |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | 1 Service Stop |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Obfuscated Files or Information | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Linux.Trojan.Mirai | ||
100% | Avira | EXP/ELF.Agent.M.28 |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
daisy.ubuntu.com | 162.213.35.25 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.95.169.133 | unknown | Croatia (LOCAL Name: Hrvatska) | 42864 | GIGANET-HUGigaNetInternetServiceProviderCoHU | false | |
185.125.190.26 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
45.95.169.133 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
185.125.190.26 | Get hash | malicious | Mirai | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Mirai, Gafgyt | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
daisy.ubuntu.com | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GIGANET-HUGigaNetInternetServiceProviderCoHU | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
File type: | |
Entropy (8bit): | 7.861719475077072 |
TrID: |
|
File name: | boatnet.mpsl.elf |
File size: | 24'912 bytes |
MD5: | 1d9dc98703e076d1399e4fcbe53b7174 |
SHA1: | 69621db0aaaf185700170311f70972a633ccd591 |
SHA256: | 63e07fb3c7f08140901b1b8485fac33ce510f93547e4677fa8890596245e25b2 |
SHA512: | 62faa5691fc29bf92411558aae5fd001142ad03fa49156418630103a108eba293760bab5c84f11db810942d5fa31a965d301e3eb8a942eb268ea19bfeb0185ed |
SSDEEP: | 768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpPiZqSWvE:4QlS07FUXqIYSXQKqueqc |
TLSH: | B5B2C0CD61543084CA8D7C7C278D4A664F6CA190BAEDDF26E350CD9873BEA4B345D079 |
File Content Preview: | .ELF.....................L..4...........4. ...(......................`...`..............X*..X*E.X*E.................e..ZUPX!d.......X)..X)......T..........?.E.h;....#......b.L#4..2..>.9.....|\.8a^...7.0G)......"B'.l.u...C..D.....J.j...3.....I............. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 2 |
Section Header Offset: | 0 |
Section Header Size: | 40 |
Number of Section Headers: | 0 |
Header String Table Index: | 0 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x100000 | 0x100000 | 0x601d | 0x601d | 7.8662 | 0x5 | R E | 0x10000 | ||
LOAD | 0x2a58 | 0x452a58 | 0x452a58 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Download Network PCAP: filtered – full
- Total Packets: 52
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 9, 2025 21:27:01.510051012 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:01.515098095 CET | 3778 | 35952 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:01.515172005 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:01.565435886 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:01.570307970 CET | 3778 | 35952 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:01.570368052 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:01.575308084 CET | 3778 | 35952 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.182210922 CET | 3778 | 35952 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.182360888 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.182758093 CET | 35952 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.183372974 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.188276052 CET | 3778 | 35954 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.188360929 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.189099073 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.193907022 CET | 3778 | 35954 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.193977118 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.198800087 CET | 3778 | 35954 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.859803915 CET | 3778 | 35954 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.860167027 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.860167027 CET | 35954 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.861325979 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.866275072 CET | 3778 | 35956 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.866352081 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.868060112 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.872965097 CET | 3778 | 35956 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:02.873030901 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:02.877880096 CET | 3778 | 35956 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:03.517343998 CET | 3778 | 35956 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:03.517678022 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.517678022 CET | 35956 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.518335104 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.523190975 CET | 3778 | 35958 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:03.523261070 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.523955107 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.528783083 CET | 3778 | 35958 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:03.528839111 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:03.533669949 CET | 3778 | 35958 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.185955048 CET | 3778 | 35958 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.186228991 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.186228991 CET | 35958 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.186773062 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.192033052 CET | 3778 | 35960 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.192092896 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.193048000 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.198163033 CET | 3778 | 35960 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.198213100 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.203275919 CET | 3778 | 35960 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.887468100 CET | 3778 | 35960 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.887672901 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.887753963 CET | 35960 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.888235092 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.893080950 CET | 3778 | 35962 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.893170118 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.893959045 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.898813009 CET | 3778 | 35962 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:04.898873091 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:04.903805017 CET | 3778 | 35962 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:05.545022964 CET | 3778 | 35962 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:05.545149088 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.545296907 CET | 35962 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.545876026 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.550744057 CET | 3778 | 35964 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:05.550798893 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.551572084 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.556443930 CET | 3778 | 35964 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:05.556493044 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:05.561321020 CET | 3778 | 35964 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.227073908 CET | 3778 | 35964 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.227385044 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.227385044 CET | 35964 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.228030920 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.232924938 CET | 3778 | 35966 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.233014107 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.233989000 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.238840103 CET | 3778 | 35966 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.238922119 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:06.243827105 CET | 3778 | 35966 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.922951937 CET | 3778 | 35966 | 45.95.169.133 | 192.168.2.13 |
Jan 9, 2025 21:27:06.923052073 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:07.009951115 CET | 35966 | 3778 | 192.168.2.13 | 45.95.169.133 |
Jan 9, 2025 21:27:12.194775105 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Jan 9, 2025 21:27:42.658915997 CET | 48202 | 443 | 192.168.2.13 | 185.125.190.26 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 9, 2025 21:29:46.253464937 CET | 41722 | 53 | 192.168.2.13 | 1.1.1.1 |
Jan 9, 2025 21:29:46.253546953 CET | 42844 | 53 | 192.168.2.13 | 1.1.1.1 |
Jan 9, 2025 21:29:46.261460066 CET | 53 | 42844 | 1.1.1.1 | 192.168.2.13 |
Jan 9, 2025 21:29:46.262164116 CET | 53 | 41722 | 1.1.1.1 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jan 9, 2025 21:29:46.253464937 CET | 192.168.2.13 | 1.1.1.1 | 0x2298 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jan 9, 2025 21:29:46.253546953 CET | 192.168.2.13 | 1.1.1.1 | 0xace0 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jan 9, 2025 21:29:46.262164116 CET | 1.1.1.1 | 192.168.2.13 | 0x2298 | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Jan 9, 2025 21:29:46.262164116 CET | 1.1.1.1 | 192.168.2.13 | 0x2298 | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:27:00 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.mpsl.elf |
Arguments: | /tmp/boatnet.mpsl.elf |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:27:00 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.mpsl.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:27:00 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.mpsl.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:27:00 |
Start date (UTC): | 09/01/2025 |
Path: | /tmp/boatnet.mpsl.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | - |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:14 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/sbin/xfpm-power-backlight-helper |
Arguments: | /usr/sbin/xfpm-power-backlight-helper --get-max-brightness |
File size: | 14656 bytes |
MD5 hash: | 3d221ad23f28ca3259f599b1664e2427 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/xfce4-panel |
Arguments: | - |
File size: | 375768 bytes |
MD5 hash: | a15b657c7d54ac1385f1f15004ea6784 |
Start time (UTC): | 20:27:06 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions" |
File size: | 35136 bytes |
MD5 hash: | ac0b8a906f359a8ae102244738682e76 |
Start time (UTC): | 20:27:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/bin/dbus-daemon |
Arguments: | - |
File size: | 249032 bytes |
MD5 hash: | 3089d47e3f3ab84cd81c48fd406d7a8c |
Start time (UTC): | 20:27:13 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd |
File size: | 112880 bytes |
MD5 hash: | 4c7a0d6d258bb970905b19b84abcd8e9 |
Start time (UTC): | 20:27:18 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 20:27:18 |
Start date (UTC): | 09/01/2025 |
Path: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
Arguments: | /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd |
File size: | 112872 bytes |
MD5 hash: | eee956f1b227c1d5031f9c61223255d1 |