Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.x86.elf

Overview

General Information

Sample name:boatnet.x86.elf
Analysis ID:1588205
MD5:3650dd2fdd4e6be4d027777f6760383a
SHA1:4f074715f2ed635f8f8c536b9f383dd6ac5214c0
SHA256:40d30fa34b242436fec4b8a503dcfcdd4e57aac55229a30a91e3e67ee2cb59d4
Tags:user-elfdigest
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample is packed with UPX
Sends malformed DNS queries
ELF contains segments with high entropy indicating compressed/encrypted content
Sample contains only a LOAD segment without any section mappings
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1588205
Start date and time:2025-01-10 22:39:12 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.x86.elf
Detection:MAL
Classification:mal68.troj.evad.linELF@0/0@6/0

Warnings

  • VT rate limit hit for: infectedslurs.geek

Runtime Messages

Command:/tmp/boatnet.x86.elf
PID:6247
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
The Peoples Bank of China.
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
6247.1.0000000008048000.000000000804e000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
  • 0x2ba2:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
6247.1.0000000008048000.000000000804e000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x3525:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
6247.1.0000000008048000.000000000804e000.r-x.sdmpLinux_Trojan_Mirai_8aa7b5d3unknownunknown
  • 0x2b72:$a: 8B 4C 24 14 8B 74 24 0C 8B 5C 24 10 85 C9 74 0D 31 D2 8A 04 1A 88

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: boatnet.x86.elfVirustotal: Detection: 22%Perma Link
Source: boatnet.x86.elfReversingLabs: Detection: 28%
Machine Learning detection for sample
Source: boatnet.x86.elfJoe Sandbox ML: detected

Networking

barindex
Sends malformed DNS queries
Source: global trafficDNS traffic detected: malformed DNS query: hiakamai.dyn. [malformed]
Source: global trafficDNS traffic detected: malformed DNS query: infectedslurs.geek. [malformed]
Source: global trafficDNS traffic detected: malformed DNS query: netfags.geek. [malformed]
Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknownUDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknownUDP traffic detected without corresponding DNS query: 178.254.22.166
Source: unknownUDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknownUDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknownUDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknownUDP traffic detected without corresponding DNS query: 185.232.68.212
Source: global trafficDNS traffic detected: DNS query: infectedslurs.geek
Source: global trafficDNS traffic detected: DNS query: freethemonkeys.pirate
Source: global trafficDNS traffic detected: DNS query: hiakamai.dyn. [malformed]
Source: global trafficDNS traffic detected: DNS query: infectedslurs.geek. [malformed]
Source: global trafficDNS traffic detected: DNS query: netfags.geek. [malformed]
Source: boatnet.x86.elfString found in binary or memory: http://upx.sf.net
Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 6247.1.0000000008048000.000000000804e000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engineClassification label: mal68.troj.evad.linELF@0/0@6/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: boatnet.x86.elfSubmission file: segment LOAD with 7.8483 entropy (max. 8.0)

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
Obfuscated Files or Information		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
boatnet.x86.elf22%VirustotalBrowse
boatnet.x86.elf29%ReversingLabsLinux.Backdoor.Mirai
boatnet.x86.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
infectedslurs.geek
172.105.109.175
truetrue
    		unknown
    hiakamai.dyn. [malformed]
    		unknown
    		unknowntrue
      		unknown
      netfags.geek. [malformed]
      		unknown
      		unknowntrue
        		unknown
        infectedslurs.geek. [malformed]
        		unknown
        		unknowntrue
          		unknown
          freethemonkeys.pirate
          		unknown
          		unknowntrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://upx.sf.netboatnet.x86.elffalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              109.202.202.202
              		unknownSwitzerland
              		13030INIT7CHfalse
              172.234.20.31
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              91.189.91.43
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse
              91.189.91.42
              		unknownUnited Kingdom
              		41231CANONICAL-ASGBfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
              172.234.20.31boatnet.m68k.elfGet hashmaliciousUnknownBrowse
                91.189.91.43Space.arm5.elfGet hashmaliciousUnknownBrowse
                  ssd.elfGet hashmaliciousGafgytBrowse
                    arm7.elfGet hashmaliciousMiraiBrowse
                      ssy.elfGet hashmaliciousGafgytBrowse
                        UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                          UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                            wrjkngh4.elfGet hashmaliciousUnknownBrowse
                              fqkjei686.elfGet hashmaliciousUnknownBrowse
                                ngwa5.elfGet hashmaliciousUnknownBrowse
                                  wev86.elfGet hashmaliciousUnknownBrowse
                                    91.189.91.42Space.arm5.elfGet hashmaliciousUnknownBrowse
                                      ssd.elfGet hashmaliciousGafgytBrowse
                                        arm7.elfGet hashmaliciousMiraiBrowse
                                          ssy.elfGet hashmaliciousGafgytBrowse
                                            UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                              UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                                UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                                                  wrjkngh4.elfGet hashmaliciousUnknownBrowse
                                                    fqkjei686.elfGet hashmaliciousUnknownBrowse
                                                      ngwa5.elfGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        infectedslurs.geekvCh0ttyibb.elfGet hashmaliciousUnknownBrowse
                                                        • 204.76.203.15

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CANONICAL-ASGBSpace.arm5.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        boatnet.m68k.elfGet hashmaliciousUnknownBrowse
                                                        • 185.125.190.26
                                                        ssd.elfGet hashmaliciousGafgytBrowse
                                                        • 91.189.91.42
                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 91.189.91.42
                                                        ssy.elfGet hashmaliciousGafgytBrowse
                                                        • 91.189.91.42
                                                        ssh.elfGet hashmaliciousGafgytBrowse
                                                        • 185.125.190.26
                                                        UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 91.189.91.42
                                                        UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 91.189.91.42
                                                        UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                                                        • 91.189.91.42
                                                        wrjkngh4.elfGet hashmaliciousUnknownBrowse
                                                        • 91.189.91.42
                                                        AKAMAI-ASN1EUboatnet.m68k.elfGet hashmaliciousUnknownBrowse
                                                        • 172.234.20.31
                                                        https://payhip.com/b/J12iX/purchasedGet hashmaliciousUnknownBrowse
                                                        • 2.16.168.106
                                                        http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                        • 2.16.168.12
                                                        Bontrageroutdoors_Project_Update_202557516.pdfGet hashmaliciousUnknownBrowse
                                                        • 2.16.238.149
                                                        Message 2.emlGet hashmaliciousUnknownBrowse
                                                        • 2.16.168.101
                                                        Message.emlGet hashmaliciousUnknownBrowse
                                                        • 2.16.168.101
                                                        https://www.filemail.com/d/rxythqchkhluipl?skipreg=trueGet hashmaliciousUnknownBrowse
                                                        • 2.16.238.149
                                                        https://app.planable.io/review/0OPaw36t6M_kGet hashmaliciousHTMLPhisherBrowse
                                                        • 104.124.11.217
                                                        Quarantined Messages(3).zipGet hashmaliciousHTMLPhisherBrowse
                                                        • 2.22.242.90
                                                        https://www.dcamarketintelligence.com/tdtGet hashmaliciousUnknownBrowse
                                                        • 88.221.110.227
                                                        INIT7CHSpace.arm5.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        ssd.elfGet hashmaliciousGafgytBrowse
                                                        • 109.202.202.202
                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 109.202.202.202
                                                        ssy.elfGet hashmaliciousGafgytBrowse
                                                        • 109.202.202.202
                                                        UnHAnaAW.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 109.202.202.202
                                                        UnHAnaAW.arm7.elfGet hashmaliciousMiraiBrowse
                                                        • 109.202.202.202
                                                        UnHAnaAW.sh4.elfGet hashmaliciousMiraiBrowse
                                                        • 109.202.202.202
                                                        wrjkngh4.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        fqkjei686.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202
                                                        ngwa5.elfGet hashmaliciousUnknownBrowse
                                                        • 109.202.202.202

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        No created / dropped files found

                                                        Static File Info

                                                        General

                                                        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                                        Entropy (8bit):7.838340634752311
                                                        TrID:
                                                        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                        File name:boatnet.x86.elf
                                                        File size:15'296 bytes
                                                        MD5:3650dd2fdd4e6be4d027777f6760383a
                                                        SHA1:4f074715f2ed635f8f8c536b9f383dd6ac5214c0
                                                        SHA256:40d30fa34b242436fec4b8a503dcfcdd4e57aac55229a30a91e3e67ee2cb59d4
                                                        SHA512:d51411765b68c9e9ef03f9e0354d7faba9f5211304a0d37c9f6fade6098fee14da0915bc0a6c7c92359dea601c3dfe8f8ed565ea577f41c3a44b38418b31a3fc
                                                        SSDEEP:384:Mslj7EIK6/shzNZ6q5ulqSHTgfviqv9v1R1Q:UhZe4J3m
                                                        TLSH:CB62C021D6BE2C3DD2EACA39512CD8FF4C516AD423EAC910BF4A876D97D50B10974633
                                                        File Content Preview:.ELF.....................B..4...........4. ...(......................:...:..............`...`...`...................Q.td...............................tUPX!........Pb..Pb......[........?d..ELF.......d.......4..`.4. (.......k.-.#..^...........`...........Q

                                                        Static ELF Info

                                                        ELF header

                                                        Class:ELF32
                                                        Data:2's complement, little endian
                                                        Version:1 (current)
                                                        Machine:Intel 80386
                                                        Version Number:0x1
                                                        Type:EXEC (Executable file)
                                                        OS/ABI:UNIX - Linux
                                                        ABI Version:0
                                                        Entry Point Address:0xc042c0
                                                        Flags:0x0
                                                        ELF Header Size:52
                                                        Program Header Offset:52
                                                        Program Header Size:32
                                                        Number of Program Headers:3
                                                        Section Header Offset:0
                                                        Section Header Size:40
                                                        Number of Section Headers:0
                                                        Header String Table Index:0

                                                        Program Segments

                                                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                        LOAD0x00xc010000xc010000x3abb0x3abb7.84830x5R E0x1000
                                                        LOAD0x5600x804e5600x804e5600x00x00.00000x6RW 0x1000
                                                        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 10, 2025 22:39:56.210848093 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:39:56.215912104 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:39:56.216006041 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:39:56.216033936 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:39:56.224704981 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:39:56.224782944 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:39:56.232315063 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:39:56.359757900 CET43928443192.168.2.2391.189.91.42
                                                        Jan 10, 2025 22:40:01.734983921 CET42836443192.168.2.2391.189.91.43
                                                        Jan 10, 2025 22:40:03.526725054 CET4251680192.168.2.23109.202.202.202
                                                        Jan 10, 2025 22:40:06.224776030 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:06.229619980 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:16.836972952 CET43928443192.168.2.2391.189.91.42
                                                        Jan 10, 2025 22:40:17.599909067 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:17.600095987 CET3827825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:17.604973078 CET2559638278172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:23.604346991 CET3828025596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:23.611248016 CET2559638280172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:23.611351013 CET3828025596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:23.614191055 CET3828025596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:23.619003057 CET2559638280172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:23.619334936 CET3828025596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:23.624100924 CET2559638280172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:29.123152971 CET42836443192.168.2.2391.189.91.43
                                                        Jan 10, 2025 22:40:33.218556881 CET4251680192.168.2.23109.202.202.202
                                                        Jan 10, 2025 22:40:44.971621990 CET2559638280172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:44.971936941 CET3828025596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:44.976859093 CET2559638280172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:45.989434958 CET3828225596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:45.994251966 CET2559638282172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:45.994360924 CET3828225596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:45.994421959 CET3828225596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:45.999238968 CET2559638282172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:45.999320984 CET3828225596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:40:46.004179001 CET2559638282172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:40:57.791148901 CET43928443192.168.2.2391.189.91.42
                                                        Jan 10, 2025 22:41:07.363300085 CET2559638282172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:07.363528013 CET3828225596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:07.368382931 CET2559638282172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:08.382375956 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:08.387346029 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:08.387422085 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:08.387485027 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:08.392241001 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:08.392299891 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:08.397119045 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:18.396342039 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:18.401314020 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:29.773334026 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:29.773654938 CET3828425596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:29.778630972 CET2559638284172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:35.775872946 CET3828625596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:35.780771971 CET2559638286172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:35.781045914 CET3828625596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:35.781045914 CET3828625596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:35.785880089 CET2559638286172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:35.785952091 CET3828625596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:35.791273117 CET2559638286172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:57.197319031 CET2559638286172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:57.197743893 CET3828625596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:57.202538013 CET2559638286172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:58.216953039 CET3828825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:58.221749067 CET2559638288172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:58.221820116 CET3828825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:58.221853971 CET3828825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:58.226670027 CET2559638288172.234.20.31192.168.2.23
                                                        Jan 10, 2025 22:41:58.226733923 CET3828825596192.168.2.23172.234.20.31
                                                        Jan 10, 2025 22:41:58.231535912 CET2559638288172.234.20.31192.168.2.23

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 10, 2025 22:39:56.183193922 CET4670153192.168.2.23217.160.70.42
                                                        Jan 10, 2025 22:39:56.210659981 CET5346701217.160.70.42192.168.2.23
                                                        Jan 10, 2025 22:40:18.601681948 CET5816953192.168.2.23178.254.22.166
                                                        Jan 10, 2025 22:40:45.973969936 CET3741653192.168.2.2351.158.108.203
                                                        Jan 10, 2025 22:40:45.989090919 CET533741651.158.108.203192.168.2.23
                                                        Jan 10, 2025 22:41:08.364973068 CET4344653192.168.2.23152.53.15.127
                                                        Jan 10, 2025 22:41:08.382122993 CET5343446152.53.15.127192.168.2.23
                                                        Jan 10, 2025 22:41:30.775944948 CET3631253192.168.2.2351.254.162.59
                                                        Jan 10, 2025 22:41:58.199456930 CET4460353192.168.2.23185.232.68.212
                                                        Jan 10, 2025 22:41:58.216794968 CET5344603185.232.68.212192.168.2.23

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Jan 10, 2025 22:39:56.183193922 CET192.168.2.23217.160.70.420x12b5Standard query (0)infectedslurs.geekA (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:40:18.601681948 CET192.168.2.23178.254.22.1660x4a41Standard query (0)freethemonkeys.pirateA (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:40:45.973969936 CET192.168.2.2351.158.108.2030xd6e3Standard query (0)hiakamai.dyn. [malformed]256477false
                                                        Jan 10, 2025 22:41:08.364973068 CET192.168.2.23152.53.15.1270x74eStandard query (0)hiakamai.dyn. [malformed]256500false
                                                        Jan 10, 2025 22:41:30.775944948 CET192.168.2.2351.254.162.590xede9Standard query (0)infectedslurs.geek. [malformed]256271false
                                                        Jan 10, 2025 22:41:58.199456930 CET192.168.2.23185.232.68.2120x300fStandard query (0)netfags.geek. [malformed]256294false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.105.109.175A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek170.187.181.188A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek74.207.230.91A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek45.79.236.13A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.236.61.194A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek104.237.135.249A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.104.165.127A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek192.46.236.113A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.236.11.132A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.236.28.137A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.232.34.247A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.105.120.101A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.233.66.46A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek172.234.20.31A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:39:56.210659981 CET217.160.70.42192.168.2.230x12b5No error (0)infectedslurs.geek104.237.135.234A (IP address)IN (0x0001)false
                                                        Jan 10, 2025 22:40:45.989090919 CET51.158.108.203192.168.2.230xd6e3Format error (1)hiakamai.dyn. [malformed]nonenone256477false
                                                        Jan 10, 2025 22:41:08.382122993 CET152.53.15.127192.168.2.230x74eFormat error (1)hiakamai.dyn. [malformed]nonenone256500false

                                                        System Behavior

                                                        General

                                                        Start time (UTC):21:39:55
                                                        Start date (UTC):10/01/2025
                                                        Path:/tmp/boatnet.x86.elf
                                                        Arguments:/tmp/boatnet.x86.elf
                                                        File size:15296 bytes
                                                        MD5 hash:3650dd2fdd4e6be4d027777f6760383a

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):21:39:55
                                                        Start date (UTC):10/01/2025
                                                        Path:/tmp/boatnet.x86.elf
                                                        Arguments:-
                                                        File size:15296 bytes
                                                        MD5 hash:3650dd2fdd4e6be4d027777f6760383a

                                                        Chronological Activities


                                                        General

                                                        Start time (UTC):21:39:55
                                                        Start date (UTC):10/01/2025
                                                        Path:/tmp/boatnet.x86.elf
                                                        Arguments:-
                                                        File size:15296 bytes
                                                        MD5 hash:3650dd2fdd4e6be4d027777f6760383a

                                                        Chronological Activities